This did it, thank you so much!
Yes, goal was to route traffic through a third party VPN, not create VPN access to my network from outside via phone, can see why that might have introduced some confusion. I was simply testing getting the routing working on the static IP assigned to my phone on my network because at the time I was actively transferring data between my PC and the NAS so I didn't want to inadvertently cut off that connection. The ability to just add individual rules for individual IPs now is super convenient.
All of the IPv6 info in the router was largely me trying to get IPv6 working, found difficulty getting it configured with Starlink as my ISP. Of the projects with this whole deal, that I put aside until I finished getting the VPN routing figured out. One issue at a time for now ha.
After I'd reposted my new config I had gone back in toying some more and ended up reenabling use-peer-dns=yes, for the DHCP client, so 8.8.8.8 and 1.1.1.1 were back into the dynamic DNS list. 10.2.0.1 is the DNS provided in the proton config file with the other info for the wireguard setup and in their guide is instruction to point towards their DNS, but your NAT config provided would make that redundant.
I believe one of the discussions I found somewhere regarding the NAT had mentioned the routing-mark implementation, I'd tried with and without without change so I hadn't gone through and removed that yet. Think I have a better understanding of how the NAT rules operate now.
There was definitely a lack of firewall discussion in the posts of similar topics that I sifted through. One post had mentioned a lack of need for mangle at all so I had steered clear of that and other firewall rules relating to this routing besides port forwarding the proper port, makes much more sense now though.
The ICMP rules were again pulled from the mikrotik doc. This was where some of my duplicates came from, putting in rules from the first time config article, then adding some of these in as well, so thanks for helping me realize that mistake.
Again, appreciate the time and help, writing out the goal/problem felt like easy logic, route traffic from individual IPs attempting to access the internet via the VPN, I'm just coming to terms with the needed networking language to accomplish such a goal.
Yes, goal was to route traffic through a third party VPN, not create VPN access to my network from outside via phone, can see why that might have introduced some confusion. I was simply testing getting the routing working on the static IP assigned to my phone on my network because at the time I was actively transferring data between my PC and the NAS so I didn't want to inadvertently cut off that connection. The ability to just add individual rules for individual IPs now is super convenient.
All of the IPv6 info in the router was largely me trying to get IPv6 working, found difficulty getting it configured with Starlink as my ISP. Of the projects with this whole deal, that I put aside until I finished getting the VPN routing figured out. One issue at a time for now ha.
After I'd reposted my new config I had gone back in toying some more and ended up reenabling use-peer-dns=yes, for the DHCP client, so 8.8.8.8 and 1.1.1.1 were back into the dynamic DNS list. 10.2.0.1 is the DNS provided in the proton config file with the other info for the wireguard setup and in their guide is instruction to point towards their DNS, but your NAT config provided would make that redundant.
I believe one of the discussions I found somewhere regarding the NAT had mentioned the routing-mark implementation, I'd tried with and without without change so I hadn't gone through and removed that yet. Think I have a better understanding of how the NAT rules operate now.
There was definitely a lack of firewall discussion in the posts of similar topics that I sifted through. One post had mentioned a lack of need for mangle at all so I had steered clear of that and other firewall rules relating to this routing besides port forwarding the proper port, makes much more sense now though.
The ICMP rules were again pulled from the mikrotik doc. This was where some of my duplicates came from, putting in rules from the first time config article, then adding some of these in as well, so thanks for helping me realize that mistake.
Again, appreciate the time and help, writing out the goal/problem felt like easy logic, route traffic from individual IPs attempting to access the internet via the VPN, I'm just coming to terms with the needed networking language to accomplish such a goal.
Statistics: Posted by hawk767 — Sun Feb 18, 2024 10:58 pm