Hello, I’m thinking of the possibility of routing some of my traffic through a vpn, nord, proton, you name it. I’m not asking for someone here to do the job for me, but rather for hints on what to search (the proper terminology maybe).
What I’m thinking of is a subnet 192.168.0.X always on a vpn server A and subnet 192.168.1.Y always going out directly. So that my main lan subnet is always going through vpn, while the subnet for guests and chinese vacuum robots and such is not. Or maybe multiple subnets goin through their respective vpn server, each.
Now I’m wondering if this is possible to achieve with mikrotik, and in case it is what do I have to look for.
Assuming I’ll manage to achieve the result, vpn servers from proton/nord/whatever may fail or become overloaded by too many users eventually: with proton vpn client on my pc all it takes is a couple of clicks to change the server, but how can one deal with the need to often change vpn server ip in the mikrotik configuration? Maybe a simple fastapi webserver running on a container that changes the ips with a web interface I can reach without having to redo the vpn configurations on the router every time? Or a configuration on mikrotik that retrieves the server’s ip by sending a get request to some simple server on the lan?
Thanks for your thoughts.
When you decide on actual requirements attempt a config and post here.
You are still planning and until you have a solid network diagram
and clear requirements for what users you have and what traffic they should acccomplish its to early for our assistance.
I will say that if you have two WLANs, you could use one for users to go out VLAN and one for regular WAN if that helps ( thinking wireguard ).
other than that user have no choice as you will have to hardcode subnets for one option or the other…aka requirements.
Fair enough, I’ll try to explain better the scenario.
This is a domestic network, where most of the traffic is generated by me alone.
Working from home I also have my company’s laptop which has its vpn connection. I use my own big gaming desktop pc connected via remote desktop to my company’s laptop to work when I’m home. Both my pc and my work pc are connected to the same router, on different ports.
Currently I’ve set up my router in a way that ports 2 to 7 are on bridge1, subnet 192.168.0.X and port 8 is on bridge2, 192.168.1.X. Firewall rules I’ve added drop all the traffic between the two subnets, except for remote desktop connection from lan1 to lan2. When I connect my company’s pc to eth port 8 it gets internet but cannot ping or reach anything connected on other ports. So far so good.
I also have a protonVpn subscription, which I usually fire up by my destktop pc with proton vpn client, which doesn’t interfere with my remote desktop connection since it ignores local network.
Now I want to have the router make the connection to protonvpn (instead of using clients on every device), so that the entire network is under protonVpn, but at the same time I want my company’s laptop not to be. I know that probably wouldn’t hurt to use my company’s vpn inside a network-wide proton vpn connection, but I’d prefer to keep things clean.
So my idea is to channel only bridge1 (ports 2 to 7) on protonVpn while let bridge2 (port 8 ) going out normally at my isp.
Is this even possible?
Hi nohup, as far as I understand you want to do a similar thing as I just did.
My clients connected to the ethernet ports are accessing the Internet directly, while the wifi connected clients get routed through an always on wireguard vpn connection, see the thread here http://forum.mikrotik.com/t/help-with-routing-wifi-through-vpn-connection/170824/1
Thanks again to anav for his/her help!
thank you!