My ISP has blocked access to some websites and services and I have to use a wireguard VPN if I want to open them. Until now I've been establishing the VPN connection on my computer but I want to configure my router to route requests to these specific blocked addresses through wireguard VPN connection. I have done some configurations but sometimes it doesn't work and other times it's very slow and unusable. I don't know what I did wrong. Please help me with this configuration.
I use TLS Host under mangle to detect target addresses to add them into a list of addresses and then another mangle rule to mark any connection to these addresses as a routing mark.
Code: Select all
# jan/27/2022 20:45:56 by RouterOS 7.1.1
/ip firewall address-list
.
.
.
/ip firewall filter
add action=fasttrack-connection chain=forward connection-state=established,related hw-offload=yes
add action=accept chain=forward connection-state=established,related
/ip firewall mangle
add action=add-dst-to-address-list address-list=blklst address-list-timeout=none-dynamic chain=prerouting protocol=tcp tls-host=i.ytimg.com
add action=add-dst-to-address-list address-list=blklst address-list-timeout=none-dynamic chain=prerouting protocol=tcp tls-host=www.youtube.com
add action=add-dst-to-address-list address-list=blklst address-list-timeout=none-dynamic chain=prerouting protocol=tcp tls-host=yt3.ggpht.com
add action=add-dst-to-address-list address-list=blklst address-list-timeout=none-dynamic chain=prerouting content=googlevideo protocol=tcp
add action=mark-routing chain=prerouting connection-state=new dst-address-list=blklst new-routing-mark=rm.vpn-wg passthrough=no protocol=tcp
/ip firewall nat
add action=masquerade chain=srcnat src-address=192.168.1.0/24
add action=masquerade chain=srcnat realm=16384
/ip address
add address=192.168.1.1/24 interface=bridge1 network=192.168.1.0
add address=10.66.66.220/24 interface=wg network=10.66.66.0
/interface wireguard
add listen-port=62120 mtu=1420 name=wg
/interface wireguard peers
add allowed-address=0.0.0.0/0 endpoint-address= endpoint-port= interface=wg public-key=
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=10.66.66.220 routing-table=rm.vpn-wg suppress-hw-offload=no