VPN IP exclusions

Greetings,

I’m new to Mikrotik and just set up my first router today. Using various guides online I was able to get it set up with 2 ISPs and route specific traffic over my secondary ISP. I however can not find anyone who has tried what I want to do now. I have set up an IKEv2 VPN, but want to exclude the traffic going through my second ISP that only sees specific traffic. For context the second ISP is an intranet that gives me access to community resources not available on the web, and though it is possible to access the internet through this ISP I normally don’t because the other ISP is cheaper(have to pay per MB) and I have to log into a portal to do so. However, while my traffic is being routed through the VPN I can’t access those local resources as I can when it’s not active and would like to exclude traffic to specific IP addresses from the VPN tunnel. I am aware of the functionality to designate specific address lists to be routed through the VPN, but instead what I need is to route everything EXCEPT a handful of IP addresses. Any help would be appreciated.

Got it figured out. The guide I was using had me leave the IPsec Mode Config value for the Connection Mark to no-mark. After combing through and seeing that I was able to set it to value “vpn” and go to the firewall and create a mangle rule that sets all destinations that are not on my no-vpn address list to vpn. So to simplify, I went to IP->IPsec->Mode Configs and selected my created mode config and changed the Connection Mark to vpn. I then went to IP->Firewall->Address Lists and started adding my excluded IP addresses to the list “no-vpn”. From there I went to IP->Firewall->Mangle and created a new mark connection rule. It is a prerouting rule that on the Advanced tab sets the Dst. Address list to “no-vpn” and click the box to negate it making all destination addresses not on my exclusion list to go through the vpn.

Hi jasoncarwile, great, I did it, thanks