A while back, I enrolled in PureVPN for my home. I setup the PureVPN on my Mikrotik following these instructions: https://support.purevpn.com/mikrotik-configuration.
I want to completely remove the PureVPN setup. I have tried reversing the instructions, but when I do, my internal network keeps working, but I can no longer access the internet.
I copied my setup below (I got rid of a lot of the extra settings that I know have no bearing on the issue). Anything with a comment “PureVPN” was done according to the instructions above.
Guys, can you help me out and get me off this VPN? Thanks!
/interface bridge
add arp=proxy-arp mtu=1500 name=bridge1
/interface ethernet
set [ find default-name=ether1 ] l2mtu=1598 name=ether1-LAN
set [ find default-name=ether2 ] l2mtu=1598 name=ether2-WAN
set [ find default-name=ether3 ] l2mtu=1598 name=ether3-LAN
set [ find default-name=ether4 ] l2mtu=1598 name=ether4-LAN
set [ find default-name=ether5 ] l2mtu=1598 name=ether5-LAN
set [ find default-name=ether6 ] l2mtu=1598 name=ether6-LAN
set [ find default-name=ether7 ] l2mtu=1598 name=ether7-LAN
set [ find default-name=ether8 ] l2mtu=1598 name=ether8-LAN
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce country="united states" disabled=no distance=indoors frequency=2442 mode=ap-bridge ssid="********" wireless-protocol=802.11
/interface pptp-client
add add-default-route=yes comment=PureVPN connect-to=abcgo.pointtoserver.com default-route-distance=0 dial-on-demand=yes disabled=no name=PureVPN-PPTP password=****** user=purevpn*****
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" group-ciphers=tkip,aes-ccm group-key-update=1h mode=dynamic-keys supplicant-identity=MikroTik unicast-ciphers=tkip,aes-ccm wpa-pre-shared-key=****** wpa2-pre-shared-key=******
add authentication-types=wpa2-psk eap-methods="" group-key-update=1h management-protection=allowed name=NSA supplicant-identity="" wpa2-pre-shared-key=*****
/interface wireless
add disabled=no keepalive-frames=disabled mac-address=4E:5E:0C:A5:1F:61 master-interface=wlan1 multicast-buffering=disabled name=wlan2 security-profile=***** ssid="******" wds-cost-range=0 wds-default-cost=0
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ip pool
add name=dhcp_pool1 ranges=192.168.15.100-192.168.15.150
add name=dhcp_pool2 ranges=10.0.0.0/24
add name=dhcp_pool3 ranges=10.0.0.2-10.0.0.254
add name=pptp-pool ranges=192.168.15.10-192.168.15.20
/ip dhcp-server
add address-pool=dhcp_pool1 authoritative=after-2sec-delay disabled=no interface=bridge1 lease-time=5d name=dhcp1
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/tool user-manager customer
set admin access=own-routers,own-users,own-profiles,own-limits,config-payment-gw
/interface bridge port
add bridge=bridge1 interface=wlan1
add bridge=bridge1 hw=no interface=ether1-LAN
add bridge=bridge1 hw=no interface=ether4-LAN
add bridge=bridge1 hw=no interface=sfp1
add bridge=bridge1 hw=no interface=ether5-LAN
add bridge=bridge1 hw=no interface=ether6-LAN
add bridge=bridge1 hw=no interface=ether7-LAN
add bridge=bridge1 hw=no interface=ether8-LAN
add bridge=bridge1 hw=no interface=ether3-LAN
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface list member
add interface=ether2-WAN list=discover
add interface=ether3-LAN list=discover
add interface=ether4-LAN list=discover
add interface=ether5-LAN list=discover
add interface=ether6-LAN list=discover
add interface=ether7-LAN list=discover
add interface=ether8-LAN list=discover
add interface=sfp1 list=discover
add interface=bridge1 list=discover
add interface=wlan2 list=discover
add list=mactel
add list=mac-winbox
/interface pptp-server server
set enabled=yes max-mru=1460 max-mtu=1460
/ip address
add address=192.168.15.1/24 interface=bridge1 network=192.168.15.0
add address=10.0.0.1/24 interface=wlan2 network=10.0.0.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether2-WAN use-peer-dns=no use-peer-ntp=no
/ip dhcp-server network
add address=10.0.0.0/24 gateway=10.0.0.1
add address=192.168.15.0/24 comment="PureVPN - DNS Servers" dns-server=208.67.222.222,208.67.220.220,8.8.8.8,6.6.6.6 gateway=192.168.15.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=208.67.222.222,208.67.220.220,8.8.8.8,6.6.6.6
/ip dns static
add address=192.168.15.1 name=router.lan
/ip firewall address-list
add address=192.168.0.0/16 list=rfc-1918
add address=192.168.51.0/24 list=private
add address=192.168.100.0/24 list=private
add address=192.168.10.0/24 list=private
add address=10.0.0.0/8 list=private
/ip firewall filter
add action=accept chain=inbound comment="Accept established connections" connection-state=established
add action=drop chain=inbound comment="Drop invalid" connection-state=invalid
add action=drop chain=inbound comment="drop ftp brute forcers" dst-port=21 protocol=tcp src-address-list=ftp_blacklist
add action=accept chain=output comment="LoginIncorrect Tarpitting" content="530 Login incorrect" dst-limit=1/1m,9,dst-address/1m protocol=tcp
add action=add-dst-to-address-list address-list=ftp_blacklist address-list-timeout=3h chain=output content="530 Login incorrect" protocol=tcp
add action=accept chain=inbound comment="SSH for secure shell" dst-port=22 protocol=tcp src-address-list=private
add action=drop chain=forward comment="drop excessive icmp traffic for 12 hours" protocol=icmp src-address-list=icmp-attack
add action=drop chain=inbound comment="Drop excess icmp" protocol=icmp
add action=reject chain=inbound reject-with=icmp-admin-prohibited src-address-list=ssh_blacklist
add action=accept chain=output content="530 Login incorrect" dst-limit=1/1m,9,dst-address/1m protocol=tcp
add action=add-dst-to-address-list address-list=ftp_blacklist address-list-timeout=3h chain=output content="530 Login incorrect" protocol=tcp
add action=accept chain=inbound comment="allow private addresses for ssh" dst-port=22 protocol=tcp src-address-list=private
add action=accept chain=forward comment="allow smtp-bypass list to create multiple sessions" dst-port=25 protocol=tcp src-address-list=smtp-bypass
add action=drop chain=forward comment="drop smtp traffic marked as spam" dst-port=25 protocol=tcp src-address-list=spam-block
add action=accept chain=inbound comment="Internal traffic can do what it wants." src-address-list=private
add action=accept chain=output comment="Allow everything out"
/ip firewall mangle
add action=accept chain=prerouting comment="Rule for Dial In VPN Network access" dst-address=192.168.15.0/24 src-address=192.168.15.0/24 src-address-list=""
add action=mark-routing chain=prerouting comment=" PureVPN - Vader to CECE" dst-address=!192.168.100.0/24 new-routing-mark=PureVPN-PPTP passthrough=yes src-address=192.168.15.0/24
/ip firewall nat
add action=masquerade chain=srcnat connection-limit=100,32 dst-address-list=!nat-null limit=1,5:packet out-interface=ether2-WAN src-address-list=private
add action=accept chain=srcnat dst-address=192.168.0.0/16 src-address=192.168.15.0/24 to-addresses=0.0.0.0
add action=masquerade chain=srcnat comment=" Pure VPN" out-interface=PureVPN-PPTP
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
/ip ipsec policy
set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
/ip proxy
set cache-path=web-proxy1 max-cache-size=none parent-proxy=0.0.0.0
/ip route
add comment="PureVPN" distance=1 gateway=PureVPN-PPTP routing-mark=PureVPN-PPTP
/ip service
set telnet disabled=yes
set www address=192.168.0.0/16
set api disabled=yes
/ip traffic-flow
set cache-entries=4k
/lcd interface pages
set 0 interfaces=wlan1
/snmp
set enabled=yes