Hello,
have mikrotik at home.
ETH1 = PPPoE to my ISP
ETH10 = cisco switch
I want to connect voip phone to ETH2. Have connected VPN to our company. All I need is traffic thru VPN only for voip phone (eth2). All other devices like computer, laptop, mobile will go thru my ISP, not VPN.
Possible to create this? Can anybody show me how?
Thank you
Re: Mikrotik to Mikrotik VPN for specific port only
of course it is possible.
google "mikrotik split tunnel" and you will find out how to do it!
ok?
google "mikrotik split tunnel" and you will find out how to do it!
ok?
Re: Mikrotik to Mikrotik VPN for specific port only
Hello,
it worked fine. I reseted MT because of a lot of stuff was there. I created everything again (dhcp, vpn etc). My problem is I can't found a tutorial how to create VPN only for 1 ethernet...
Any help please?
it worked fine. I reseted MT because of a lot of stuff was there. I created everything again (dhcp, vpn etc). My problem is I can't found a tutorial how to create VPN only for 1 ethernet...
Any help please?
Re: Mikrotik to Mikrotik VPN for specific port only
Please explainMy problem is I can't found a tutorial how to create VPN only for 1 ethernet...
Re: Mikrotik to Mikrotik VPN for specific port only
as I wrote in first post. have RB. eth1 is WAN, eth10 is connected to switch. I have VoIP connected to eth2. That VoIP need to connects to our company through VPN.
Want to use VPN only for eth6. So for example computer will not route through VPN.
Want to use VPN only for eth6. So for example computer will not route through VPN.
Re: Mikrotik to Mikrotik VPN for specific port only
There might be a simpler solution. If your VoIP phone only communicates with specific hosts at the company, or specific subnets, then you can add routes for those addresses via the VPN. That is easy because the natural behaviour of a router is to forward based on destination address.
It gets more complex if you want to route based on source address. Mikrotik and others use the generic term "Policy Based Routing". Essentially you create a Mangle rule to recognise your traffic of interest, in this case anything from your VoIP phone, the action is "mark routing" and you give it some meaning full mark like "VoIP-VPN". You then create a route via your VPN and specify that same "VoIP-VPN" as the routing mark.
It gets more complex if you want to route based on source address. Mikrotik and others use the generic term "Policy Based Routing". Essentially you create a Mangle rule to recognise your traffic of interest, in this case anything from your VoIP phone, the action is "mark routing" and you give it some meaning full mark like "VoIP-VPN". You then create a route via your VPN and specify that same "VoIP-VPN" as the routing mark.
Re: Mikrotik to Mikrotik VPN for specific port only
thank you. can you be more specific please? really don't know how to do that..
Attaching small screenshot as visualisation
Attaching small screenshot as visualisation
Re: Mikrotik to Mikrotik VPN for specific port only
Here's an example I did for test, I'm matching destination address in the mangle rule whereas you would match by source
Maybe you'd want to mark the connection first, then mark packets from the connection rather than purely packet-by-packet, this was just a rough and ready test I did.
Code: Select all
/ip firewall mangle
add action=mark-routing chain=prerouting dst-address=8.8.4.4 new-routing-mark=FISH passthrough=yes
/ip route
add check-gateway=ping comment="*** ADSL - PBR Test ***" distance=1 gateway=172.17.88.2 routing-mark=FISH