I’m looking at setting up something like NordVPN or ProtonVPN on a Mikrotik hEX router in FRONT of my main router. Both of those services provide instructions for setting up their VPN service on a Mikrotik. See https://support.nordvpn.com/Connectivity/Router/1360295132/MikroTik-IKEv2-setup-with-NordVPN.htm and https://protonvpn.com/support/vpn-mikrotik-router
So far I’ve tested the ProtonVPN service (because they offer a free trial) and it works but performance is not good. I think it’s related to the free version of the service. My decision as to which service I go with will be based in part on performance, but more importantly on if I can use the service without interfering with my existing VPN endpoints.
So my question is, how to I setup VPN passthrough for my VPNs within the main VPN tunnel? Is it just a NAT rule, or port forwarding? Is this where split tunneling comes in? I’ve read this https://wiki.mikrotik.com/wiki/IKEv2_EAP_between_NordVPN_and_RouterOS#Option_2:_Accessing_certain_addresses_over_the_tunnel, but I’m not sure what to do for my situation.
While I’m not sure I quite drew things the way I need to, attached is a diagram of what I’m trying to achieve (I think). Basically I think I want to just passthrough what will be the traffic from 2 VPN’s within the main VPN traffic stream to the router behind the Mikrotik, which will have a private IP address, not the public one.
For what it’s worth, my main router is a Sonicwall TZ300, which provides content filtering, AV, antispam, etc. I’m not finding any VPN service that allows me to use it’s VPN capabilities, which is why I’m looking to setup a Mikrotik in front of it. Although Sonicwall does support IPSEC/IKE2, I can’t find a service that indicates they support it or have instructions on setting it up. If there’s a good VPN service out there that supports Sonicwall, I’d certainly be interested in hearing about it since it would make things easier…
VPNServerDiagram.pdf (63.4 KB)