Community discussions

MikroTik App
 
mducharme
Trainer
Trainer
Topic Author
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Creating an SSID with Mullvad VPN over Wireguard

Sun Sep 11, 2022 4:36 am

Sorry to not include much detail here, but somebody asked for an example of how I created a special SSID in my MikroTik environment that policy routes everything over Mullvad VPN via Wireguard. I hope to revise this in the future to include explanations and fill in anything that is missing.
/caps-man datapath
add bridge-horizon=2 client-to-client-forwarding=yes local-forwarding=yes name=vpn-datapath vlan-id=666 vlan-mode=use-tag
/interface wireguard
add listen-port=<redacted> mtu=1420 name=wireguard-mullvad
/interface vlan
add interface=bridge name=VPN_VLAN vlan-id=666
/caps-man security
add authentication-types=wpa2-psk disable-pmkid=yes encryption=aes-ccm name=security1
/caps-man configuration
add country=<redacted> datapath=vpn-datapath installation=indoor mode=ap name=cfg-vpn security=security1 ssid=<redacted>
/ip pool
add name=vpn-vlan ranges=192.168.90.2-192.168.90.254
/ip dhcp-server
add address-pool=vpn-vlan interface=VPN_VLAN name=dhcp1
/routing table
add disabled=no fib name=vpn
/caps-man manager
set enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled hw-supported-modes=gn master-configuration=cfg2ghz name-format=prefix-identity name-prefix=2GHz slave-configurations=cfg-vpn
add action=create-dynamic-enabled hw-supported-modes=an master-configuration=cfg5ghz name-format=prefix-identity name-prefix=5GHz slave-configurations=cfg-vpn
/interface wireguard peers
add allowed-address=0.0.0.0/0,::/0 endpoint-address=<redacted> endpoint-port=<redacted> interface=wireguard-mullvad public-key=<redacted>
/ip address
add address=192.168.90.1/24 interface=VPN_VLAN network=192.168.90.0
add address=<redacted> interface=wireguard-mullvad network=<redacted>
/ip dhcp-server network
add address=192.168.90.0/24 dns-server=<redacted> gateway=192.168.90.1
/ip firewall nat
add action=masquerade chain=srcnat out-interface=wireguard-mullvad
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=wireguard-mullvad pref-src=0.0.0.0 routing-table=vpn scope=30 suppress-hw-offload=no target-scope=10
/ipv6 route
add disabled=no distance=1 dst-address=::/0 gateway=wireguard-mullvad routing-table=vpn scope=30 target-scope=10
/ipv6 address
add address=<redacted>/64 interface=VPN_VLAN
add address=<redacted>/128 advertise=no interface=wireguard-mullvad
/ipv6 firewall nat
add action=masquerade chain=srcnat out-interface=wireguard-mullvad
/routing rule
add action=lookup disabled=no interface=VPN_VLAN min-prefix=1 table=main
add action=lookup disabled=no interface=VPN_VLAN table=vpn

Who is online

Users browsing this forum: No registered users and 5 guests