Hello
My 4 port Mikrotik router is in AP/Switch/Bridge mode, its ether1 port is connected to my main tplink router that connects to the internet.
This has allowed me to use it as an AP to extend my network away from the main router.
- I want to configure the Mikrotik so that anyone who connects to it gets access to the internet only via the Nord VPN connection that is configured on the router.
I followed the Mikrotik instructions to have the NordVPN connection installed and it seems to be “working” but users of the Mikrotik are not being directed through the vpn connection.
I guess it being in bridge mode complicates things and i reckon the NAT is an issue but i’m really at a loss and these Mikrotiks have a steep learning curve.
Here is the result of the firewall nat print , i dont know why the src_nat has a 10… address or what that is used for.
[admin@MIKROTIK-AP] > /ip firewall nat print
0 D ;;; ipsec mode-config chain=srcnat action=src-nat to-addresses=10.6.0.8 src-address-list=local dst-address-list=!local
So can someone explain to me how i can have this AP/Switch/bridge mode router provide VPN connection to its users please?
Below is the exported config
[admin@MIKROTIK-AP] > export
# dec/07/2023 10:33:44 by RouterOS 6.49.10
# software id = 8QVT-HW07
#
# model = RouterBOARD 941-2nD
# serial number = xxxxxxxxxx
/interface bridge
add fast-forward=no name="LAN BRIDGE"
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=0 band=2ghz-b/g/n channel-width=\
20/40mhz-Ce country=no_country_set disabled=no frequency=auto \
frequency-mode=manual-txpower mode=ap-bridge ssid=BOOSTER station-roaming=\
enabled wireless-protocol=802.11
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk eap-methods="" \
mode=dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=284284284 \
wpa2-pre-shared-key=284284284
/ip ipsec mode-config
add name=NordVPN responder=no src-address-list=local
/ip ipsec policy group
add name=NordVPN
/ip ipsec profile
add name=NordVPN
/ip ipsec peer
add address=xx123.nordvpn.com exchange-mode=ike2 name=NordVPN profile=NordVPN
/ip ipsec proposal
add name=NordVPN pfs-group=none
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,passw\
ord,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge="LAN BRIDGE" interface=all
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ip dhcp-client
add disabled=no interface="LAN BRIDGE"
/ip firewall address-list
add address=192.168.88.224 list=local
add address=192.168.88.0/24 disabled=yes list=local
/ip ipsec identity
add auth-method=eap certificate="" eap-methods=eap-mschapv2 generate-policy=\
port-strict mode-config=NordVPN password=XXXXXXXXXXXXXXXX peer=\
NordVPN policy-template-group=NordVPN username=XXXXXXXXXXXXXXXX
/ip ipsec policy
add dst-address=0.0.0.0/0 group=NordVPN proposal=NordVPN src-address=0.0.0.0/0 \
template=yes
/ip ssh
set forwarding-enabled=remote
/system identity
set name=MIKROTIK-AP
[admin@MIKROTIK-AP] >