I have Policy Based Routing set up on my Mikrotik to Mangle certain packets and send those to a VPN connection using Routing Marks.
The problem I have though, is that if the VPN disconnects, these packets will end up on the unencrypted link (failover to the default route)
My intent however, is to completely drop VPN packets if the VPN link is disconnected and avoid failover to the default route to prevent traffic on an unencrypted connection unbeknownst to the user.
/ip firewall mangle
add action=mark-connection chain=input connection-mark=no-mark in-interface=capped new-connection-mark=capped passthrough=yes
add action=mark-routing chain=output connection-mark=capped new-routing-mark=capped passthrough=no
add action=mark-connection chain=input connection-mark=no-mark in-interface=PureVPN new-connection-mark=PureVPN passthrough=yes
add action=mark-routing chain=output connection-mark=PureVPN new-routing-mark=PureVPN passthrough=no
add action=mark-routing chain=prerouting comment="First Mark All Packets" new-routing-mark=capped passthrough=yes src-address=192.168.1.0/24
add action=mark-routing chain=prerouting comment="Afterwards, add exceptions for other routing marks. 192.168.1.15 goes via VPN Tunnel" new-routing-mark=PureVPN passthrough=yes port=!80,443 protocol=tcp src-address=192.168.1.15
/ip route
add check-gateway=ping comment="DEFAULT ROUTE" distance=1 gateway=capped scope=255
add check-gateway=ping distance=2 gateway=capped routing-mark=capped
add check-gateway=ping distance=2 gateway=PureVPN routing-mark=PureVPN
Any suggestions on how I can achieve this?