Answer the question
In order to leave comments, you need to log in
How to organize a dedicated Wi-Fi AP for VPN on Mikrotik?
Good afternoon, the question is in the simplest and most reliable scheme, thanks to which it would be possible to organize a vpn channel on a separately created virtual Wi-Fi SSID in order to, by connecting to this access point, know for sure that ALL connections go through VPN (the thought arose after a fine for downloading a movie through Popcorn time, when vpn fell off for exactly one minute, and in that one minute a payment for 1000€ arrived).
Total: there is a Mikrotik router with Internet access via ppoe VLAN ID 7, it has wlan,. On the other side there is a VPN, you need a dedicated virtual SSID "Wi-Fi VPN", connecting to which everything will go through a vpn channel so that the provider does not see that this is a torrent and does not shoot packets. At the same time, standard points with the Internet work in parallel.
Thanks in advance.
Answer the question
In order to leave comments, you need to log in
We consider that
1. wlan1 we have a radio interface on which this selected client will be
hung 2. l2tp-out - vpn interface.
3. pppoe - interface towards the Internet.
Total
1. To begin with, we prohibit traffic in the direction wlan1-> pppoe. Traffic will now definitely not run outside by vpn.
ip firewall filter add action=drop chain=forward in-interface=wlan1 out-interface=pppoe
/ip firewall mangle
add action=route chain=prerouting in-interface=wlan1 passthrough=yes route-dst=адрес на другой стороне туннеля
Thanks for answers. I'll try to figure it out at my leisure.
As a result, I solved the issue bypassing, sacrificing universality.
Since the second router was also Mikrotik, both had a functioning Mikrotik cloud and I had remote access to the second router:
-I set up an EoIP tunnel between the routers -created a
virtual wlan
-deleted the virtual wlan interface and EoIP Tunnel from the local Bridge
-created a Bridge VPN , where added wlan and EoIP tunnel
As a result, when connecting to a virtual wlan, I get into my VPN channel to the second router, isolated from the rest of the traffic. I'm not one hundred percent sure that my traffic is not visible to the provider, which brazenly sniffs torrent tracker packets, but so far the Internet speeds and ip determination sites indicate that I'm sitting in the geolocation of the VPN router.
The solution is not elegant, because EoIP is a proprietary mikrotik protocol, you need access to the settings of the second router, and it is not compatible with any other VPN services.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question