Add a new rule at mangle with action accept and set destination IP and put those rules at top of others!
Those are mine:

Code: Select all

/ip firewall mangle
add action=accept chain=prerouting dst-address=192.168.1.0/24 src-address=192.168.1.0/24
add action=accept chain=prerouting dst-address=public-ip-of-website
add action=mark-routing chain=prerouting new-routing-mark=to-vpn passthrough=yes src-address=192.168.1.0/24

Thanks but it didn't worked, and just made that ip inaccessible.

It's because Ilir probably hasn't noticed that you've got no srcnat rule except the one for out-interface=L2TP_XXXX.

So you can e.g. copy that rule and change out-interface=L2TP_XXXX to out-interface=ether10 in the copy. Or instead you can just remove the matching on out-interface, as the rule only acts on packets sent from 192.168.1.0/24 anyway.

So with this only that website gonna access my actual ip not any other website? I mean it's not leaking my ip in this way?

So with this only that website gonna access my actual ip not any other website? I mean it's not leaking my ip in this way?

That's a complex topic.

First, you can choose whether to establish a connection via VPN or directly depending on the destination IP address, but multiple sites apparently unrelated to each other may run on the same IP address, and vice versa, the same site may be hosted at multiple IP addresses. You don't expect a high profile site like www.google.com to be served from a single server to all the clients in the world, do you? And vice versa, e.g. www.google.com and www.youtube.com are often served from the same IP to the same client.

Second, your IP address may leak via DNS unless you make sure that DNS queries are also sent via VPN. And e.g. Windows 10 used to send the DNS queries through all interfaces through which any route existed, ignoring the actual routing table.