's journal
Archive for March, 2012
Making multiple VPN connections and using them at the same time
01 year ago
by engin
in programming
As I figured how to make certain clients on LAN to use a VPN, I was a bit unsatisfied with the performance of the VPN connection (read: low transfer rates). Then I remembered that we can add multiple routes (explained here). Which means one connection a client makes are routed via VPN0, the other one is routed from VPN1. Hell, you can even add same VPN again and again so that it is used more often.
So as an addition to my previous post, you can simple add more VPN connections in interfaces. Then at the same routing rule, you can add all those VPN connection as gateways. It looks like this:
|
1 2 3 4 5 6 7 |
[admin@MikroTik] > ip route print Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit # DST-ADDRESS PREF-SRC GATEWAY DISTANCE 0 A S 0.0.0.0/0 pptp-out2 1 pptp-out1 pptp-out3 |
It is the rule that matches the packets with route-mark, I added more gateways to it. Now when a connection is made, it is routed via one of these.
Now, you can use all the cumulative bandwidth all these servers allocated for you.
Though, I couldn’t make burst of multiple connection attempts distributed over these gateways yet. Which means, if a client opens many connections rapidly, they are all routed from one gateway. If I can figure this out, a segmented downloading for instance, would be MUCH faster with many VPN servers utilized.
Making certain clients on LAN use a particular VPN connection with Mikrotik
11 year ago
by engin
in programming
Today, I received my RB-750GL from (kablosuzmarket.com) within 24h of my purchase, kudos for the excellent service. Rushed home to use this beast.
I had this idea for some time. To make certain devices on the LAN (i.e. Apple TV) to use a VPN connection so they appear to be from US (or whever the VPN server is). With Mikrotik it took just about half an hour to figure out how to do this.
1. Add your VPN connection into interface. In my case, I needed PPTP Client. Make sure it’s connected successfully.
|
1 2 3 4 5 6 7 8 9 10 |
[admin@MikroTik] /interface> print Flags: D - dynamic, X - disabled, R - running, S - slave # NAME TYPE MTU L2MTU 0 R ether1-gateway ether 1500 1598 1 R ether2-local-master ether 1500 1598 2 R ether3-local-slave ether 1500 1598 3 ether4-local-slave ether 1500 1598 4 ether5-local-slave ether 1500 1598 5 R pppoe-out1 pppoe-out 1480 6 R pptp-out1 pptp-out 1404 |
Last one is my VPN connection.
2. Prepare the address list of the devices you want to use this new VPN connection.
|
1 2 3 4 5 |
[admin@MikroTik] /ip firewall address-list> print Flags: X - disabled, D - dynamic # LIST ADDRESS 0 usvpn-addrlist 192.168.1.104 1 usvpn-addrlist 192.168.1.254 |
3. Add firewall rules to mark-route packets from this address list. I’ve marked them as “usvpn”.
|
1 2 3 |
[admin@MikroTik] /ip firewall mangle> print Flags: X - disabled, I - invalid, D - dynamic 0 chain=prerouting action=mark-routing new-routing-mark=usvpn passthrough=yes src-address-list=usvpn-addrlist |
4. Now, route packets marked with “usvpn” route-mark via pptp1 interface.
|
1 2 3 4 5 6 7 8 9 |
[admin@MikroTik] > ip route print Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit # DST-ADDRESS PREF-SRC GATEWAY DISTANCE 0 A S 0.0.0.0/0 pptp-out1 1 1 ADS 0.0.0.0/0 78.171.192.1 1 2 ADC 10.10.0.1/32 10.10.0.2 pptp-out1 0 3 ADC 10.10.2.1/32 10.10.43.56 pppoe-out1 0 4 ADC 192.168.1.0/24 192.168.1.1 ether2-local-ma... 0 |
The details are not visible in this print. When adding new route, just select the Gateway (pptp1) and Routing Mark (usvpn).
Now test if your devices are out in the US :)