Mikrotik: l2tp client -> only for devices with certain IPs. How?

N

Nirealto2021-10-18 15:23:42

VPN

Nirealto, 2021-10-18 15:23:42

Hello! I'm trying to master the configuration of MikroTik hAP ac lite, the task is as follows:

One of the devices, for example with an IP address of 192.168.88.250, should be allowed on the Internet only through VPN l2tp-out1, and all other devices should be left connected directly. It is desirable to be able to add multiple IP addresses.

Now l2tp-out1 settings are:
Add Default Route yes
Default Route Distance 1

For DHCP Client:
Add Default Route yes
Default Route Distance 100

And you have to manually enable/disable l2tp-out1, but with these settings all connected devices work via VPN, which not very convenient, and I would like to automate this moment.

I was able to configure the L2TP/IPsec Client according to the instructions on the network, but there is not enough further understanding.

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

D

Drno, 2021-10-18
@Drno

Route for vpn set more than 2x...
The rest - marking traff We mark
, in the mangle, then in the route we set where to
Pogunlite - mikrotik, bypassing locks. The principle is the same

A

Andrey Barbolin, 2021-10-18
@dronmaxman

create an address list
/ip firewall address-list add address=192.168.88.200 list=VPN-USERS
create default routes marked for VPN, gateway is specified as an example, can be bound in the LT2P interface
/ip route add dst-address=0.0.0.0/ 0 gateway=3.3.3.3 routing-mark=VPN
at the input through the mangle hang the routing-mark according to the desired src-address
/ip firewall mangle add chain=prerouting src-address-list=VPN-USERS action=mark-routing new-routing- mark=VPN
at the exit to nat do src-nat/masquerade by marking
/ip firewall nat add chain=src-nat action=masquerade routing-mark=VPN

A

Alexander Karabanov, 2021-10-18
@karabanov

Multivan and routing on Mikrotik RouterOS