Hi,i have setup my VPN with L2TP following this https://www.rapidvpn.com/setup-vpn-l2tp-mikrotik-router
and also use killswith found here in forum on http://forum.mikrotik.com/t/router-kill-switch-vpn/108252/1
everything works ok,killswitch works ok,network gets disabled when VPN goes offline.
I use ip range 192.168.1.2-192.168.1.255 to go through VPN.
Ok,but i have a problem,if i want use VPN only with range 192.168.1.101-192.168.1.255 then
range 192.168.1.2-192.168.1.100 goes offline,but i want this range not to use VPN
How to do that?
thank you
Limit the “killswitch” (a totally inappropriate name) rule to the LAN subnet which should only be allowed to access internet via VPN by adding src-address=the.subnet.to.be.blocked/mask_len[/i ] to it. So adresses from other LAN subnets will not match the killswitch rule, and will have internet access through WAN.
_Hi,can you be more specific,i dont quite understand what i need to to,did all this config by following vpn guide with pictures,can you do step by step guide what i need change?.
i already tried different ways,but when i got it working,then kill switch not worked anymore and when vpn got offline it switched to my wan and then is no point to vpn at all.(dont have that much knowledge to make it working like i need)
below are firewall rules i have right now
This first firewall rule in picture blocks all traffic when vpn goes off
and has following settings
_
I cannot as you are not 
I can only modify your killswitch rule if you state to which source and/or destination addresses that rule should be narrowed.
If it is a single source subnet, just add that subnet as the value of the src-address item of the rule. If it is a list of addresses and/or subnets, create a named list of these addresses and subnets, like (example)
/ip firewall address-list
add list=vpn-only address=1.2.3.4
add list=vpn-only address=192.168.1.0/24
and refer to that address list in the killswitch rule itself, by setting its name as the value of the src-address-list item of the rule.
Thank you for answering,sorry, i try to explain better.
Now i have all this IP range 192.168.1.3-192.168.1.255 use VPN (go through VPN)
I have DHCP Server Range 192.168.1.3-192.255.255.254
but what i want is IP-s range 192.168.1.3-192.168.1.100 not use VPN (go through WAN)
and IP range after that 192.168.1.101-192.168.1.255 use VPN (go through VPN)
but also need killswitch function when VPN goes offline then WAN goes offline too
Sorry, I haven’t understood your OP properly. For this, you don’t need any killswitch rule (and your mentioning it has sent me off-track as I started looking up what you mean by killswitch rule so I haven’t read the rest carefully) but something commonly called policy routing, where you choose one of several different routing tables depending on some criteria - in your case, the criteria is the source address range. So in the routing table used for 192.168.1.3-192.168.1.100, the default route will use the gateway on WAN, while in the routing table used for 192.168.1.101-192.168.1.254 (255 cannot be used as a client address in a /24 subnet), the default route will use the gateway on the VPN. One of many explanations how to do that is here.
If you have in mind that if VPN goes down, the clients with addresses in the 192.168.1.101-192.168.1.254 range will not be able to use WAN instead, either the killswitch rule will take care of it if completed with src-address=192.168.1.101-192.168.1.254, or a type=blackhole default route in the routing table for that source address range can be used instead of that rule. The default route via VPN would have distance=1, the blackhole default route would have distance=2. So as long as the VPN is up, the route with distance=1 is used; when the VPN goes down, that route becomes unavailable, so the blackhole route is used instead, rather than the default route in the default routing table which would otherwise kick in.
Thank you sindy,finally got it working like i need 
what I did for my kill switch on the client was to activate the nat only to the range of addresses of the tuner, only to mask everything that comes out through the VPN and a static route, 0.0.0.0 gateway L2TP Distance 1, when the VPN fails it stays without internet the router