Skip to content
Schedule Now

VPN connection for just one port at Mikrotik router

Here’s a step-by-step guide to configure LAN2 (Port 2) on your MikroTik router to route all traffic through your VPN while keeping other ports on the default Comcast route.

Step 1: Configure the VPN Client on Your Chicago MikroTik

  1. Open WinBox and connect to your MikroTik router.
  2. Go to PPP > Interface > Click + and select L2TP Client (or another VPN type your server uses).
  3. In the new window:
    • NameVPN
    • Connect ToVPN IP
    • User(Enter your VPN username)
    • Password(Enter your VPN password)
    • Use Peer DNSYes
    • Add Default RouteNo (We will set routes manually)
  4. Click Apply and OK.

Step 2: Set Up LAN2 as a Separate Network

  1. Go to IP > Addresses > Click + to add a new address.
    • Address192.168.8.1/24
    • Interfaceether2 (LAN2)
    • Click Apply and OK.
  2. Go to IP > DHCP Server > Click DHCP Setup.
    • Select ether2 and follow the wizard:
      • Network: 192.168.8.0/24
      • Gateway: 192.168.8.1
      • DNS: 8.8.8.8, 8.8.4.4 (or your VPN DNS)
      • Lease Time: 1h
  3. Click Apply and OK.

Step 3: Configure Routing Rules

  1. Go to IP > Firewall > Mangle > Click +.
    • Chainprerouting
    • Src. Address192.168.8.0/24
    • Actionmark-routing
    • New Routing Markvpn-route
    • Click Apply and OK.
  2. Go to IP > Routes > Click +.
    • Dst. Address0.0.0.0/0
    • GatewayVPN
    • Routing Markvpn-route
    • Click Apply and OK.

Step 4: Ensure Other Ports Use Comcast Normally

  1. Go to IP > Firewall > Mangle > Click +.
    • Chainprerouting
    • Src. Address192.168.7.0/24
    • Actionmark-routing
    • New Routing Markwan-route
    • Click Apply and OK.
  2. Go to IP > Routes > Click +.
    • Dst. Address0.0.0.0/0
    • GatewayComcast (default route)
    • Routing Markwan-route
    • Click Apply and OK.

Step 5: Test and Verify

  1. Connect a device to LAN2 (Port 2).
  2. Check the assigned IP (192.168.8.x).
  3. Go to https://whatismyipaddress.com/ and confirm it matches your VPN server’s IP (Ukraine).
  4. Connect a device to another port (e.g., Port 3) and check that it still uses Comcast.

Now, devices on LAN2 will use the VPN, while all other ports stay on Comcast. Let me know if you need further adjustments! 🚀