Community discussions

MikroTik App
 
mohammadalsharqi
newbie
Topic Author
Posts: 39
Joined: Fri Jan 07, 2011 12:04 am

Mark all src address in protonvpn not works

Wed Feb 08, 2023 2:01 am

Hi everyone

I have installed protonvpn ipsec and follow the standard configuration but my problem is when mark connection all clients in src address list the connection not works, while it works if i mark only one src address
# feb/08/2023 02:51:40 by RouterOS 7.6

#
# model = RB4011iGS+

/interface bridge
add name=bridge1
/interface ethernet
set [ find default-name=ether1 ] comment=Main name=Asiacell4G-IN-ether1
set [ find default-name=ether7 ] comment=GGC name=Asiacell4G-IN-ether7
set [ find default-name=ether3 ] comment=Earthlink name=Earthlink-IN-ether3
set [ find default-name=ether8 ] comment=Vodu name=Zain4G-IN-ether8
set [ find default-name=ether2 ] comment=\
    "================= OUT ================="
/interface l2tp-client
add comment=L2TP-VPN connect-to=str-ist103.strongconnectivity.com \
    keepalive-timeout=disabled name=l2tp-out1 use-ipsec=yes use-peer-dns=\
    exclusively user=a118854
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/ip ipsec mode-config
add connection-mark=under_protonvpn name="Proton VPN mode config" responder=\
    no
/ip ipsec policy group
add name=ProtonVPN
/ip ipsec profile
add dh-group=modp4096,modp2048,modp1024 dpd-interval=disable-dpd \
    enc-algorithm=aes-256 hash-algorithm=sha256 name="Proton VPN profile"
/ip ipsec peer
add address=node-nl-28.protonvpn.net exchange-mode=ike2 name=peer1 profile=\
    "Proton VPN profile"
/ip ipsec proposal
add auth-algorithms=sha256 enc-algorithms=aes-256-cbc lifetime=0s name=\
    "Proton VPN proposal" pfs-group=none
/ip pool
add name="Light Plus" ranges=10.0.100.2-10.0.100.254
add name="Economy Plus" ranges=10.0.120.2-10.0.120.254
add name="Standard Plus" ranges=10.0.130.2-10.0.130.254
add name="Active Plus" ranges=10.0.140.2-10.0.140.254
add name="Turbo Plus" ranges=10.0.150.2-10.0.150.254
add name="Business Plus" ranges=10.0.160.2-10.0.160.254
/port
set 0 name=serial0
set 1 name=serial1
/ppp profile
add address-list=Active-Users dns-server=8.8.8.8 local-address=10.0.10.1 \
    name="Light Plus" only-one=yes remote-address="Light Plus"
add address-list=Active-Users dns-server=8.8.8.8 local-address=10.0.10.1 \
    name=Economy_Plus only-one=yes remote-address="Economy Plus"
add address-list=Active-Users dns-server=8.8.8.8 local-address=10.0.10.1 \
    name=Standard_Plus only-one=yes remote-address="Standard Plus"
add address-list=Active-Users dns-server=8.8.8.8 local-address=10.0.10.1 \
    name="Active Plus" only-one=yes remote-address="Active Plus"
add address-list=Active-Users dns-server=8.8.8.8 local-address=10.0.10.1 \
    name="Turbo Plus" only-one=yes remote-address="Turbo Plus"
add address-list=Active-Users dns-server=8.8.8.8 local-address=10.0.10.1 \
    name="Business Plus" only-one=yes remote-address="Business Plus"
add name=RWB_sstp_profile

/routing bgp template
set default disabled=no output.network=bgp-networks
/routing ospf instance
add disabled=no name=default-v2
add disabled=no name=default-v3 version=3
/routing ospf area
add disabled=yes instance=default-v2 name=backbone-v2
add disabled=yes instance=default-v3 name=backbone-v3
/routing table
add name=rtab-1

/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=ether6
add bridge=bridge1 interface=ether10
add bridge=bridge1 interface=ether9
/ip neighbor discovery-settings
set discover-interface-list=all
/ip settings
set max-neighbor-entries=8192 tcp-syncookies=yes
/ipv6 settings
set max-neighbor-entries=8192
/interface detect-internet
set detect-interface-list=all
/interface list member
add interface=Asiacell4G-IN-ether1 list=WAN
add interface=Asiacell4G-IN-ether7 list=WAN
add interface=Earthlink-IN-ether3 list=WAN
add interface=Zain4G-IN-ether8 list=WAN
add interface=*20 list=LAN
/interface ovpn-server server
set auth=sha1,md5
/interface pppoe-server server
add default-profile=Standard_Plus disabled=no interface=bridge1 \
    one-session-per-host=yes service-name=service1

/ip address
add address=192.168.169.2/29 interface=Asiacell4G-IN-ether1 network=\
    192.168.169.0
add address=25.5.10.1/24 interface=bridge1 network=25.5.10.0
add address=192.168.170.2/24 interface=Zain4G-IN-ether8 network=192.168.170.0
add address=192.168.171.100/24 interface=Earthlink-IN-ether3 network=\
    192.168.171.0
add address=192.168.172.2/24 interface=Asiacell4G-IN-ether7 network=\
    192.168.172.0
add address=192.168.172.3/24 interface=Asiacell4G-IN-ether7 network=\
    192.168.172.0
/ip cloud
set ddns-enabled=yes
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w3d cache-size=99999KiB servers=\
    8.8.8.8,10.2.0.1
/ip firewall mangle
add action=mark-connection chain=prerouting disabled=yes new-connection-mark=\
    under_protonvpn passthrough=no src-address="10.0.130.0/24"
add action=change-mss chain=forward connection-mark=under_protonvpn new-mss=\
    1360 passthrough=no protocol=tcp tcp-flags=syn tcp-mss=!0-1375
/ip firewall nat
add action=masquerade chain=srcnat to-addresses=192.168.169.1
/ip firewall raw
add action=drop chain=prerouting dst-address-list=ddos-targets \
    src-address-list=ddos-attackers
/ip ipsec identity
add auth-method=eap certificate="Proton VPN CA" eap-methods=eap-mschapv2 \
    generate-policy=port-strict mode-config="Proton VPN mode config" peer=\
    peer1 policy-template-group=ProtonVPN username=xxxxxxxxx
/ip ipsec policy
add dst-address=0.0.0.0/0 group=ProtonVPN src-address=0.0.0.0/0 template=yes
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.172.1 \
    pref-src=0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no \
    target-scope=10
could helpme with that

Who is online

Users browsing this forum: EmuAGR, synchro and 71 guests