The following code form this post on MyBroadband creates a slit tunnel that mitigates a poor peer or cross connection by directing traffic over a remote VPN head end.
#Address list /ip firewall address-list add address=34.104.116.0/22 list=gcc_eu add address=34.116.128.0/17 list=gcc_eu add address=34.118.0.0/17 list=gcc_eu add address=34.124.52.0/22 list=gcc_eu add address=34.88.0.0/16 list=gcc_eu add address=34.104.96.0/21 list=gcc_eu add address=34.124.32.0/21 list=gcc_eu add address=35.203.232.0/21 list=gcc_eu add address=35.217.0.0/18 list=gcc_eu add address=35.220.26.0/24 list=gcc_eu add address=35.228.0.0/16 list=gcc_eu add address=35.242.26.0/24 list=gcc_eu add address=8.34.208.0/23 list=gcc_eu add address=8.34.211.0/24 list=gcc_eu add address=8.34.220.0/22 list=gcc_eu add address=23.251.128.0/20 list=gcc_eu add address=34.76.0.0/14 list=gcc_eu add address=34.140.0.0/16 list=gcc_eu add address=35.187.0.0/17 list=gcc_eu add address=35.187.160.0/19 list=gcc_eu add address=35.189.192.0/18 list=gcc_eu add address=35.190.192.0/19 list=gcc_eu add address=35.195.0.0/16 list=gcc_eu add address=35.205.0.0/16 list=gcc_eu add address=35.206.128.0/18 list=gcc_eu add address=35.210.0.0/16 list=gcc_eu add address=35.220.96.0/19 list=gcc_eu add address=35.233.0.0/17 list=gcc_eu add address=35.240.0.0/17 list=gcc_eu add address=35.241.128.0/17 list=gcc_eu add address=35.242.64.0/19 list=gcc_eu add address=104.155.0.0/17 list=gcc_eu add address=104.199.0.0/18 list=gcc_eu add address=104.199.66.0/23 list=gcc_eu add address=104.199.68.0/22 list=gcc_eu add address=104.199.72.0/21 list=gcc_eu add address=104.199.80.0/20 list=gcc_eu add address=104.199.96.0/20 list=gcc_eu add address=130.211.48.0/20 list=gcc_eu add address=130.211.64.0/19 list=gcc_eu add address=130.211.96.0/20 list=gcc_eu add address=146.148.2.0/23 list=gcc_eu add address=146.148.4.0/22 list=gcc_eu add address=146.148.8.0/21 list=gcc_eu add address=146.148.16.0/20 list=gcc_eu add address=146.148.112.0/20 list=gcc_eu add address=192.158.28.0/22 list=gcc_eu add address=34.89.0.0/17 list=gcc_eu add address=34.105.128.0/17 list=gcc_eu add address=34.142.0.0/17 list=gcc_eu add address=34.147.128.0/17 list=gcc_eu add address=35.189.64.0/18 list=gcc_eu add address=35.197.192.0/18 list=gcc_eu add address=35.203.210.0/23 list=gcc_eu add address=35.203.212.0/22 list=gcc_eu add address=35.203.216.0/22 list=gcc_eu add address=35.214.0.0/17 list=gcc_eu add address=35.220.20.0/22 list=gcc_eu add address=35.230.128.0/19 list=gcc_eu add address=35.234.128.0/19 list=gcc_eu add address=35.235.48.0/20 list=gcc_eu add address=35.242.20.0/22 list=gcc_eu add address=35.242.128.0/18 list=gcc_eu add address=35.246.0.0/17 list=gcc_eu add address=34.89.128.0/17 list=gcc_eu add address=34.104.112.0/23 list=gcc_eu add address=34.107.0.0/17 list=gcc_eu add address=34.124.48.0/23 list=gcc_eu add address=34.141.0.0/17 list=gcc_eu add address=35.198.64.0/18 list=gcc_eu add address=35.198.128.0/18 list=gcc_eu add address=35.207.64.0/18 list=gcc_eu add address=35.207.128.0/18 list=gcc_eu add address=35.220.18.0/23 list=gcc_eu add address=35.234.64.0/18 list=gcc_eu add address=35.235.32.0/20 list=gcc_eu add address=35.242.18.0/23 list=gcc_eu add address=35.242.192.0/18 list=gcc_eu add address=35.246.128.0/17 list=gcc_eu add address=34.90.0.0/15 list=gcc_eu add address=34.104.126.0/23 list=gcc_eu add address=34.124.62.0/23 list=gcc_eu add address=34.141.128.0/17 list=gcc_eu add address=34.147.0.0/17 list=gcc_eu add address=35.204.0.0/16 list=gcc_eu add address=35.214.128.0/17 list=gcc_eu add address=35.220.16.0/23 list=gcc_eu add address=35.234.160.0/20 list=gcc_eu add address=35.242.16.0/23 list=gcc_eu add address=34.65.0.0/16 list=gcc_eu add address=34.104.110.0/23 list=gcc_eu add address=34.124.46.0/23 list=gcc_eu add address=35.216.128.0/17 list=gcc_eu add address=35.220.44.0/24 list=gcc_eu add address=35.235.216.0/21 list=gcc_eu add address=35.242.44.0/24 list=gcc_eu #Routing Table /routing table add disabled=no fib name=GCC #Mangle /ip firewall mangle add action=mark-routing chain=prerouting comment="Google Cloud - EU" dst-address-list=gcc_eu new-routing-mark=GCC passthrough=no #Route /ip route add comment="Google Cloud - EU - CISP VPN" disabled=no distance=1 \ dst-address=0.0.0.0/0 gateway=cisp-vpn pref-src="" routing-table=GCC \ scope=30 suppress-hw-offload=no target-scope=10 #NAT add action=masquerade chain=srcnat comment="NAT - CISP VPN" out-interface=cisp-vpn #PPP Profile /ppp profile add change-tcp-mss=yes idle-timeout=3s name=cisp-vpn use-encryption=yes #VPN Interface /interface sstp-client add comment="Cool Ideas - UK VPN" connect-to=ukvpn.cisp.co.za dial-on-demand=\ yes disabled=no keepalive-timeout=10 max-mtu=1460 name=cisp-vpn profile=\ cisp-vpn tls-version=only-1.2 user=test password=test #Firewall - use these firewall rules at your own risk /ip firewall filter add action=accept chain=forward comment="Allow established & related - Forward" connection-state=established,related add action=accept chain=input comment="Allow established & related - Input" connection-state=established,related add action=drop chain=input comment="Drop All - Input - CISP VPN" in-interface=cisp-vpn add action=drop chain=forward comment="Drop All - Forward - CISP VPN" in-interface=cisp-vpn
Comments
Post a Comment