i've established wireguard tunnel between my Mikrotik vm and VPS. i want to my clients access to internet through wireguard tunnel but some web sites (Block of IPs) access through ISP gateway.
i could route internet traffic through wireguard tunnel but excluded IPs not working.
this is my configuration:
Code: Select all
Firewall Mangle Configuration
chain=prerouting action=mark-connection new-connection-mark=wg-traffic connection-state=new dst-address-list=!IP_List in-interface=Desktop-LAN log=no log-prefix=""
chain=prerouting action=mark-routing new-routing-mark=WG connection-mark=wg-traffic in-interface=Desktop-LAN log=no log-prefix=""
chain=prerouting action=mark-connection new-connection-mark=no-wg dst-address-list=IP_List in-interface=Desktop-LAN log=no log-prefix=""
chain=prerouting action=mark-routing new-routing-mark=main in-interface=Desktop-LAN log=no log-prefix=""
Firewall NAT
chain=srcnat action=masquerade out-interface=PM_WG log=no log-prefix=""
chain=srcnat action=masquerade out-interface=WAN log=no log-prefix=""
Gateways
# DST-ADDRESS GATEWAY DISTANCE
0 As 0.0.0.0/0 MY_PUBLIC_IP_ADDRESS 1
DAc 10.0.0.100/32 PM_WG 0
DAc MY_PUBLIC_IP_NETWORK WAN 0
DAc 192.168.25.0/24 MGMT-LAN 0
DAc 192.168.15.0/24 Desktop-LAN 0
1 As 0.0.0.0/0 PM_WG 1
Routing Table
Flags: D - dynamic; X - disabled, I - invalid; U - used
0 D name="main" fib
1 name="WG" fib
Routing Rule
Flags: X - disabled, I - inactive
0 src-address=192.168.15.0/24 action=lookup table=WG