Hello, I have connection to internet on device via (for example) ip 1.1.1.1. So default route is 0.0.0.0.0/0 -> through gateway 1.1.1.1 When I connect to VPN, now default route looks like: 0.0.0.0.0/0 -> gateway l2tp-out (vpn). So all traffic of my local network is routed through VPN. I need that sp...

If vpn interface is down - how to block all local devices traffic? Simple not to switch on main default route, just block internet access? One possibility would be to add another default route to table vpn with type=blackhole , no gateway , and a higer distance than the one with gateway=PPTP-VPN . ...

Never needed to set up an L2TP/IPsec (I’m using IKEv2). Looks like I was wrong regarding policies as L2TP is route based. Try firewall marks as means to select a specific route, like discussed in this thread . Search forum for other examples. Thanks. I already found topic which explain how to use d...

So you would do the following: remove the route with routing-mark=eth and all the /ip firewall mangle rules set add-default-route to no on the pptp-client interface (and keep defaut-route-distance=1 in the dhcp-client) add a route dst-address=0.0.0.0/0 gateway=PPTP-VPN routing-mark=vpn instead of /...

I think you need to add a policy rule (action=none) with lower priority that would exclude TCP 1000 from IPsec. See this topic for some reference. I tried to add this rule - but no effect. I think then Mikrotik connects to VPN server it adds default route though l2tp interface. So I see syn packets...

Hello, everybody. I am a newbie in Mikrotik configuration. I need forward port from WAN (ether1 with public IP) to local host in my local network. I did this through WinBox: IP -> Firewall -> Nat -> Add Rule: Chain: dstnat Protocol: 6 (tcp) Dst Port: 1000 In Interface: ether 1 Action: Action: netmap...