J
J
jar3b2018-09-03 16:18:28
openvpn
jar3b, 2018-09-03 16:18:28

Mikrotik: How to route traffic to portlist via VPN?

Good afternoon.
The enterprise blocks some ports with the help of a firewall (more precisely, only a small list is allowed), I need to let traffic to these ports through VPN (outgoing traffic). There are many ports, 30000-32767, tcp and udp. There is a Mikrotik device, OpenVPN is configured on it, but I can’t figure out the ports. Please tell me how to do it.

Answer the question

In order to leave comments, you need to log in

2 answer(s)
P
poisons, 2018-09-03
@jar3b

policy based routing.
In a nutshell - in the mangle you mark the traffic, based on the routing mark labels, put the traffic into the desired interface.
Tyts .
For the basis, you can use the instruction "to bypass blocking", only mark the traffic not on the basis of the address list, but on the basis of the dst-port.

J
jar3b, 2018-09-03
@jar3b

Adding an answer as I solved it. I don’t mark it as an answer, because it looks like a crutch, maybe there is a better solution.
Let's say we already have a VPN configured for the Address list, respectively, we already have a routing mark, a masquerade is configured for the OpenVPN interface, and a route for the marker is added. Now you need to create a new rule in the IP-Firewall-Mangle for TCP:

chain: prerouting
protocol: 6 (tcp)
Dst. Port: 30000-32767
Action: mark routing
New routing mark: <наш маркер, используемый ранее, пусть будет "vpn">

Uncheck Passthrough. Then create the same rule for UDP.
Or via console:
/ip firewall mangle
add src-address=192.168.x.0/24 action=mark-routing chain=prerouting protocol=udp dst-port=30000-32767 new-routing-mark="vpn" passthrough=no

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question