167pk

回復 9# yiucsw

強制DNS 8.8.8.8,208.67.222.222 經VPN

1. /ip dns
   
2. set allow-remote-requests=yes servers=8.8.8.8,208.67.222.222
   
3. 
   
4. /ip firewall nat
   
5. add action=redirect chain=dstnat comment="Redirect DNS requests to \
   
6.     RouterOS DNS cache" dst-port=53 in-interface=!pppoe-out1 protocol=udp\
   
7.     to-ports=53
   
8. 
   
9. /ip firewall mangle
   
10. add action=mark-routing chain=output comment="Force DNS through VPN" \
    
11.     dst-port=53 new-routing-mark=through_vpn_hk passthrough=no protocol=udp

複製代碼

gfx86674

回復 16# 167pk
只有2個ip在路由表新增即可改變路由,不需透過策略那樣大費周張.

範例:
小弟要讓168.95.192.1導向pptp-vpn out1 ,只要依圖示操作:

這麼做就結束,夠簡單吧~

原理是透過路由表的distance控制,數字越小代越優先.
只要168.95.192.1的distance比0.0.0.0/0 (default route)優先.
dst-address即可往您指定gateway連接.

167pk

回復 17# gfx86674

原本是行雙DNS (國內/海外)自動切換, 去國內網用國內DNS, 去海外網用海外DNS, mangle另要用layer7來幫助

以上是簡化了的, 沒行layer7

hkcwnet

回復 18# 167pk


    可否 再解釋下

yiucsw

回復 12# 雯雯

请教一下，EOIP能 Over SSTP吗？ 还是EOIP 能两端都是Dynamic IP?

雯雯

回復 20# yiucsw

EOIP能Over SSTP.

yiucsw

回復 21# 雯雯


    那在SSTP Server， EOIP 的 Local address 是 SSTP VPN 的 Local address， 还是Server Router 的 Address?
    那在SSTP Client，  EOIP 的 Local address 是 SSTP VPN 的 remote address， 还是 Client Router 的 Address?

看到网上有Support EOIP to EOIP 的Dynamic DNS Script. 是不是在中国移动上不能用？ 中国移动是派假IP。
global “EoIPTunnel1” “eoip-Number.Name”
:global “EoIPRemote1” “remoterouter.sn.mynetname.net”
:global “EoIPLocal1” “localrouter.sn.mynetname.net”
:global “EoIPRemoteIP1″ [:resolve $”EoIPRemote1”]
:global “EoIPLocalIP1″ [:resolve $”EoIPLocal1”]
:global “EoIPConnectTo1” [/interface eoip get $EoIPTunnel1 remote-address]
:global “EoIPConnectFrom1” [/interface eoip get $EoIPTunnel1 local-address]
:if ($EoIPRemoteIP1 != $EoIPConnectTo1) do={
:log info “****** Updating EoIP Tunnel – Remote end for $EoIPTunnel1″
/interface eoip set $”EoIPTunnel1″ remote-address=$”EoIPRemoteIP1”}
:if ($EoIPRemoteIP1 = $EoIPConnectTo1) do={
:log info “**** No Update necessary for EoIP Tunnel – Remote End $EoIPTunnel1”}
:if ($EoIPLocalIP1 != $EoIPConnectFrom1) do={
:log info “****** Updating EoIP Tunnel – Local End for $EoIPTunnel1″
/interface eoip set $”EoIPTunnel1″ local-address=$”EoIPLocalIP1”}
:if ($EoIPLocalIP1 = $EoIPConnectFrom1) do={
:log info “**** No Update necessary for EoIP Tunnel – Local End $EoIPTunnel1”}

yiucsw

回復 1# 167pk

VPN 的bandwidth 有限，有没有简单的Unblock 的 Address List?

yiucsw

回復 12# 雯雯

看了Mobile01的文档，还是不懂。Bridge interface=LAN. 那LAN是什么？ 我的是RB2011。

/interface eoip
add name=EoIP-Tunnel remote-address="遠端固定Public IP地址" tunnel-id=123

/interface bridge
add name=EoIP-Bridge

/interface bridge port
add bridge=EoIP-Bridge interface=EoIP-Tunnel
add bridge=EoIP-Bridge interface=LAN

雯雯

回復 24# yiucsw

方便的話讓我remote一下, remote做1次給你看.

yiucsw

回復 25# 雯雯
已PM，中国SSTP 的VPN当机。只有香港的两个Public IP PCCW+SMarttone。
能连吗！

雯雯

回復 26# yiucsw

See PM.

yiucsw

log :
eoip-NOWXXX link down
eoip-NOWXXX transmit look detected, downing interface for 60 seconds.

yiucsw

其实EOIP Status已RS。但不知道如何用。用IP route 好像没有效果。

yiucsw

回復 27# 雯雯

其实可能我的 Concept 错了。 EOIP是 Ethernet Port to Ethernet Port 的连接？
一边是Eoip VPN Bridge 连 Physical Ethernet Port : Ethernet Port 3. 连TV Box。
一边是Eoip VPN Bridge 连 Wan1？