Материал из Wiki.X-news.org
Перейти к: навигация, поиск

Preconditions:

1. MyHome - WLAN interface is configured

2. DE - PPP VPN is configured 

/interface bridge filter
add action=mark-packet chain=input dst-address=!192.168.178.0/24 in-interface=MyHome mac-protocol=ip new-packet-mark=route-to-vpn1
/interface bridge nat
add action=redirect chain=dstnat dst-address=!192.168.178.0/24 in-interface=MyHome mac-protocol=ip
/ip firewall mangle
add action=mark-routing chain=prerouting new-routing-mark=vpn packet-mark=route-to-vpn1 passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat out-interface=DE
/ip route
add distance=1 gateway=DE routing-mark=vpn

2nd example: send all traffic from eth04 to VPN: 

# jul/04/2017 08:39:38 by RouterOS 6.39.2
#
/interface bridge
add admin-mac=AA:BB:CC:DD:EE:FF auto-mac=no fast-forward=no name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n country=germany disabled=no \
   frequency=auto mode=ap-bridge ssid=myWifi wireless-protocol=802.11
/interface ethernet
set [ find default-name=ether2 ] master-port=ether1
set [ find default-name=ether3 ] master-port=ether1
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk eap-methods="" \
    group-ciphers=tkip,aes-ccm mode=dynamic-keys unicast-ciphers=tkip,aes-ccm \
    wpa-pre-shared-key=mywifikey wpa2-pre-shared-key=mywifikey
/interface l2tp-client
add allow=chap,mschap2 allow-fast-path=yes comment="outgoing VPN connection" \
    connect-to=my.vpn-server.com disabled=no ipsec-secret=secret name=myvpn \
    password=password profile=default user=username
/interface bridge filter
add action=mark-packet chain=input comment=\
    "mark packets that are outbound to go through vpn" dst-address=\
    !192.168.178.0/24 in-interface=ether4 mac-protocol=ip new-packet-mark=\
    route-to-vpn
/interface bridge nat
add action=redirect chain=dstnat comment=\
    "make sure packets go through IP firewall" dst-address=!192.168.178.0/24 \
    in-interface=ether4 mac-protocol=ip
/interface bridge port
add bridge=bridge interface=ether1
add bridge=bridge interface=wlan1
add bridge=bridge interface=ether4
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=bridge
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router
/ip firewall mangle
add action=mark-routing chain=prerouting comment=\
   "marked packets should go to actual routing" new-routing-mark=vpn \
   packet-mark=route-to-vpn passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat comment="masquerade all traffic that goes t\
   hrough VPN, so that responses are returned correctly" out-interface=myvpn
/ip route
add comment="tell routing that everything is addressable behind the vpn\?" \
    distance=1 gateway=myvpn routing-mark=vpn
/system clock
set time-zone-name=Europe/Berlin
Источник — «http://wiki.x-news.org/index.php?title=Mikrotik_how_to_forward_traffic_to_VPN_only_from_selected_interfaces&oldid=652»