Last active
October 2, 2019 19:38
-
-
Save argent-smith/fd08000805880f80ed91d6c72bd8d140 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # тут VPN-туннель | |
| /ppp profile add change-tcp-mss=yes name=streisand-l2tp use-compression=yes use-encryption=yes use-mpls=no | |
| /interface l2tp-client add allow=chap allow-fast-path=yes connect-to=167.99.211.56 disabled=no ipsec-secret=ribbon.armed.equip.hen.ocean max-mru=1500 max-mtu=1500 name=l2tp-streisand password=couch.monster.nose profile=streisand-l2tp use-ipsec=yes user=streisand | |
| # сюда "набиваем" нужные префиксы | |
| /ip firewall address-list add address=149.154.164.0/22 comment="telegram core" list=rkn-chan | |
| /ip firewall address-list add address=103.246.200.0/22 comment="Blackberry Limited" list=rkn-chan | |
| /ip firewall address-list add address=109.239.140.0/24 comment="Telegram Messenger LLP" list=rkn-chan | |
| # тут главная фишка: прероут-руль, который пометит нужные пакеты роут-маркой | |
| /ip firewall mangle add action=mark-routing chain=prerouting comment="rkn-chan override" dst-address-list=rkn-chan in-interface-list=LAN new-routing-mark=via-streisand passthrough=no | |
| # статик, который "поймает" промаркированные пакеты и отправит в туннель | |
| /ip route add distance=1 gateway=l2tp-streisand routing-mark=via-streisand |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment