Community discussions

MikroTik App
 
Yardanico
just joined
Topic Author
Posts: 3
Joined: Sat Nov 14, 2020 11:36 am

Route all traffic matching a BGP chain to a VPN

Sat Nov 14, 2020 11:47 am

Hello! I've been trying out RouterOS v7 a bit, and don't know how to port my simple configuration for routing traffic to VPN for all IPs blocked by my provider.

In v6 I did the following (assuming pptp-out1 exists and is running) - this routes all traffic for received BGP prefixes through a VPN (and BGP requests themselves are sent out via a VPN too).
/ip route add dst-address=51.75.66.20/32 gateway=pptp-out1
/routing bgp instance set default as=64999 ignore-as-path-len=yes router-id=3.4.5.6
/routing bgp peer add hold-time=4m in-filter=bgp_in keepalive-time=1m multihop=yes name=antifilter remote-address=51.75.66.20 remote-as=65444 ttl=default update-source=pptp-out1
/routing filter add action=accept chain=bgp_in comment="Set nexthop to VPN" set-in-nexthop-direct=pptp-out1
/ip firewall nat add chain=srcnat action=masquerade out-interface=pptp-out1
I understood that I can do roughly the same (without update-source) for instance and peer, but I'm not sure about filter since there's no
set-in-nexthop-direct
anymore.
/routing bgp template set antifilter as=64999 hold-time=4m input.filter=bgp_in keepalive-time=1m multihop=yes name=antifilter
# How do I specify that I want this connection to be done through pptp-out1 ?
/routing bgp connection add local.role=ibgp remote.address=51.75.66.20/32 template=antifilter
# How do I specify that I want traffic matching this rule to go through pptp-out1 ?
/routing filter rule add action=accept chain=bgp_in
/ip firewall nat add chain=srcnat action=masquerade out-interface=pptp-out1
But v7 completely changed the way BGP configuration works, so I'm at a loss for how I can replicate this in v7.
Any help would be appreciated!
Last edited by Yardanico on Sun Nov 15, 2020 11:09 am, edited 1 time in total.
 
Yardanico
just joined
Topic Author
Posts: 3
Joined: Sat Nov 14, 2020 11:36 am

Re: Route all traffic matching a BGP chain to a VPN

Sun Nov 15, 2020 9:26 am

Hah, I don't know why I didn't just use the same rule to route BGP traffic through the VPN
/ip route add comment="For BGP" dst-address=51.75.66.20 gateway=pptp-out1
Still not sure about how to route all traffic for BGP prefixes through pptp-out1
Last edited by Yardanico on Mon Nov 16, 2020 4:22 am, edited 1 time in total.
 
Yardanico
just joined
Topic Author
Posts: 3
Joined: Sat Nov 14, 2020 11:36 am

Re: Route all traffic matching a BGP chain to a VPN

Sun Nov 15, 2020 10:32 am

I made it work! With the filter rule written as
/routing filter rule add action=accept chain=bgp_in set-prfx-prop=gw>192.168.1.2
(where 192.168.1.2 is the remote address of the VPN) it now works.

There's a problem with that though - if the remote address of the VPN changes I'll have to edit that. "gw>pptp-out1" didn't work, so I'm still not sure if the way I made it work is the best :D

Who is online

Users browsing this forum: Baidu [Spider], erlinden and 9 guests