Community discussions

MikroTik App

Search found 12 matches

by ztx
Mon Feb 01, 2021 2:36 am
Forum: Useful user articles
Topic: NordVPN (IPSEC/IKEv2) + killswitch (For ROS6)
Replies: 26
Views: 4233

Re: NordVPN (IPSEC/IKEv2) + killswitch (For ROS6)

Hi, i have the hex S router and i followed the instructions in the first post to the letter, only changing the nordvpn server and password, and not implementing the kill switch. all the configuration was done after the router was reset to factory defaults, FW 6.48. when i try to use a pc through th...
by ztx
Thu Jan 28, 2021 4:21 am
Forum: Useful user articles
Topic: NordVPN (IPSEC/IKEv2) + killswitch (For ROS6)
Replies: 26
Views: 4233

Re: NordVPN (IPSEC/IKEv2) + killswitch (For ROS6)

/ip firewall mangle add action=mark-connection chain=prerouting dst-address-list=!no_vpn dst-address-type=!local new-connection-mark=under_vpn passthrough=yes /ip firewall mangle add chain=prerouting connection-mark=under_vpn action=mark-routing new-routing-mark=to_vpn passthrough=yes The above con...
by ztx
Wed Jan 27, 2021 7:37 am
Forum: Useful user articles
Topic: NordVPN (IPSEC/IKEv2) + killswitch (For ROS6)
Replies: 26
Views: 4233

Re: NordVPN (IPSEC/IKEv2) + killswitch (For ROS6)

/ip firewall mangle add action=mark-connection chain=prerouting dst-address-list=under_vpn new-connection-mark=under_vpn passthrough=yes Since connection is marked, what about use mark routing in the killswitch base of the connection-mark /ip firewall mangle add chain=prerouting connection-mark=und...
by ztx
Thu Dec 24, 2020 4:27 pm
Forum: General
Topic: Nordvpn IPsec Mikrotik Routing
Replies: 15
Views: 2166

Re: Nordvpn IPsec Mikrotik Routing

Looks like it's because of the src-address-list=Lan.
/ip ipsec mode-config
add connection-mark=VPN name=PureIKEV2 responder=no src-address-list=Lan \
    use-responder-dns=no
by ztx
Thu Dec 24, 2020 1:24 pm
Forum: Useful user articles
Topic: NordVPN (IPSEC/IKEv2) + killswitch (For ROS6)
Replies: 26
Views: 4233

Re: NordVPN (IPSEC/IKEv2) + killswitch (For ROS6)

With use case #2, how to killswitch websites like youtube.com that with multiple IP address? You can't, because: Note: You can't effectively route all the traffic of Youtube, Netflix or any other big websites through VPN. They have many different domains and IP addresses which constantly change. In...
by ztx
Thu Dec 24, 2020 6:56 am
Forum: Useful user articles
Topic: NordVPN (IPSEC/IKEv2) + killswitch (For ROS6)
Replies: 26
Views: 4233

Re: NordVPN (IPSEC/IKEv2) + killswitch (For ROS6)

With use case #2, how to killswitch websites like youtube.com that with multiple IP address?
by ztx
Thu Dec 24, 2020 5:20 am
Forum: General
Topic: Nordvpn IPsec Mikrotik Routing
Replies: 15
Views: 2166

Re: Nordvpn IPsec Mikrotik Routing

The easiest way is to configure connection-mark=via-NordVPN in the /ip ipsec mode-config row you use for the NordVPN identity, and use mangle rules to assign that connection-mark to connections you want to use the VPN: /ip firewall mangle add chain=prerouting dst-address-list=VPN-destinations conne...
by ztx
Wed Jul 03, 2019 12:09 pm
Forum: General
Topic: NordVpn and mikrotik?
Replies: 22
Views: 7264

Re: NordVpn and mikrotik?

Thanks sindy! Your script worked.
I tried find address from ipsec policy by peer get the ip too.
local currentIP [/ip ipsec policy get [find peer~"pure"] src-address];
So I can routing package by set the routing-mark of the source nat,
by ztx
Wed Jul 03, 2019 9:18 am
Forum: General
Topic: NordVpn and mikrotik?
Replies: 22
Views: 7264

Re: NordVpn and mikrotik?

when connected, the src-address in ipsec policy is the current ip address asinged by ikev2, is there a way to use this ip in script?
by ztx
Sun Jun 30, 2019 9:36 am
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 305
Views: 106367

Re: v6.45beta [testing] is released!

msatter All EAP methods require at least the root CA certificate for IKEv2. On Windows, it is possible, that the CA certificate is already in the Trusted Windows Certificate store so you do not have to import anything. Either ask your provider for the CA certificate or try finding out which certifi...
by ztx
Sat Jun 29, 2019 9:00 pm
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 305
Views: 106367

Re: v6.45beta [testing] is released!

Have a look at this page for NordVPN, if your provider has no specific certificate then you need the root cert from/for that provider https://wiki.mikrotik.com/wiki/IKEv2_EAP_between_NordVPN_and_RouterOS In windows, it needs username and password only. I found a setup guide for strongswan: 1. launc...
by ztx
Sat Jun 29, 2019 5:13 pm
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 305
Views: 106367

Re: v6.45beta [testing] is released!

Version 6.45beta62 has been released.


!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator;
I can connect to a vpn server in windows using ikev2 with username and password only, can this work on routeros?