update: I've added google dns to DNS tab, vpn dynamic servers does appear. I also changed to Surfshark ikev2. The VPN still didn't work properly. When I IPLeak test the connection for my device, ipv4 vpn ip is detected, but ISP ipv6 are also detected. The DNS detected are google dns, not the VPN dns...

When I temember it well you use the DoH client in RouterOS to connect to Cloudflare. This DNS DoH traffic is not passing through the VPN because only your client IP 192.168.0.5 is using only the VPN. The shortest way for now is to use the dynamic DNS server of NordVPN and disable DoH. This if you d...

Hmmm strange, then I am able to browse ipleak but gets this.
Does the proposal for the action=none fragmented ICMP policy has to set to the vpn proposal or just leave it as default?

maybe the MTU has to be changed to make it work? My pppoe MTU is 1480. The whole purpose of the added policy with action=none is to allow MSS be automatically adjusted to MTU using the normal mechanisms in case where it is already your Mikrotik, which knows that it would have to fragment the packet...

Thanks for your responses, Currently updated the suggested configs # apr/17/2020 16:05:02 by RouterOS 6.46.5 # software id = KFRD-V8Q1 # # model = RBD52G-5HacD2HnD # serial number = * /ip ipsec mode-config add name=NordVPN responder=no src-address-list=local /ip ipsec policy group add name=NordVPN /...

I have to think about that and my first answer was not correct if you address range is 192.168.0.1-192.168.0.255

Update: I can't place the first line:

Code: Select all

/ip ipsec policy
set 0 disabled=yes

the first one is disabled by itself

Hi, I also have similar problems but it still doesn't work when I added this policy. add action=none dst-address=168.192.88.0/24 src-address=0.0.0.0/0 my ipsec configs # apr/17/2020 14:00:09 by RouterOS 6.46.5 # software id = KFRD-V8Q1 # # model = RBD52G-5HacD2HnD # serial number = x /ip ipsec mode-...

I've setup a Minecraft server on my rb2011, my MC server can be accessed outside LAN using DDNS address, but couldn't access from LAN using ddns. Using canyouseeme can see my mc server port. I've set a hairpin nat in my firewall but it doesn't seem to do anything. # jan/24/2020 02:26:00 by RouterOS ...