Hi All,
I have 4 WAN connected to my mikrotik router, and I set Load Balancing for it, then I has 1 DHCP Local port, Let say if I want to route only certain website through PPTP VPN, how can I do that? example access youtube using VPN, but not facebook?
IP - FRIREWALL- NAT you do a layer7 compare. You lookup the line with the MASQ going out to the internet (pppoe-outX) and copy that line and point that to you VPN connection and apply. Now move that line above the normal internet out line. As long the VPN is not up the line is coloured red.
Now filter though Layer7 YouTube in that VPN line and when it is up all YouTube stuff goes goes through this line and all the rest is going out through the line below.
If you’re looking for stuff using L7 matcher, you won’t see it immediately in first packet (for TCP connections, it’s just SYN packet without any useful info). It may be good enough if you want to block it, but not otherwise. If you don’t route first packet the right way, then it’s too late to do it for following ones.
You can find address ranges used by your service and route them through tunnel. E.g. addresses used by Google are here. Select Prefixes v4 on top and add them as routes via your tunnel. There are two problems with this approach, the list is not guaranteed to be static and you can’t choose just one Google’s service, because you don’t know what they use each range for (and it can also change).
You have better results when switching off fasttracking. A small list of the Google domains you find at the bottom of this page
https://www.security.nl/posting/518552/Leve+Glasswire
I have still to find out how use the AS list to block damains in one go and have the updates so delivered automatically.