User Tools

Site Tools


mikrotik
default.rsc
/interface/bridge/add name=local
/interface/bridge/port/add interface=ether2 bridge=local
/ip/address/add address=192.168.88.1/24 interface=local

/ip/firewall/nat/add chain=srcnat out-interface=ether1 action=masquerade

/ip/dns/set allow-remote-requests=yes
protonvpn.rsc
/tool/fetch url="https://protonvpn.com/download/ProtonVPN_ike_root.der"
/certificate/import file-name=ProtonVPN_ike_root.der name="ProtonVPN CA" passphrase=""

/ip/firewall/address-list/add address=192.168.88.0/24 list=under_protonvpn
/ip/firewall/mangle/add action=mark-connection chain=prerouting src-address-list=under_protonvpn new-connection-mark=under_protonvpn passthrough=yes

/ip/ipsec/mode-config/add connection-mark=under_protonvpn name="ProtonVPN mode config" responder=no
/ip/ipsec/policy/group/add name=ProtonVPN
/ip/ipsec/profile/add dh-group=modp4096,modp2048,modp1024 dpd-interval=disable-dpd enc-algorithm=aes-256 hash-algorithm=sha256 name="ProtonVPN profile"
/ip/ipsec/peer add address=<your_chosen_server_IP> exchange-mode=ike2 name="ProtonVPN server" profile="ProtonVPN profile"
/ip/ipsec/proposal add auth-algorithms=sha256 enc-algorithms=aes-256-cbc lifetime=0s name="ProtonVPN proposal" pfs-group=none
/ip/ipsec/identity add username=<openvpn_ikev2_username> password=<openvpn_ikev2_password> auth-method=eap certificate="ProtonVPN CA" eap-methods=eap-mschapv2 generate-policy=port-strict mode-config="ProtonVPN mode config" peer="ProtonVPN server" policy-template-group=ProtonVPN
/ip/ipsec/policy add dst-address=0.0.0.0/0 group=ProtonVPN proposal="ProtonVPN proposal" src-address=0.0.0.0/0 template=yes
killswitch.rsc
/interface/bridge/add name=protonvpn_blackhole protocol-mode=none
/routing/table/add name=protonvpn_blackhole fib
/ip/firewall/mangle/add chain=prerouting src-address-list=under_protonvpn action=mark-routing new-routing-mark=protonvpn_blackhole passthrough=yes
/ip/route/add routing-table=protonvpn_blackhole gateway=protonvpn_blackhole
wireguard.rsc
/interface/wireguard/add name=protonwg01 private-key="CLB8ReZRlzBRYX6ius0aIu0v8mc/CWYJ/rvGBljdO2E=" comment="DE#35"
/interface/wireguard/peers/add endpoint-address=217.138.219.179 endpoint-port=88 public-key="/bkeDbWDG6SbA9NTNDc51yjVxNI4BkUob3RFMUz+ME4=" allowed-address=0.0.0.0/0 interface=protonwg01
/ip/address/add address=10.2.0.2/32 network=10.2.0.0 interface=protonwg01

/ip/dns/set server=10.2.0.1 allow-remote-requests=yes
/routing/table/add name=protonvpn_wg fib
/ip/firewall/address-list/add address=192.168.88.0/24 list=under_protonvpn
/ip/firewall/mangle/add chain=prerouting src-address-list=under_protonvpn action=mark-routing new-routing-mark=protonvpn_wg passthrough=yes
/ip/route/add routing-table=protonvpn_wg dst-address=0.0.0.0/0 gateway=protonwg01 comment="ProtonVPN Wireguard default route"
mikrotik.txt · Last modified: 2022/09/06 20:16 by 192.99.15.33

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki