Page 1 of 1

how to share pptp-out client to socks and http proxy user

Posted: Sun Oct 02, 2022 12:10 am
by rayman1366
i want share pptp-out connection in mikrotik to people that connects with http proxy and socks i can do this?
/interface ethernet
set [ find default-name=ether1 ] advertise=\
/interface pptp-client
add disabled=no name=pptp-out1 password=\
    test user=test
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=pool1 ranges=
set 0 name=serial0
/ppp profile
set *FFFFFFFE dns-server= local-address=pool1 remote-address=pool1
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,passw\
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface pptp-server server
set authentication=pap,chap,mschap1,mschap2 enabled=yes
/interface sstp-server server
set enabled=yes verify-client-certificate=yes
/ip address
add address= interface=ether1 network=
/ip cloud
set update-time=no
/ip dhcp-client
add disabled=no interface=ether1
/ip firewall mangle
add action=mark-routing chain=prerouting new-routing-mark=vpn passthrough=yes \
/ip firewall nat
add action=masquerade chain=srcnat src-address=
/ip route
add distance=1 gateway=pptp-out1 routing-mark=vpn

/ip socks
set auth-method=password enabled=yes version=5
/ip socks users
add name=test password=test
/ppp secret
add name=test password=test profile=default-encryption

Re: how to share pptp-out client to socks and http proxy user

Posted: Fri Oct 28, 2022 3:53 pm
by r359

Re: how to share pptp-out client to socks and http proxy user

Posted: Fri Oct 28, 2022 7:05 pm
by Sob
Proxied connections originate from router, so you can make them use another routing table. But you won't be able to distinguish them from other router's own connections (router querying DNS resolver, router checking for updates, even router establishing VPN connection). But if you exclude those in some way, it could be good enough:
/ip firewall mangle
add chain=output connection-state=new action=jump jump-target=new-output
add chain=new-output dst-address=x.x.x.x/x action=return comment="exclude target address or subnet"
add chain=new-output protocol=tcp dst-port=12345 action=return comment="exclude target port"
add chain=new-output action=mark-connection new-connection-mark=to-vpn passthrough=yes
add chain=output connection-mark=to-vpn action=mark-routing new-routing-mark=vpn