Hello,
I try to deploy this scenario: on my mikrotik, I have one connection directly on the Internet and one PPTP VPN connection with Astrill. I want that some traffic through in the VPN and the rest passes through the Internet connection. I want to used also my router like web proxy and I configured it for that. If anyone can help me to explain me where is the problem, it would be freindly.
I configure my vpn connection and It's up:
[netgus@MikroTik] /interface pptp-client> print
Flags: X - disabled, R - running
0 name="Astrill-VPN" max-mtu=1400 max-mru=1400 mrru=disabled connect-to=213.246.39.232
user="xxxxxxxx" password="xxxxxx" profile=default-encryption
add-default-route=no dial-on-demand=no allow=pap,chap,mschap1,mschap2
[netgus@MikroTik] /interface pptp-client> monitor 0
status: connected
uptime: 13m55s
idle-time: 13m10s
encoding: MPPE128 stateless
mtu: 1400
mru: 1400
Since the mikrotik, if I ping:
[netgus@MikroTik] > ping 8.8.8.8 interface=Astrill-VPN
HOST SIZE TTL TIME STATUS
8.8.8.8 56 48 108ms
8.8.8.8 56 48 108ms
8.8.8.8 56 48 108ms
sent=3 received=3 packet-loss=0% min-rtt=108ms avg-rtt=108ms max-rtt=108ms
[netgus@MikroTik] > ping 8.8.8.8 interface=ether1-gateway
HOST SIZE TTL TIME STATUS
8.8.8.8 56 52 34ms
8.8.8.8 56 52 30ms
8.8.8.8 56 52 30ms
8.8.8.8 56 52 30ms
sent=4 received=4 packet-loss=0% min-rtt=30ms avg-rtt=31ms max-rtt=34ms
My routage table:
[netgus@MikroTik] /ip route> print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 Astrill-VPN 1
1 A S 0.0.0.0/0 ether1-gateway 2
2 ADC 5.4.0.1/32 5.4.7.218 Astrill-VPN 0
3 ADC 10.10.10.0/27 10.10.10.30 ether2-master-l... 0
4 ADC 10.10.10.32/27 10.10.10.62 ether2-master-l... 0
5 ADC 10.10.10.64/27 10.10.10.94 ether2-master-l... 0
6 ADC 10.10.10.96/30 10.10.10.98 ether2-master-l... 0
7 ADo 172.16.10.0/28 10.10.10.97 110
8 A S xxx.xxx.1.0/24 ether2-master-l... 1
9 Do xxx.xxx.1.0/24 10.10.10.97 110
10 ADo xxx.xxx.4.0/24 10.10.10.97 110
11 ADo xxx.xxx.5.0/24 10.10.10.97 110
12 ADo xxx.xxx.6.0/24 10.10.10.97 110
13 ADo xxx.xxx.10.0/24 10.10.10.97 110
14 ADo xxx.xxx.100.0/24 10.10.10.97 110
15 ADo xxx.xxx.100.83/32 10.10.10.97 110
16 ADC xxx.xxx.111.0/24 192.168.111.3 ether1-gateway 0
17 Do xxx.xxx.111.0/24 10.10.10.97 110
[netgus@MikroTik] /ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; default configuration
chain=srcnat action=masquerade out-interface=ether1-gateway
1 chain=dstnat action=redirect to-ports=8080 protocol=tcp dst-port=80
2 chain=srcnat action=masquerade src-address-list="" out-interface=Astrill-VPN
[netgus@MikroTik] /ip firewall filter> print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; default configuration
chain=input action=accept protocol=icmp
1 ;;; default configuration
chain=input action=accept connection-state=established in-interface=ether1-gateway
2 ;;; default configuration
chain=input action=accept connection-state=related in-interface=ether1-gateway
3 ;;; default configuration
chain=input action=drop in-interface=ether1-gateway
[netgus@MikroTik] /ip firewall mangle> print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=prerouting action=mark-routing new-routing-mark=Astrill-VPN passthrough=yes
src-address=xxx.xxx.5.0/24
Thank