# First create a vpn profile to use when creating l2tp/pptp connections # to privateinternetaccess. /ppp profile add change-tcp-mss=yes comment="PIA VPN" \ dns-server=209.222.18.222,209.222.18.218 name=privateinternetaccess \ only-one=no use-compression=no use-encryption=required use-ipv6=no \ use-mpls=no use-upnp=no # Create the l2tp interface /interface l2tp-client add comment="PIA VPN Germany" \ connect-to=germany.privateinternetaccess.com disabled=no \ name=pia-de-l2tp password=[l2tp-password] \ profile=privateinternetaccess user=[l2tp-username] # [l2tp-username] # Your PIA username for l2tp/pptp/socks connections # beginning with 'x' (not 'p'!) # [l2tp-password] # Your PIA password for l2tp/pptp/socks connections # Create a firewall mangle rule to mark traffic we want to # go through the vpn. /ip firewall mangle add action=mark-routing \ chain=prerouting comment="PIA VPN Germany" \ new-routing-mark="PPTP RM" passthrough=yes \ src-address=[ip-range-to-forward-through-vpn] # [ip-range-to-forward-through-vpn] # Fx. 192.168.1.0/24 or 192.168.1.2-192.168.1.254 # Create the NAT rule and tell it to use the vpn interface. /ip firewall nat add action=masquerade chain=srcnat \ comment="PIA VPN Germany" out-interface=pia-de-l2tp # Create a corresponding default route to match the previous NAT # rule. Which only get used when traffic has been marked with # 'PPTP RM'. /ip route add comment="PIA VPN Germany" disabled=yes \ distance=1 gateway=pia-de-l2tp routing-mark="PPTP RM" # Now you should see traffic from clients in the ip range # of [ip-range-to-forward-through-vpn] go through the vpn.
Thanks man, worked nicely.