Great thread. Thank you.
I am trying to do the opposite of Use-case #2… with SurfShark which appears to have a similar ip sec setup
Use-case #4: Specific traffic (by destination address and/or destination port preferably) routed AROUND (bypass)VPN server
Intent is for all traffic to go through the tunnel except my work SSL VPN connections to go straight to ISP. Will likely add other bypass destination ports/protocols. For now just trying to make it work for all HTTP/HTTPS for easy testing.
Tried what I read for some of the Netflix bypasses, but can’t make it work. Everything still goes through the vpn tunnel, but they appear to be suggesting routing-marks, not connection-marks…
Currently setup like Use-Case #1 plus marked route to ISP and mangle for any dest port 80,443…
/ip route add distance=1 gateway=96.38.160.1 routing-mark=BypassVPN
/ip firewall mangle add action=mark-routing chain=prerouting dst-port=80,443 new-routing-mark=BypassVPN passthrough=no protocol=tcp src-address=10.236.1.0/24