How-to VPN: Private Internet Access (PIA) and MikroTik Router

# First create a vpn profile to use when creating l2tp/pptp connections
# to privateinternetaccess.

/ppp profile add change-tcp-mss=yes comment="PIA VPN" \
dns-server=209.222.18.222,209.222.18.218 name=privateinternetaccess \
only-one=no use-compression=no use-encryption=required use-ipv6=no \
use-mpls=no use-upnp=no

# Create the l2tp interface

/interface l2tp-client add comment="PIA VPN Germany" \
connect-to=germany.privateinternetaccess.com disabled=no \
name=pia-de-l2tp password=[l2tp-password] \
profile=privateinternetaccess user=[l2tp-username]
# [l2tp-username]
# Your PIA username for l2tp/pptp/socks connections
# beginning with 'x' (not 'p'!)
# [l2tp-password]
# Your PIA password for l2tp/pptp/socks connections 

# Create a firewall mangle rule to mark traffic we want to
# go through the vpn.

/ip firewall mangle add action=mark-routing \
chain=prerouting comment="PIA VPN Germany" \
new-routing-mark="PPTP RM" passthrough=yes \
src-address=[ip-range-to-forward-through-vpn]
# [ip-range-to-forward-through-vpn]
# Fx. 192.168.1.0/24 or 192.168.1.2-192.168.1.254 

# Create the NAT rule and tell it to use the vpn interface.

/ip firewall nat add action=masquerade chain=srcnat \
comment="PIA VPN Germany" out-interface=pia-de-l2tp
# Create a corresponding default route to match the previous NAT
# rule. Which only get used when traffic has been marked with
# 'PPTP RM'.

/ip route add comment="PIA VPN Germany" disabled=yes \
distance=1 gateway=pia-de-l2tp routing-mark="PPTP RM"

# Now you should see traffic from clients in the ip range
# of [ip-range-to-forward-through-vpn] go through the vpn.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.