Community discussions

 
markom
Member Candidate
Member Candidate
Topic Author
Posts: 105
Joined: Thu Dec 17, 2009 10:42 pm

force trafic (or lan client) via VPN

Fri Aug 26, 2011 1:36 pm

I have problem so I will ask if someone now the solution.

I am using MT750 as my router.
eth1 - PPPoE client attached to my ADSL router in bridge mode
eth2 - LAN 192.168.0.1
and everything else is setup usually, masquerade out interface pppoe everything is OK

I have created PPTP client (on mt750) who is attached to VPN server in my working place. Everything go fine, I have receive Public IP address, client is connected.

my question is how to force only one PC to go via VPN client, defined by IP address (example only 192.168.0.5). Or any device attached to some other interface... eth3,4,5 ?

reason I want to do this is to have my PC always attached to my company via pptp and rest of home devices to continue to use my ADSL with IP address which is assigned by ISP.

I have google a lot of time and I have not find the solution. If someone now please give me URL with solution of the similar problem.
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: force trafic (or lan client) via VPN

Fri Aug 26, 2011 5:54 pm

http://wiki.mikrotik.com/wiki/Manual:PCC
Ignore the fact that PCC is about load balancing - it achieves that by means of routing marks, which is one of the solutions you can use for your problem.

First, in mangle, assign routing marks to the packets you want to go across the VPN. Below I'm assigning such marks to traffic from 192.168.0.5 as well as every device behind ether4.
/ip firewall mangle
add chain=prerouting src-address=192.168.0.5 action=mark-routing new-routing-mark=via-VPN
add chain=prerouting in-interface=ether4 action=mark-routing new-routing-mark=via-VPN
Then you add a default route via the VPN, with a lower distance than your normal default route. This will route all packets with the 'via-VPN' mark via the VPN, while all other packets fall through to the existing default route. Make sure to adjust the distance parameter on the existing route. I'm assuming the other side of the PPTP tunnel to be 1.1.1.1, change that as required.
/ip route
add dst-address=0.0.0.0/0 routing-mark=via-VPN gateway=1.1.1.1
That's it. Other caveats are that of course the other side will have to have routes back to the private IP space (presumably 192.168.0.0/24, and whatever else is behind your router and goes via the VPN) to get traffic back to you. If that's a no-go you can NAT out the PPTP tunnel just like you'd NAT out to your WAN.
Specific answers require specific questions. When in doubt, post the output of "/ip address print detail", "/ip route print detail", "/interface print detail", "/ip firewall export", and an accurate network diagram.
 
markom
Member Candidate
Member Candidate
Topic Author
Posts: 105
Joined: Thu Dec 17, 2009 10:42 pm

Re: force trafic (or lan client) via VPN

Fri Aug 26, 2011 10:50 pm

tnx, done everything You say and it is working perfectly. Tnx again

Who is online

Users browsing this forum: No registered users and 27 guests