Thank you! This helped me route work related traffic using an alternate connection whitelisted by my work. Now I don't need to keep toggling address list rules on and off for specific devices when needed.
very helpfull , thank you , i used to only create mark-routing mangle and i should ve disabled my default internet gateway and created a seperate route for the vpn host address it self to be able to connect , and whole thing was a mess . now with mark-connection mangle it works flawless . not disabling the default internet gateway lets me use domains in vpn server config and not the actual ip address . thanks a lot
Hi Steve, thanks for the clear and well made video tutorial. I just tried this in RouterOS7 but can’t get it to work, there is a different where the routing mark has to be added as a routing table first however it still didn’t work for me, I lose all internet connectivity when adding the IP Route. Not sure if you’re still into MikroTik gear but if so any pointers would be appreciated. Thanks.
Hello, i hope you're still active and I appreciate how useful this is. Can you make a tutorial similar to this but with ROS v7? I've been having a hard time figuring it out. Thanks!
I have always done both, in theory the "best" way would be mark connection "X" first and then next mangle rule specify anything with connection mark "X" to mark the packets.
3 роки тому
@@SteveoceeCoUk Hi and thanks for your videos! I am doing it a same way as @Roman mentioned. Is there some issue with it (e.g. security...). Or it is just different approach? I want to have my setups more secure and according the best practices if possible :-)
Thank you for this, indeed helpful. Would you mind updating it for somewhat more recent version of MikroTikOS (7) ? Also in my case, this method is working, however the connection to the internet via the tunnel is painfully slow. Yet local addresses on the other end of the VPN are working just fine.
Can you have a separate tutorial on how to do this for IPSec VPN which covers - specific websites that bypass ipsec vpn tunnel - specifc websites to specific ipsec peer
You should do a lot more. You're god at explaining work flow and essentials. Would be easier to see, if you zoomed in on "active" window,- some does that, I don't know which tool they use.
The traffic is passthrough the 2 or more vpn and load balance. If use 3 isp then i will use 3 vpn. The real case is you have 3 isp and if traffic want to pass must using vpn tunnel. And we use load balance. And the traffic come in and out from 1 bridge.
Probably won't work with Netflix. You need to remember that Netflix has a huge CDN which won't be named netflix.com so the rules won't catch. for Netflix you're better specifying the IP of the device you want to take the tunnel or trying some L7 matching rules.
@@pututmargono Please see comments above. Netflix uses multiple CDN and content caches so every connection won't be tagged with "Netflix" in the URL. I was incorrect in my reply above, L7 probably won't work. You may be able to tag the connection rather than packet which may give you a better result but I still wouldn't guarantee that would work.
Thank you finally I found this solution! Been looking this for weeks.
Thank you! This helped me route work related traffic using an alternate connection whitelisted by my work. Now I don't need to keep toggling address list rules on and off for specific devices when needed.
very helpfull , thank you , i used to only create mark-routing mangle and i should ve disabled my default internet gateway and created a seperate route for the vpn host address it self to be able to connect , and whole thing was a mess . now with mark-connection mangle it works flawless . not disabling the default internet gateway lets me use domains in vpn server config and not the actual ip address . thanks a lot
Thanks, your video helped me a lot.
great job steveocee....this really helped me solve similar case i have been battling to solve for a while now...thanks man
Glad it helped you dude.
Thanks!!! Good Work!!!
Hi Steve, thanks for the clear and well made video tutorial. I just tried this in RouterOS7 but can’t get it to work, there is a different where the routing mark has to be added as a routing table first however it still didn’t work for me, I lose all internet connectivity when adding the IP Route. Not sure if you’re still into MikroTik gear but if so any pointers would be appreciated. Thanks.
I have the same issue with combining ROS7 and Wireguard VPN - no luck so far :(
I have recently come across a WG and ROS7 problem. I'll figure it out soon.
Hello, i hope you're still active and I appreciate how useful this is. Can you make a tutorial similar to this but with ROS v7? I've been having a hard time figuring it out. Thanks!
I will try (at some point - currently going through a pfsense stage, potentially moving towards UBNT) But will give it a go (y)
Thanks man, helped a lot! The only thing I don't understand, why do you need mark both connections and routing? Why not just mark routing only?
I have always done both, in theory the "best" way would be mark connection "X" first and then next mangle rule specify anything with connection mark "X" to mark the packets.
@@SteveoceeCoUk Hi and thanks for your videos! I am doing it a same way as @Roman mentioned. Is there some issue with it (e.g. security...). Or it is just different approach? I want to have my setups more secure and according the best practices if possible :-)
Thank you for this, indeed helpful. Would you mind updating it for somewhat more recent version of MikroTikOS (7) ? Also in my case, this method is working, however the connection to the internet via the tunnel is painfully slow. Yet local addresses on the other end of the VPN are working just fine.
Very helpfull thank you
Can you have a separate tutorial on how to do this for IPSec VPN which covers
- specific websites that bypass ipsec vpn tunnel
- specifc websites to specific ipsec peer
Well done, great job :)
You should do a lot more. You're god at explaining work flow and essentials.
Would be easier to see, if you zoomed in on "active" window,- some does that, I don't know which tool they use.
easy!!! thank you!
Is it possible with IKEv2? Nord and Surfshark provide IKEv2 method & I'm stuck there. 😭😭
No idea. I don't use/need IKEV2 so it's not an area of focus for me right now.
@@SteveoceeCoUk My ISP blocked the VPN port. Now solved. Thanks.
Hi, thanks alot.
but I'm confused!
How to create connection mark for vpn and more?
I wish you did that from the beginning.
thanks again
3:50 is where we create the first rule for initial connection mark.
Nord use IKEV2, so how to configure that?
No idea. I don't use/need IKEV2 so it's not an area of focus for me right now.
@@SteveoceeCoUk Thanks for the response. I found a complete setup guide in Mikrotik wiki.
How if you have 2isp? Can u give the tutorial?
I can, it is very straight forward but you need to specify if you want alternate routing or a simple failover?
The traffic is passthrough the 2 or more vpn and load balance. If use 3 isp then i will use 3 vpn.
The real case is you have 3 isp and if traffic want to pass must using vpn tunnel. And we use load balance. And the traffic come in and out from 1 bridge.
This method is not working with Netflix
Probably won't work with Netflix. You need to remember that Netflix has a huge CDN which won't be named netflix.com so the rules won't catch. for Netflix you're better specifying the IP of the device you want to take the tunnel or trying some L7 matching rules.
@@SteveoceeCoUk would be nice if you create video about this 😏
@@SteveoceeCoUk I change addresslist with L7, still not route netflix to VPN. I don't know what I miss. hope you can create video how to do that 😊
@@pututmargono Please see comments above. Netflix uses multiple CDN and content caches so every connection won't be tagged with "Netflix" in the URL. I was incorrect in my reply above, L7 probably won't work. You may be able to tag the connection rather than packet which may give you a better result but I still wouldn't guarantee that would work.