I have a RB493G router which serves a LAN and is connected to the Internet via one PPPoE connection (wan). In our country (Romania) some services from USA aren't available (netflix, pandora) because of copyright issues. I have found a way to access those services using an USA VPN provider (PureVPN in my case).
I configure the VPN on my laptop and I instantly have access to netflix and pandora. I have 2 devices on my network that I want to access the netflix and pandora services so I thought I'd configure the VPN client on the MT router and using Policy Routing I would route the connections initiated from those two devices via the PureVPN interface (pvpn-us).
Interfaces
Code: Select all
Flags: D - dynamic, X - disabled, R - running, S - slave
10 R ;;; Family Local Area Network - LAN.
name="flan" type="bridge" mtu=1500 l2mtu=1520
13 R ;;; RDS Internet connection.
name="wan" type="pppoe-out" mtu=1480
18 R name="pvpn-us" type="pptp-out" mtu=1400
Code: Select all
[admin@MikroTik] > /ip address print detail
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; default configuration
address=192.168.88.1/24 network=192.168.88.0 interface=ether1 actual-interface=ether1
1 ;;; Family network interface.
address=172.21.0.1/24 network=172.21.0.0 interface=flan actual-interface=flan
3 D address=86.126.83.149/32 network=10.0.0.1 interface=wan actual-interface=wan
5 D address=10.3.3.4/32 network=10.3.3.2 interface=pvpn-us actual-interface=pvpn-us
Code: Select all
[admin@MikroTik] > /ip firewall mangle print detail
Flags: X - disabled, I - invalid, D - dynamic
0 chain=prerouting action=mark-routing new-routing-mark=VPN-US passthrough=yes
src-address=172.21.0.65-172.21.0.66
Code: Select all
[admin@MikroTik] > /ip route rule print detail
Flags: X - disabled, I - inactive
0 dst-address=192.168.88.0/24 action=lookup table=main
1 dst-address=172.21.0.0/24 action=lookup table=main
2 dst-address=172.21.1.0/24 action=lookup table=main
3 routing-mark=VPN-US action=lookup table=VPN-US
Code: Select all
[admin@MikroTik] > /ip route print detail
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
0 A S dst-address=0.0.0.0/0 gateway=10.3.3.2 gateway-status=10.3.3.2 reachable pvpn-us distance=1
scope=30 target-scope=10 routing-mark=VPN-US
1 ADS dst-address=0.0.0.0/0 gateway=10.0.0.1 gateway-status=10.0.0.1 reachable wan distance=1
scope=30 target-scope=10
2 ADC dst-address=10.0.0.1/32 pref-src=86.xx.xxx.x gateway=wan gateway-status=wan reachable
distance=0 scope=10
3 ADC dst-address=10.3.3.2/32 pref-src=10.3.3.4 gateway=pvpn-us gateway-status=pvpn-us reachable
distance=0 scope=10
4 ADC dst-address=172.21.0.0/24 pref-src=172.21.0.1 gateway=flan gateway-status=flan reachable
distance=0 scope=10
5 ADC dst-address=192.168.88.0/24 pref-src=192.168.88.1 gateway=ether1
gateway-status=ether1 unreachable distance=0 scope=200
Code: Select all
[admin@MikroTik] > /ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=masquerade out-interface=wan
1 chain=srcnat action=masquerade out-interface=pvpn-us
Thank you,
Vali