Answer the question
In order to leave comments, you need to log in
J
J
jar3b2018-09-03 16:18:28
jar3b, 2018-09-03 16:18:28
Mikrotik: How to route traffic to portlist via VPN?
Good afternoon.
The enterprise blocks some ports with the help of a firewall (more precisely, only a small list is allowed), I need to let traffic to these ports through VPN (outgoing traffic). There are many ports, 30000-32767, tcp and udp. There is a Mikrotik device, OpenVPN is configured on it, but I can’t figure out the ports. Please tell me how to do it.
2 answer(s)
@jar3b
@jar3b
Uncheck Passthrough. Then create the same rule for UDP.
Or via console:
P
poisons, 2018-09-03 @jar3b
policy based routing.
In a nutshell - in the mangle you mark the traffic, based on the routing mark labels, put the traffic into the desired interface.
Tyts .
For the basis, you can use the instruction "to bypass blocking", only mark the traffic not on the basis of the address list, but on the basis of the dst-port.
J
jar3b, 2018-09-03 @jar3b
Adding an answer as I solved it. I don’t mark it as an answer, because it looks like a crutch, maybe there is a better solution.
Let's say we already have a VPN configured for the Address list, respectively, we already have a routing mark, a masquerade is configured for the OpenVPN interface, and a route for the marker is added. Now you need to create a new rule in the IP-Firewall-Mangle for TCP:
chain: prerouting
protocol: 6 (tcp)
Dst. Port: 30000-32767
Action: mark routing
New routing mark: <наш маркер, используемый ранее, пусть будет "vpn">Uncheck Passthrough. Then create the same rule for UDP.
Or via console:
/ip firewall mangle
add src-address=192.168.x.0/24 action=mark-routing chain=prerouting protocol=udp dst-port=30000-32767 new-routing-mark="vpn" passthrough=no
Similar questions
S
T
T
I
I
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question