Code: Select all
/ip ipsec mode-config
add name=NordVPN responder=no src-address-list=LAN use-responder-dns=no
My problem is that I have other NAT rules in place and this newly created dynamic rule gets creted as the first rule and because of this some other NATs don't work.
For everything to work as expected, the mode-config dynamic rule has to be the 3rd rule:
Code: Select all
[admin@MIKROTIK] > ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; No NAT for Site-to-Site IPSec
chain=srcnat action=accept src-address=10.1.1.0/24 dst-address=192.168.77.0/24 log=no log-prefix=""
1 ;;; NAT for ISP Network
chain=srcnat action=src-nat to-addresses=192.168.1.100 src-address=10.1.1.0/24 dst-address=192.168.1.0/24 log=no log-prefix=""
2 D ;;; ipsec mode-config
chain=srcnat action=src-nat to-addresses=10.6.0.15 src-address-list=LAN dst-address-list=!LAN
3 ;;; Default Inside NAT
chain=srcnat action=src-nat to-addresses=192.168.1.100 out-interface=ether1 log=no log-prefix=""
Is there a way to automate this without me manually moving it every time NordVPN reconnects?