Answer the question
In order to leave comments, you need to log in
Proxy setup on Mikrotik RB450G with traffic tunneling through VPN
There is a Mikrotik RB450G.
On it, in addition to the operation of the main WAN gateway to the provider, a pptp connection is established to the VPN service (the connection always works).
I want to start selective sites from a PC through this VPN tunnel, for example, by connecting through a web proxy to a router, and then for this traffic to go out through the tunnel. Allowing all traffic from a specific IP on the internal network through a tunnel is too crude and unacceptable. You need to turn it on, "work" and turn it off. And without any manipulation on the router.
I would appreciate a detailed answer.
Answer the question
In order to leave comments, you need to log in
IP => WebProxy => Src.Address: set the tunnel IP.
Then you set up PBR according to wiki.mikrotik.com/wiki/Policy_Base_Routing with three differences:
1) mangle => chain = input instead of prerouting,
2) mangle => advanced => content does not need to be checked,
3) nat is not needed.
Or, for Proxy on Mikrotik, register ParentProxy, located at the other end of the vpn.
Or selective sites (their IP addresses) are routed to a vpn channel.
Either Mikrotik listens to any port and redirects it to the IP of the machine at the other end of the vpn channel, where you can also set a proxy. Which is slightly better than the first option.
Another option is to create a rule in nat, make a redirect to the tunnel with a condition on CONTENT, specify the host name. But this is in theory, practice needs to be tested.
If you create routes on Mikrotik to the ip-addresses of the desired sites through the tunnel, requests to these sites will go into the tunnel - both direct from clients and from a proxy server.
Or do you want all direct requests from clients to go through ethernet, and all requests from a proxy server to go through a tunnel?
Explain, please, for the theory.
I understand that we are using a static route to send traffic through the VPN tunnel, marked in advance through the mangle. Where did we mark the traffic coming from? Where is the proxy server in this chain?
By the way, according to the instructions on PBR, I get:
Couldn't change Mangle Rule - routing-mark allowed only in output and prerouting chains (6)
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question