The complete config: # jan/02/2023 12:05:58 by RouterOS 7.6 # software id = 2HJX-8QY4 # # model = RB2011UiAS-2HnD # serial number = /interface bridge add admin-mac=E4:8D:8C:1A:1D:AA auto-mac=no comment=defconf name=bridge /interface wireless set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-wi...

I'm tried to set up set up wireguard VPN on my rb4011, but it didn't work, help needed. Below is the configuration file I download from vpn provider: [Interface] PrivateKey=[int_privatekey=] Address=172.18.x.y DNS=69.25.114.211,69.25.114.213 [Peer] PublicKey=[peer_publickey=] AllowedIPs=0.0.0.0/0 E...

Thanks for the reply, the configuration will be posted when I back to work. Why are you mangling??? I‘m in china, the VPN service is used to access websites such as youtube which is blocked by the GFW. I'm a novice, I set up the VPN client based on a tutorial article from the internet, mangle is use...

I'm tried to set up set up wireguard VPN on my rb4011, but it didn't work, help needed. Below is the configuration file I download from vpn provider: [Interface] PrivateKey=[int_privatekey=] Address=172.18.x.y DNS=69.25.114.211,69.25.114.213 [Peer] PublicKey=[peer_publickey=] AllowedIPs=0.0.0.0/0 En...

Updated to 7.1 stable from 6.49.2, my rb4001 still crashing.

Hi, i have the hex S router and i followed the instructions in the first post to the letter, only changing the nordvpn server and password, and not implementing the kill switch. all the configuration was done after the router was reset to factory defaults, FW 6.48. when i try to use a pc through th...

/ip firewall mangle add action=mark-connection chain=prerouting dst-address-list=!no_vpn dst-address-type=!local new-connection-mark=under_vpn passthrough=yes /ip firewall mangle add chain=prerouting connection-mark=under_vpn action=mark-routing new-routing-mark=to_vpn passthrough=yes The above con...

/ip firewall mangle add action=mark-connection chain=prerouting dst-address-list=under_vpn new-connection-mark=under_vpn passthrough=yes Since connection is marked, what about use mark routing in the killswitch base of the connection-mark /ip firewall mangle add chain=prerouting connection-mark=und...

Looks like it's because of the src-address-list=Lan.

With use case #2, how to killswitch websites like youtube.com that with multiple IP address? You can't, because: Note: You can't effectively route all the traffic of Youtube, Netflix or any other big websites through VPN. They have many different domains and IP addresses which constantly change. In...

With use case #2, how to killswitch websites like youtube.com that with multiple IP address?

The easiest way is to configure connection-mark=via-NordVPN in the /ip ipsec mode-config row you use for the NordVPN identity, and use mangle rules to assign that connection-mark to connections you want to use the VPN: /ip firewall mangle add chain=prerouting dst-address-list=VPN-destinations conne...

Thanks sindy! Your script worked.
I tried find address from ipsec policy by peer get the ip too. So I can routing package by set the routing-mark of the source nat,

when connected, the src-address in ipsec policy is the current ip address asinged by ikev2, is there a way to use this ip in script?

msatter All EAP methods require at least the root CA certificate for IKEv2. On Windows, it is possible, that the CA certificate is already in the Trusted Windows Certificate store so you do not have to import anything. Either ask your provider for the CA certificate or try finding out which certifi...

Have a look at this page for NordVPN, if your provider has no specific certificate then you need the root cert from/for that provider https://wiki.mikrotik.com/wiki/IKEv2_EAP_between_NordVPN_and_RouterOS In windows, it needs username and password only. I found a setup guide for strongswan: 1. launc...

Version 6.45beta62 has been released.


!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator;

I can connect to a vpn server in windows using ikev2 with username and password only, can this work on routeros?