Here's a challenge for the routing experts
I have a script that uses the Telegram messenger API to notify about logins, errors, etc. on a router; this is done by "/tool fetch url="
https://api.telegram.org/bot...." in a script. Since api.telegram.org is blocked in several countries, I want this request to be routed via an existing VPN tunnel on the router - without changing the default route. I guess mangle and connection/routing marking is the tool to use, but I could not figure out how to set this up for a connection originating from the router itself: The source address of the router is not fixed (being assigned by dhcp), neither is there any interface I could use in the mangle rule...any ideas?
If you don't mind that any client of the router uses your VPN tunnel to access the existing VPN tunnel, you could run something like
/ip route add comment=api.telegram.org dst-address=[:resolve api.telegram.org] gateway=yourvpninterface
You would need to run periodically something like
:if ("$[/ip route get [f comment="api.telegram.org"] dst-address ]"!="$[:resolve api.telegram.org]/32") do={/ip route set [f comment="api.telegram.org"] dst-address=[:resolve api.telegram.org]}
to ensure that the address resolved is kept current. Routing ipv6 it would be far trickier, due to the disfunctional :resolve function.
If you only want to route traffic to api.telegram.org from the router you could use more sophisticated your or forbid api.telegram.org in the forward chain.
