MikroTik

Community discussions
https://forum.mikrotik.com/

route all traffic from interface though vpn

https://forum.mikrotik.com/viewtopic.php?t=213379

Page 1 of 1

route all traffic from interface though vpn

Posted: Thu Dec 19, 2024 11:09 am
by piqu
my router is configured as a switch and vpn for connecting to my network form outside
i want to route all traffic from ether4 though a vpn to change my ip
i tried some solutions from here but the computer connect to ether4 never has internet access
Code: Select all
/interface bridge
add name=bridge
/interface wireguard
add listen-port=42192 mtu=1420 name=wgvpn # i want to route all traffic from ether4 through this
add listen-port=13231 mtu=1420 name=wireguard # for connecting to my network from outside
/interface list
add name=switch
/interface bridge port
add bridge=bridge interface=switch
/interface list member
add interface=ether1 list=switch
add interface=ether2 list=switch
add interface=ether3 list=switch
add interface=ether4 list=switch
add interface=ether5 list=switch
/interface wireguard peers
add allowed-address=192.168.0.2/32 interface=wireguard name=peer1 private-key="..." public-key="..."
add allowed-address=0.0.0.0/0,::/0 client-address=10.8.0.15/24 client-dns=1.1.1.1 endpoint-address=... \
    endpoint-port=51820 interface=wgvpn name=wgvpn preshared-key="..." public-key="..."
/ip address
add address=192.168.0.1/24 interface=wireguard network=192.168.0.0
/ip dhcp-client
add interface=bridge
/ip firewall nat
add action=masquerade chain=srcnat out-interface=bridge src-address=192.168.0.0/24

Re: route all traffic from interface though vpn

Posted: Thu Dec 19, 2024 12:04 pm
by panisk0
remove entry from NAT
show routing tables

add entry to routing policies, like:

/routing table add fib name=to_WAN_wg
/routing rule add action=lookup-only-in-table src-address=192.168.0.0/24 table=to_WAN_wg
/ip route add dst-address=0.0.0.0/0 gateway=192.168.0.1 routing-table=to_WAN_wg

Re: route all traffic from interface though vpn

Posted: Thu Dec 19, 2024 2:27 pm
by piqu
remove entry from NAT
show routing tables

add entry to routing policies, like:

/routing table add fib name=to_WAN_wg
/routing rule add action=lookup-only-in-table src-address=192.168.0.0/24 table=to_WAN_wg
/ip route add dst-address=0.0.0.0/0 gateway=192.168.0.1 routing-table=to_WAN_wg
i dont think that would work how i want it to. i use the wiregaurd interface with the name wireguard to access my home network from outside and that already works. i want to send all traffic from ether4 through the other wireguard vpn called wgvpn to mide my ip

Re: route all traffic from interface though vpn

Posted: Thu Dec 19, 2024 2:39 pm
by panisk0
You need to base your routing on IP addresses.
Draw a diagram and I'll try to help...

Re: route all traffic from interface though vpn

Posted: Thu Dec 19, 2024 2:58 pm
by anav
Are we sure a device acting as a switch an be a WIreguard device? ( no routing, no nat etc.........)

Re: route all traffic from interface though vpn

Posted: Thu Dec 19, 2024 7:06 pm
by piqu
You need to base your routing on IP addresses.
Draw a diagram and I'll try to help...
i have never done that before. what software should i use and can you show me a good example?
Are we sure a device acting as a switch an be a WIreguard device? ( no routing, no nat etc.........)
idk if i should call it switch or routner. other then connecting the vpn to my network its not doing any routing or nat
Code: Select all
/ip firewall nat
add action=masquerade chain=srcnat out-interface=bridge src-address=192.168.0.0/24
All times are UTC+02:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/