Hello House,
I setup a vpn client on my Mikrotik Router and i want all my client already connected to internet to pass through the vpn connection.
How can i do that please?
Depends on the network layout and VPN type used.
The network Layout is like this.
[admin@USA] > ip fi nat
[admin@USA] /ip firewall nat> pr detail
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; place hotspot rules here
chain=unused-hs-chain action=masquerade out-interface=wan
1 chain=srcnat action=masquerade out-interface=wan
2 chain=dstnat action=redirect to-ports=8080 protocol=tcp dst-port=80
3 ;;; masquerade hotspot network
chain=srcnat action=masquerade src-address=20.20.20.0/24
That shows your NAT configuration.
Please post a network diagram (a picture showing the endpoints involved in this project) as well as the requested information regarding what kind of VPN you set up, and how you set it up.
what do you mean?..
There is already pptp-client established.
I subscribe to an external commercial vpn provider to enable some of my clients have access to voip service.
My ISP do snif my packets of which i don’t want that why i want to bypass their firewall.
How to route the client internet connection through the pptp-client connection is my major challenges.
I have a mikrotik router that does nat and webproxy on my network.
Great assistance will be highly appreciated.
maybe I still don’t understand, but… simply add default route with gateway=pptp-client - and all traffic will go via that pptp connection
If i set it as default gateway do i need to change any on NAT configuration? or change any settings on firewall rule?
I don’t know neither your NAT configuration, nor you filter rules… check that you do masquerade on pptp-client interface at first
MMM MMM KKK TTTTTTTTTTT KKK
MMMM MMMM KKK TTTTTTTTTTT KKK
MMM MMMM MMM III KKK KKK RRRRRR OOOOOO TTT III KKK KKK
MMM MM MMM III KKKKK RRR RRR OOO OOO TTT III KKKKK
MMM MMM III KKK KKK RRRRRR OOO OOO TTT III KKK KKK
MMM MMM III KKK KKK RRR RRR OOOOOO TTT III KKK KKK
MikroTik RouterOS 3.30 (c) 1999-2009 http://www.mikrotik.com/
[admin@USA] > ip route
[admin@USA] /ip route> pr deta
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
0 ADS dst-address=0.0.0.0/0 gateway=192.168.1.1 interface=wan
gateway-state=reachable distance=0 scope=30 target-scope=10
1 ADC dst-address=20.20.20.0/24 pref-src=20.20.20.1 interface=wlan1
distance=0 scope=200
2 ADC dst-address=192.168.1.0/24 pref-src=192.168.1.2 interface=wan
distance=0 scope=10
3 ADC dst-address=192.168.100.1/32 pref-src=192.168.100.4
interface=pptp-out1 distance=0 scope=10
4 ADC dst-address=196.1.142.0/27 pref-src=196.1.142.1 interface=Lan
distance=0 scope=10
[admin@USA] /ip route> /
[admin@USA] > ip nat
bad command name nat (line 1 column 4)
[admin@USA] > ip firewall nat
[admin@USA] /ip firewall nat> pr detail
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; place hotspot rules here
chain=unused-hs-chain action=masquerade out-interface=wan
1 chain=srcnat action=masquerade out-interface=wan
2 chain=dstnat action=redirect to-ports=8080 protocol=tcp dst-port=80
3 ;;; masquerade hotspot network
chain=srcnat action=masquerade src-address=20.20.20.0/24
[admin@USA] /ip firewall nat> /
[admin@USA] > ip firewall filter
[admin@USA] /ip firewall filter> pr detail
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; place hotspot rules here
chain=unused-hs-chain action=accept
time=8h-20h45m59s,sun,mon,tue,wed,thu,fri,sat
1 ;;; Drop Invalid Connections
chain=input action=drop connection-state=invalid
2 ;;; Allow Established Connections
chain=input action=accept connection-state=established
3 ;;; Allow Access To Router from Wireless
chain=input action=accept src-address=20.20.20.28
4 ;;; Allow UDP
chain=input action=accept protocol=udp
5 ;;; Allow ICMP
chain=input action=accept protocol=icmp
6 ;;; Allow Access to router from know network
chain=input action=accept src-address=196.1.142.0/27
– [Q quit|D dump|down]
I wan all traffic on wlan to go through pptp-client connection.
uncheck ‘add default route’ on wan
make sure that you have a route to establish pptp-client connection
/ip fi nat add chain=srcnat action=masquerade out-interface=pptp-client
/ip route add gateway=pptp-client
p.s. “0 ADS” - Active Dynamic Static? 
probably, (D)HCP…
I have tried the configuration base on your instruction, but still can’t have access to internet through the vpn provider network.
I could ping the vpn gateway and it replied fine but can’t access internet through it. I know something is still wrong with my configuration.
More enlightenment is needed please.
/ip route print detail
when VPN is connected
Chupaka, why are you not psychic ?
You must be able to tell people the answer before you have all/any info !
(i tried randomly guessing, and fixed a guy’s fridge when he said his internet was broken)
Adrian
my wine cooler is broken. Can you do anything
did you try to add fresh ice? =)
Philistine, needs to be chilled not watered down ::::))))
[admin@USA] > ip route print detail
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
0 ADS dst-address=0.0.0.0/0 gateway=192.168.1.1 interface=wan
gateway-state=reachable distance=0 scope=30 target-scope=10
1 S dst-address=0.0.0.0/0 gateway=vpn interface=vpn gateway-state=reachable
distance=1
2 ADC dst-address=192.168.1.0/24 pref-src=192.168.1.2 interface=wan
distance=0 scope=10
3 ADC dst-address=192.168.100.1/32 pref-src=192.168.100.2 interface=vpn
distance=0 scope=10
4 ADC dst-address=196.1.142.0/27 pref-src=196.1.142.1 interface=ether1
distance=0 scope=10
[admin@USA] >
I really need urgent solution please.
is your route 0 added by DHCP client? uncheck ‘Add default route’ in its settings
i have done that but still same issue.
do i have to do anything in routing mark and mangle? if yes instruct me