![]() ![]() ![]() ip firewall mangle add action=change-mss chain=forward new-mss=1360 passthrough=yes protocol=tcp connection-mark=under_nordvpn tcp-flags=syn tcp-mss=!0-1360 # Reduce MSS (should be about 1200 to 1400, but 1360 worked for me) ip firewall filter add action=accept chain=forward connection-mark=under_nordvpn place-before= # Exclude such VPN traffic from fasttrack ip firewall mangle add chain=prerouting src-address-list=under_nordvpn action=mark-routing new-routing-mark=nordvpn_blackhole passthrough=yes ip route add gateway=nordvpn_blackhole routing-mark=nordvpn_blackhole interface bridge add name=nordvpn_blackhole protocol-mode=none It MUST exist, otherwise configuration is not working. ![]() # In "/ip ipsec policy" you should be able to see a new dynamic rule added next to your NordVPN policy. ip ipsec policy add dst-address=0.0.0.0/0 group=NordVPN proposal="NordVPN proposal" src-address=0.0.0.0/0 template=yes ip ipsec identity add auth-method=eap certificate="NordVPN CA" eap-methods=eap-mschapv2 generate-policy=port-strict mode-config="NordVPN mode config" password=XXXXXXXXXX peer="NordVPN server" policy-template-group=NordVPN username=XXXXXXXXXX ip ipsec proposal add auth-algorithms=sha256 enc-algorithms=aes-256-cbc lifetime=0s name="NordVPN proposal" pfs-group=none ip ipsec peer add address= exchange-mode=ike2 name="NordVPN server" profile="NordVPN profile" ip ipsec profile add dh-group=modp2048 enc-algorithm=aes-256 hash-algorithm=sha512 name="NordVPN profile" ip ipsec mode-config add connection-mark=under_nordvpn name="NordVPN mode config" responder=no ip firewall mangle add action=mark-connection chain=prerouting src-address-list=under_nordvpn new-connection-mark=under_nordvpn passthrough=yes ip firewall address-list add address=192.168.88.11 list=under_nordvpn ip firewall address-list add address=192.168.88.10 list=under_nordvpn ![]() Get your Service Credentials from here and use them for this setup.Ĭode: Select all # Mark traffic that you want to route through VPN server Get recommended NordVPN server from here.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |