Code: Select all
/ip firewall mangle
add action=mark-connection chain=prerouting comment="mark all traffic for vpn" connection-mark=no-mark dst-address=!192.168.1.0/24 dst-address-list="!Portforwarded Servers" in-interface-list=LAN ipsec-policy=in,none new-connection-mark=vpn1 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:4/0 src-address=192.168.0.0/16 src-address-list="!Portforwarded Servers"
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address=!192.168.1.0/24 dst-address-list="!Portforwarded Servers" in-interface-list=LAN ipsec-policy=in,none new-connection-mark=vpn2 passthrough=yes per-connection-classifier=\
both-addresses-and-ports:4/1 src-address=192.168.1.0/24 src-address-list="!Portforwarded Servers"
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address=!192.168.1.0/24 dst-address-list="!Portforwarded Servers" in-interface-list=LAN ipsec-policy=in,none new-connection-mark=vpn3 passthrough=yes per-connection-classifier=\
both-addresses-and-ports:4/2 src-address=192.168.1.0/24 src-address-list="!Portforwarded Servers"
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address=!192.168.1.0/24 dst-address-list="!Portforwarded Servers" in-interface-list=LAN ipsec-policy=in,none new-connection-mark=vpn4 passthrough=yes per-connection-classifier=both-addresses:4/3 \
src-address=192.168.1.0/24 src-address-list="!Portforwarded Servers"
add action=mark-connection chain=prerouting comment="exclude specific traffic from vpn routing" disabled=yes dst-address-list="!Portforwarded Servers" dst-port=443 new-connection-mark=no-mark passthrough=yes protocol=tcp src-address=192.168.1.0/24 src-address-list=\
"!Portforwarded Servers"
add action=mark-routing chain=prerouting connection-mark=vpn1 in-interface-list=LAN passthrough=no
add action=mark-routing chain=prerouting connection-mark=vpn2 in-interface-list=LAN passthrough=no
add action=mark-routing chain=prerouting connection-mark=vpn3 in-interface-list=LAN passthrough=no
add action=mark-routing chain=prerouting connection-mark=vpn4 in-interface-list=LAN passthrough=no
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=wireguard1 new-connection-mark=vpn1 passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=wireguard2 new-connection-mark=vpn2 passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=wireguard3 new-connection-mark=vpn3 passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=wireguard4 new-connection-mark=vpn4 passthrough=yes
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=wireguard1 routing-table=vpn1 suppress-hw-offload=no
add disabled=no dst-address=0.0.0.0/0 gateway=wireguard2 routing-table=vpn2 suppress-hw-offload=no
add disabled=no dst-address=0.0.0.0/0 gateway=wireguard3 routing-table=vpn3 suppress-hw-offload=no
add disabled=no dst-address=0.0.0.0/0 gateway=wireguard4 routing-table=vpn4 suppress-hw-offload=no
/routing table
add disabled=no name=vpn1
add disabled=no name=vpn2
add disabled=no name=vpn3
add disabled=no name=vpn4
/routing rule
add action=lookup disabled=no routing-mark=vpn1 table=vpn1
add action=lookup disabled=no routing-mark=vpn2 table=vpn2
add action=lookup disabled=no routing-mark=vpn3 table=vpn3
add action=lookup disabled=no routing-mark=vpn4 table=vpn4