I have followed the provider's turorial to configure the VPN and route the traffic.
https://support.surfshark.com/hc/en-us/ ... with-IKEv2
The tunnel is established but when traffic is routed to the VPN web sites are not loading. I can still ping and trace route the web server. The only web site seems to load is https://www.google.com and all http (unenctepted).
When traffinc is not routed to VPN:
Code: Select all
C:\Users\giann>Tracert disney.com
Tracing route to disney.com [130.211.198.204]
over a maximum of 30 hops:
1 1 ms 1 ms 1 ms router [192.168.51.1]
2 2 ms 1 ms 3 ms 192.168.0.1
3 7 ms 9 ms 17 ms 97e7fe9c.skybroadband.com [151.231.254.156]
4 14 ms 15 ms 17 ms 02780b96.bb.sky.com [2.120.11.150]
5 6 ms 7 ms 8 ms 027ff1a3.bb.sky.com [2.127.241.163]
6 100 ms 142 ms 320 ms 204.198.211.130.bc.googleusercontent.com [130.211.198.204]
When traffic is routed to VPN, I can reach the web servers but the web sites are not loading.
Code: Select all
C:\Users\giann>tracert disney.com
Tracing route to disney.com [130.211.198.204]
over a maximum of 30 hops:
1 32 ms 3 ms 1 ms router [192.168.51.1]
2 6 ms 6 ms 6 ms 90.78.44.185.baremetal.zare.com [185.44.78.90]
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 5 ms 6 ms 6 ms 1.78.44.185.baremetal.zare.com [185.44.78.1]
7 7 ms 6 ms 12 ms ae1.rt0-hex.ldn.as25369.net [5.226.136.11]
8 9 ms 10 ms 9 ms 142.250.169.80
9 102 ms 103 ms 99 ms 204.198.211.130.bc.googleusercontent.com [130.211.198.204]
The configurations are
Code: Select all
[admin@MikroTik] > export
# aug/24/2022 19:54:02 by RouterOS 6.48.6
# software id = SSDT-Y18I
#
# model = 2011UiAS-2HnD
# serial number =
/interface bridge
add admin-mac=E4:8D:8C:30:1B:5A auto-mac=no fast-forward=no name=bridge-local
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway speed=100Mbps
set [ find default-name=ether2 ] name=ether2-master-local speed=100Mbps
set [ find default-name=ether3 ] name=ether3-slave-local speed=100Mbps
set [ find default-name=ether4 ] name=ether4-slave-local speed=100Mbps
set [ find default-name=ether5 ] name=ether5-slave-local speed=100Mbps
set [ find default-name=ether6 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=ether6-master-local
set [ find default-name=ether7 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=ether7-slave-local
set [ find default-name=ether8 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=ether8-slave-local
set [ find default-name=ether9 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=ether9-slave-local
set [ find default-name=ether10 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=ether10-slave-local
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=0 band=2ghz-b/g/n channel-width=20/40mhz-Ce country=no_country_set disabled=no distance=indoors frequency=auto frequency-mode=manual-txpower mode=ap-bridge \
ssid=MikroTik-301B63 wireless-protocol=802.11
/interface list
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip ipsec mode-config
add name=FRDB responder=no src-address-list=Test
/ip ipsec policy group
add name=FRBD
/ip ipsec profile
add name=FRBD
/ip ipsec peer
add address=uk-lon.prod.surfshark.com exchange-mode=ike2 name=FRBD profile=FRBD
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc
add name=FRBD pfs-group=none
/ip pool
add name=default-dhcp ranges=192.168.51.10-192.168.51.254
/ip dhcp-server
add address-pool=default-dhcp authoritative=after-2sec-delay disabled=no interface=bridge-local name=default
/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=ether6-master-local
add bridge=bridge-local hw=no interface=sfp1
add bridge=bridge-local interface=wlan1
add bridge=bridge-local interface=ether3-slave-local
add bridge=bridge-local interface=ether4-slave-local
add bridge=bridge-local interface=ether5-slave-local
add bridge=bridge-local interface=ether7-slave-local
add bridge=bridge-local interface=ether8-slave-local
add bridge=bridge-local interface=ether9-slave-local
add bridge=bridge-local interface=ether10-slave-local
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface list member
add interface=sfp1 list=discover
add interface=ether2-master-local list=discover
add interface=ether3-slave-local list=discover
add interface=ether4-slave-local list=discover
add interface=ether5-slave-local list=discover
add interface=ether6-master-local list=discover
add interface=ether7-slave-local list=discover
add interface=ether8-slave-local list=discover
add interface=ether9-slave-local list=discover
add interface=ether10-slave-local list=discover
add interface=wlan1 list=discover
add interface=bridge-local list=discover
add interface=ether2-master-local list=mactel
add interface=ether3-slave-local list=mactel
add interface=ether2-master-local list=mac-winbox
add interface=ether4-slave-local list=mactel
add interface=ether3-slave-local list=mac-winbox
add interface=ether5-slave-local list=mactel
add interface=ether6-master-local list=mactel
add interface=ether7-slave-local list=mactel
add interface=ether4-slave-local list=mac-winbox
add interface=ether8-slave-local list=mactel
add interface=ether5-slave-local list=mac-winbox
add interface=ether9-slave-local list=mactel
add interface=ether6-master-local list=mac-winbox
add interface=ether10-slave-local list=mactel
add interface=ether7-slave-local list=mac-winbox
add interface=sfp1 list=mactel
add interface=ether8-slave-local list=mac-winbox
add interface=wlan1 list=mactel
add interface=ether9-slave-local list=mac-winbox
add interface=bridge-local list=mactel
add interface=ether10-slave-local list=mac-winbox
add interface=sfp1 list=mac-winbox
add interface=wlan1 list=mac-winbox
add interface=bridge-local list=mac-winbox
/ip address
add address=192.168.51.1/24 comment="default configuration" interface=bridge-local network=192.168.51.0
/ip dhcp-client
add comment="default configuration" disabled=no interface=ether1-gateway
/ip dhcp-server network
add address=192.168.51.0/24 comment="default configuration" gateway=192.168.51.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.51.1 name=router
/ip firewall address-list
add address=192.168.51.0/24 list=Test
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" out-interface=ether1-gateway
/ip ipsec identity
add auth-method=eap certificate=Surfshark eap-methods=eap-mschapv2 generate-policy=port-strict mode-config=FRDB password= peer=FRBD policy-template-group=FRBD username=
/ip ipsec policy
add dst-address=0.0.0.0/0 group=FRBD proposal=FRBD src-address=0.0.0.0/0 template=yes
/ip ssh
set host-key-size=1024
/lcd interface pages
set 0 interfaces=\
sfp1,ether1-gateway,ether2-master-local,ether3-slave-local,ether4-slave-local,ether5-slave-local,ether6-master-local,ether7-slave-local,ether8-slave-local,ether9-slave-local,ether10-slave-local
/system clock
set time-zone-name=Europe/London
/system package update
set channel=long-term
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox