The problem I have though, is that if the VPN disconnects, these packets will end up on the unencrypted link (failover to the default route)
My intent however, is to completely drop VPN packets if the VPN link is disconnected and avoid failover to the default route to prevent traffic on an unencrypted connection unbeknownst to the user.
Any suggestions on how I can achieve this?
Code: Select all
/ip firewall mangle add action=mark-connection chain=input connection-mark=no-mark in-interface=capped new-connection-mark=capped passthrough=yes add action=mark-routing chain=output connection-mark=capped new-routing-mark=capped passthrough=no add action=mark-connection chain=input connection-mark=no-mark in-interface=[REDACTED] new-connection-mark=[REDACTED] passthrough=yes add action=mark-routing chain=output connection-mark=[REDACTED] new-routing-mark=[REDACTED] passthrough=no add action=mark-routing chain=prerouting comment="First Mark All Packets" new-routing-mark=capped passthrough=yes src-address=192.168.1.0/24 add action=mark-routing chain=prerouting comment="Afterwards, add exceptions for other routing marks. 192.168.1.15 goes via VPN Tunnel" new-routing-mark=[REDACTED] passthrough=yes port=!80,443 protocol=tcp src-address=192.168.1.15 /ip route add check-gateway=ping comment="DEFAULT ROUTE" distance=1 gateway=capped scope=255 add check-gateway=ping distance=2 gateway=capped routing-mark=capped add check-gateway=ping distance=2 gateway=[REDACTED] routing-mark=[REDACTED]