Accessing Geolocked Content The Easy Way With Mikrotik – MUM 2019 Presentation
This is a virtual light switch to turn routing rules on and off on a Mikrotik. My example here allows me to route my roku through a remote VPN, then easily turn that off. This allows me to access remote geolocked streaming video as well as local geolocked content.
Here’s the presentation:
Here’s my lab configuration:
Here’s the HTML for the “on/off” buttons:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 | <html>
<head>
</head>
<body>
<div style="width:50%">
<form action="http://4.4.4.1:85">
<input type="submit" value="VPN Off" />
</form>
<form action="http://4.4.4.2:85">
<input type="submit" value="VPN On" />
</form>
</div>
</body>
</html> |
Here’s the USA Mikrotik:
1 2 3 4 5 6 7 8 9 10 11 12 | /interface pptp-server server set enabled=yes /ip address add address=100.64.0.1/30 interface=ether1 network=100.64.0.0 /ip firewall nat add action=masquerade chain=srcnat out-interface=ether1 /ip route add distance=1 gateway=100.64.0.2 /ppp secret add local-address=4.4.4.3 name=roku password=rokupassword remote-address=4.4.4.4 /system identity set name=USA |
Here’s the AUS Mikrotik:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 | /interface bridge
add name=loop1
/interface pptp-client
add connect-to=100.64.0.1 disabled=no name=pptp-usa password=rokupassword user=roku
/ip address
add address=100.64.1.1/30 interface=ether2 network=100.64.1.0
add address=192.168.10.1/24 interface=ether1 network=192.168.10.0
add address=4.4.4.1 interface=loop1 network=4.4.4.1
add address=4.4.4.2 interface=loop1 network=4.4.4.2
/ip dhcp-client
add dhcp-options=hostname,clientid interface=ether5
/ip firewall filter
add action=drop chain=input comment="tunnel off" dst-address=4.4.4.1 src-address-list=tunnel-off
add action=drop chain=input comment="tunnel on" dst-address=4.4.4.2 src-address-list=tunnel-on
add action=add-dst-to-address-list address-list=tunnel-off address-list-timeout=6s chain=input \
comment="tunnel off" dst-address=4.4.4.1 protocol=tcp
add action=add-dst-to-address-list address-list=tunnel-on address-list-timeout=6s chain=input \
comment="tunnel on" dst-address=4.4.4.2 protocol=tcp
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether2
add action=masquerade chain=srcnat out-interface=pptp-usa
/ip route
add distance=1 gateway=4.4.4.3 routing-mark=roku
add distance=1 gateway=100.64.1.2
/ip route rule
add action=lookup-only-in-table disabled=yes src-address=192.168.10.100/32 table=roku
/system identity
set name=AUS
/tool netwatch
add comment="turn off" down-script="/ip route rule set 0 dis=yes" host=4.4.4.1 interval=5s
add comment="turn on" down-script="/ip route rule set 0 dis=no" host=4.4.4.2 interval=5s |