Community discussions

MikroTik App
 
sfly
just joined
Topic Author
Posts: 7
Joined: Thu Jul 15, 2021 3:25 am

NordVPN on two WiFi networks - what's wrong?

Mon Sep 06, 2021 4:03 am

Hi All,

I need to setup 2 separate WiFi networks and assign 2 different VPN connections to each of them. So like if I will connect to 1st WiFi network - I should get the access to the Internet via 1st VPN server, but if I will connect to the 2nd WiFi network - I should get the access to the Internet via 2nd VPN server. Once I applied the configuration below - both VPN connections were established with NordVPN. But once I was connecting to each of WiFi networks, it shows 'No Internet' on my laptop.
Can you please help me to figure out how to fix it? How to improve the config?

1st WiFi network with 192.168.88.1/24
2nd WiFi network with 192.168.89.1/24

Here is the config I used:

/tool fetch url="https://downloads.nordcdn.com/certificates/root.der"
/certificate import file-name=root.der name="NordVPN CA" passphrase=""

/ip firewall address-list add address=192.168.88.0/24 list=under_nordvpn_sk
/ip firewall address-list add address=192.168.89.0/24 list=under_nordvpn_ua
/ip firewall mangle add action=mark-connection chain=prerouting src-address-list=under_nordvpn_sk new-connection-mark=under_nordvpn_sk passthrough=yes
/ip firewall mangle add action=mark-connection chain=prerouting src-address-list=under_nordvpn_ua new-connection-mark=under_nordvpn_ua passthrough=yes
/ip ipsec mode-config add connection-mark=under_nordvpn_sk name="NordVPN mode config SK" responder=no
/ip ipsec mode-config add connection-mark=under_nordvpn_ua name="NordVPN mode config UA" responder=no
/ip ipsec policy group add name=NordVPN_SK
/ip ipsec policy group add name=NordVPN_UA
/ip ipsec profile add dh-group=modp2048 enc-algorithm=aes-256 hash-algorithm=sha512 name="NordVPN profile"
/ip ipsec peer add address=sk50.nordvpn.com exchange-mode=ike2 name="NordVPN server SK" profile="NordVPN profile"
/ip ipsec peer add address=ua59.nordvpn.com exchange-mode=ike2 name="NordVPN server UA" profile="NordVPN profile"
/ip ipsec proposal add auth-algorithms=sha256 enc-algorithms=aes-256-cbc lifetime=0s name="NordVPN proposal" pfs-group=none

/ip ipsec identity add auth-method=eap certificate="NordVPN CA" eap-methods=eap-mschapv2 generate-policy=port-strict mode-config="NordVPN mode config SK" password=Password_NordVPN peer="NordVPN server SK" policy-template-group=NordVPN_SK username=Username_NordVPN
/ip ipsec identity add auth-method=eap certificate="NordVPN CA" eap-methods=eap-mschapv2 generate-policy=port-strict mode-config="NordVPN mode config UA" password=Password_NordVPN peer="NordVPN server UA" policy-template-group=NordVPN_UA username=Username_NordVPN


/ip ipsec policy add dst-address=0.0.0.0/0 group=NordVPN_SK proposal="NordVPN proposal" src-address=0.0.0.0/0 template=yes
/ip ipsec policy add dst-address=0.0.0.0/0 group=NordVPN_UA proposal="NordVPN proposal" src-address=0.0.0.0/0 template=yes

/interface bridge add name=nordvpn_blackhole_sk protocol-mode=none
/interface bridge add name=nordvpn_blackhole_ua protocol-mode=none
/ip route add gateway=nordvpn_blackhole_sk routing-mark=nordvpn_blackhole_sk
/ip route add gateway=nordvpn_blackhole_ua routing-mark=nordvpn_blackhole_ua
/ip firewall mangle add chain=prerouting src-address-list=under_nordvpn_sk action=mark-routing new-routing-mark=nordvpn_blackhole_sk passthrough=yes
/ip firewall mangle add chain=prerouting src-address-list=under_nordvpn_ua action=mark-routing new-routing-mark=nordvpn_blackhole_ua passthrough=yes

/ip firewall filter add action=accept chain=forward connection-mark=under_nordvpn_sk place-before=[find where action=fasttrack-connection]
/ip firewall filter add action=accept chain=forward connection-mark=under_nordvpn_ua place-before=[find where action=fasttrack-connection]

/ip firewall mangle add action=change-mss chain=forward new-mss=1360 passthrough=yes protocol=tcp connection-mark=under_nordvpn_sk tcp-flags=syn tcp-mss=!0-1360
/ip firewall mangle add action=change-mss chain=forward new-mss=1360 passthrough=yes protocol=tcp connection-mark=under_nordvpn_ua tcp-flags=syn tcp-mss=!0-1360

Who is online

Users browsing this forum: No registered users and 44 guests