Community discussions

MikroTik App
 
oggie
just joined
Topic Author
Posts: 1
Joined: Thu Dec 01, 2022 10:14 pm

routeros as a vpn client (paid vpn service) on only one ethernet port

Thu Dec 01, 2022 10:19 pm

So I'm debating on buying an rb5009 to replace my PC based pfsense box (to save on space for one thing). It looks like the learning curve is higher for routerOS though.

Anyway, I have a VPN service using Torguard with a dedicated IP. What I would like to do would be to run the wireguard VPN client on a single ethernet port on the router. So that I can attach a switch to that port, and any device that's on that single port will have any external traffic routed through that VPN connection.

Is this possible? What get's even more complex to me is that I do have certain ports forwarded on that VPN service, which means I would then need to forward those ports to a particular server on the LAN.

Is this even possible?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: routeros as a vpn client (paid vpn service) on only one ethernet port

Sat Dec 03, 2022 4:44 pm

Hi Oggie,
Yes, that sounds all reasonable.

Assuming you have a third party VPN.
Assuming you have at least one subnet of users that you want to send through the VPN for internet or some variation thereof!

Also sounds like you have servers behind the mikrotik that you want people to be able to access via the tunnel to reach your router (reverse direction of usage).
Similarly sounds like you want to be able to remotely access your LANs behind the MT and also config the router remotely, like from a coffee shop hotel room with laptop or anywhere via your cellphone etc..

You dont need to go to the fuss of hardwiring ports etc............ Much easier to setup the home network via vlans.
vlan10-home
vlan20-iot devices
vlan30-guest wifi
vlan40-media
vlan50-gaming
vlan60-wireguard users
etc etc as many subnets as you want.

the beauty of this is all the vlans can go to a managed switch and then break out from ports on the switch as required.
A cool option is to use wifi to have home users use the normal WAN for internet or wireguard for internet.
They just have to login to the correct SSID! :-)

vlan15- homeWIFI (via local WAN) ssid-Regular
vlan25-torguardWIFI (via vpn) ssid-Guard

Who is online

Users browsing this forum: BioMax, PBondurant and 44 guests