Skip to main content

Spilt tunnel to bypass poor peer using a VPN


The following code form this post on MyBroadband creates a slit tunnel that mitigates a poor peer or cross connection by directing traffic over a remote VPN head end.

#Address list
/ip firewall address-list
add address=34.104.116.0/22 list=gcc_eu
add address=34.116.128.0/17 list=gcc_eu
add address=34.118.0.0/17 list=gcc_eu
add address=34.124.52.0/22 list=gcc_eu
add address=34.88.0.0/16 list=gcc_eu
add address=34.104.96.0/21 list=gcc_eu
add address=34.124.32.0/21 list=gcc_eu
add address=35.203.232.0/21 list=gcc_eu
add address=35.217.0.0/18 list=gcc_eu
add address=35.220.26.0/24 list=gcc_eu
add address=35.228.0.0/16 list=gcc_eu
add address=35.242.26.0/24 list=gcc_eu
add address=8.34.208.0/23 list=gcc_eu
add address=8.34.211.0/24 list=gcc_eu
add address=8.34.220.0/22 list=gcc_eu
add address=23.251.128.0/20 list=gcc_eu
add address=34.76.0.0/14 list=gcc_eu
add address=34.140.0.0/16 list=gcc_eu
add address=35.187.0.0/17 list=gcc_eu
add address=35.187.160.0/19 list=gcc_eu
add address=35.189.192.0/18 list=gcc_eu
add address=35.190.192.0/19 list=gcc_eu
add address=35.195.0.0/16 list=gcc_eu
add address=35.205.0.0/16 list=gcc_eu
add address=35.206.128.0/18 list=gcc_eu
add address=35.210.0.0/16 list=gcc_eu
add address=35.220.96.0/19 list=gcc_eu
add address=35.233.0.0/17 list=gcc_eu
add address=35.240.0.0/17 list=gcc_eu
add address=35.241.128.0/17 list=gcc_eu
add address=35.242.64.0/19 list=gcc_eu
add address=104.155.0.0/17 list=gcc_eu
add address=104.199.0.0/18 list=gcc_eu
add address=104.199.66.0/23 list=gcc_eu
add address=104.199.68.0/22 list=gcc_eu
add address=104.199.72.0/21 list=gcc_eu
add address=104.199.80.0/20 list=gcc_eu
add address=104.199.96.0/20 list=gcc_eu
add address=130.211.48.0/20 list=gcc_eu
add address=130.211.64.0/19 list=gcc_eu
add address=130.211.96.0/20 list=gcc_eu
add address=146.148.2.0/23 list=gcc_eu
add address=146.148.4.0/22 list=gcc_eu
add address=146.148.8.0/21 list=gcc_eu
add address=146.148.16.0/20 list=gcc_eu
add address=146.148.112.0/20 list=gcc_eu
add address=192.158.28.0/22 list=gcc_eu
add address=34.89.0.0/17 list=gcc_eu
add address=34.105.128.0/17 list=gcc_eu
add address=34.142.0.0/17 list=gcc_eu
add address=34.147.128.0/17 list=gcc_eu
add address=35.189.64.0/18 list=gcc_eu
add address=35.197.192.0/18 list=gcc_eu
add address=35.203.210.0/23 list=gcc_eu
add address=35.203.212.0/22 list=gcc_eu
add address=35.203.216.0/22 list=gcc_eu
add address=35.214.0.0/17 list=gcc_eu
add address=35.220.20.0/22 list=gcc_eu
add address=35.230.128.0/19 list=gcc_eu
add address=35.234.128.0/19 list=gcc_eu
add address=35.235.48.0/20 list=gcc_eu
add address=35.242.20.0/22 list=gcc_eu
add address=35.242.128.0/18 list=gcc_eu
add address=35.246.0.0/17 list=gcc_eu
add address=34.89.128.0/17 list=gcc_eu
add address=34.104.112.0/23 list=gcc_eu
add address=34.107.0.0/17 list=gcc_eu
add address=34.124.48.0/23 list=gcc_eu
add address=34.141.0.0/17 list=gcc_eu
add address=35.198.64.0/18 list=gcc_eu
add address=35.198.128.0/18 list=gcc_eu
add address=35.207.64.0/18 list=gcc_eu
add address=35.207.128.0/18 list=gcc_eu
add address=35.220.18.0/23 list=gcc_eu
add address=35.234.64.0/18 list=gcc_eu
add address=35.235.32.0/20 list=gcc_eu
add address=35.242.18.0/23 list=gcc_eu
add address=35.242.192.0/18 list=gcc_eu
add address=35.246.128.0/17 list=gcc_eu
add address=34.90.0.0/15 list=gcc_eu
add address=34.104.126.0/23 list=gcc_eu
add address=34.124.62.0/23 list=gcc_eu
add address=34.141.128.0/17 list=gcc_eu
add address=34.147.0.0/17 list=gcc_eu
add address=35.204.0.0/16 list=gcc_eu
add address=35.214.128.0/17 list=gcc_eu
add address=35.220.16.0/23 list=gcc_eu
add address=35.234.160.0/20 list=gcc_eu
add address=35.242.16.0/23 list=gcc_eu
add address=34.65.0.0/16 list=gcc_eu
add address=34.104.110.0/23 list=gcc_eu
add address=34.124.46.0/23 list=gcc_eu
add address=35.216.128.0/17 list=gcc_eu
add address=35.220.44.0/24 list=gcc_eu
add address=35.235.216.0/21 list=gcc_eu
add address=35.242.44.0/24 list=gcc_eu

#Routing Table
/routing table
add disabled=no fib name=GCC

#Mangle
/ip firewall mangle
add action=mark-routing chain=prerouting comment="Google Cloud - EU" dst-address-list=gcc_eu new-routing-mark=GCC passthrough=no

#Route
/ip route
add comment="Google Cloud - EU - CISP VPN" disabled=no distance=1 \
    dst-address=0.0.0.0/0 gateway=cisp-vpn pref-src="" routing-table=GCC \
    scope=30 suppress-hw-offload=no target-scope=10
 
#NAT
add action=masquerade chain=srcnat comment="NAT - CISP VPN" out-interface=cisp-vpn

#PPP Profile
/ppp profile
add change-tcp-mss=yes idle-timeout=3s name=cisp-vpn use-encryption=yes

#VPN Interface
/interface sstp-client
add comment="Cool Ideas - UK VPN" connect-to=ukvpn.cisp.co.za dial-on-demand=\
    yes disabled=no keepalive-timeout=10 max-mtu=1460 name=cisp-vpn profile=\
    cisp-vpn tls-version=only-1.2 user=test password=test
 
#Firewall - use these firewall rules at your own risk
/ip firewall filter
add action=accept chain=forward comment="Allow established & related - Forward" connection-state=established,related
add action=accept chain=input comment="Allow established & related - Input" connection-state=established,related
add action=drop chain=input comment="Drop All - Input - CISP VPN" in-interface=cisp-vpn
add action=drop chain=forward comment="Drop All - Forward - CISP VPN" in-interface=cisp-vpn
 

Comments

Popular posts from this blog

LDWin: Link Discovery for Windows

LDWin supports the following methods of link discovery: CDP - Cisco Discovery Protocol LLDP - Link Layer Discovery Protocol Download LDWin from here.

Battery Room Explosion

A hydrogen explosion occurred in an Uninterruptible Power Source (UPS) battery room. The explosion blew a 400 ft2 hole in the roof, collapsed numerous walls and ceilings throughout the building, and significantly damaged a large portion of the 50,000 ft2 building. Fortunately, the computer/data center was vacant at the time and there were no injuries. Read more about the explosion over at hydrogen tools here .

STG (SNMP Traffic Grapher)

This freeware utility allows monitoring of supporting SNMPv1 and SNMPv2c devices including Cisco. Intended as fast aid for network administrators who need prompt access to current information about state of network equipment. Access STG here (original site) or alternatively here .