Hi everybody!

This is my first post on this forum, excuse me if I have set something wrong or chose the wrong category.
So I have set a VPN interface as the default 0.0.0.0/0 route on the main routing table, and manually made a entry that sets the default ISP gateway as the route for actually reaching the VPN server itself.

This works great. All traffic is being routed trough the VPN, just like I wanted. However, there is one exception: I previously setup port forwarding to be able to remotely reach my server over HTTPS (port 443). It completely stopped working.

I tried to manually make another routing table with the ISP gateway as the default route and (try) to mode the traffic to that table using mangle, but it does not seem to work.
Then I tried to push the server to the other routing rule via Routing->Rules, and while it is reachable from the outside again, it isn't reachable form the inside anymore.

I have already checked my firewall rules, and there does not
seem to be any drop rule that gets hit by this.

Can someone point me to the right solution for this?

Thanks in advance!

So I have set a VPN interface as the default 0.0.0.0/0 route on the main routing table

Personally I have a strong preference for the other way around, just let the main/default routing table handle 'normal' traffic and use a custom routing table for vpn's and other complicated routes. That way it's easier to separate traffic especially once you start adding more vpn's etc.

Then I tried to push the server to the other routing rule via Routing->Rules, and while it is reachable from the outside again, it isn't reachable form the inside anymore.

This is because you cannot have it both ways with only a single route to your local network You've created two routing tables, so table 2 does not know which routes exists in table 1. You either need to add a duplicate route for your local network in both routing tables or you need a NAT rule that tells the router to NAT traffic from routing table 2 to your local network in table 1. Not sure which is better, but I use the former.

I would agree, use the main primary WAN for the majority of traffic in this case your WAN2 would be primary, WAN1 secondary and used for VPN.
Do you have specific subnets going out the VPN,,,,,,, what are the use cases for it...........

Thanks for the replies.

So I am using a commercial VPN provider in order to provide a extra layer of privacy for my whole network and circumvent my provider throttling certain types of connections. I want the whole network to go trough it, but also the ability to overrule a specific IP if I ever need to to that. Based on this, I thought using the VPN for my main routing table would be nice because it captures all traffic.

Anyway, how would I go about creating a 2nd routing table? I tried to do it and there seems to be a 2nd table, but even if I put 2 bridges on it, they can't seem to communicate with each other..

Network diagram, config etc............. dont know the scope of what we are dealing with here.

How can I export the config, and how can I hide the irrelevant stuff?

Simply put, I have 5 VLANs with a bunch of firewall rules in between them, but currently all on the same routing table with my normal ISP connection as default route.
I want to change that to only connecting with the VPN server via my ISP route, and using the VPN as default route. That works, but I somehow need to find a way to allow my server to reply to connections coming in trough my ISP opened up port

terminal in winbox

/export file=anynameyouwish

Find it files and download to your PCC.
open in notepad++

Remove the router serial number and any public WANIP information with X.x.x.x
Remove any keys aka wireguard, and no need to include long dhcp lease lists either.

I have uploaded the export to a Bitwarden Send because there is still quite a lot of stuff which someone can abuse:
https://send.bitwarden.com/#MjiLqpdALk- ... GHo3qKUyhw

I have removed a few things that have nothing to do with this:
- WiFi and CapsMAN config
- User Manager
- Users, scripts and schedules
- Serial number

I made the 'UseVPN' routing table and duplicated all routes which were in the 'main' routing table, currently have my LAN on that table as a temporary solution.

Not interested you use multiple bridges and vlan id of 1.

viewtopic.php?t=143620