Select Page
This entry has been published on 2017-04-29 and may be out of date.

Last Updated on 2017-04-29.

[:en]Internet providers in many countries are forced to store all your created data for a certain time, and no one knows what exactly is saved actually and what really happens with it, e.g. if someone steals the data. One way to get securer internet access is to redirect your whole traffic via a reliable VPN provider.

IPVanish offers well-working VPN connections with many servers hosted in different countries. You also get software to get it running easily running under Windows, Kodi, Mac OS X, iOS, Android, Windows Phone, Ubuntu, with OpenVPN configs and routers in general.

In this tutorial, I will explain how the connection can be established for all (or certain) devices in your LAN using a Mikrotik Routerboard with RouterOS.


Register an IPVanish account.

You will receive user and password afterwards. You also have access to a long list of servers available, choose one of them.

Start Mikrotik WinBox and open “PPP” and add a new “PPTP Client” interface.

Open the “Dial Out” tab and enter

  • the VPN host you choose (DNS or IP of it)
  • User and password you got via email

/interface pptp-client add disabled=no name=ipvanish password=yourpw user=youruser


Open IP -> Firewall -> NAT.

Add a new rule:

  • Chain: srcnat
  • Out. Interface: ipvanish
  • Action: Masquerade


/ip firewall nat add action=masquerade chain=srcnat out-interface=ipvanish

Open Mangle tab and create a new entry:

  • Chain: prerouting
  • Src. Address: (your local IP or IP range you want the VPN use for)
  • Action: Mark routing
  • New Routing Mark: ipvanish

/ip firewall mangle add action=mark-routing chain=prerouting new-routing-mark=ipvanish passthrough=yes src-address=

You can create multiple mangle rules for several local IP addresses or ranges.


Open IP -> Routes.

Add a new route:

  • Gateway: ipvanish
  • Routing Mark: ipvanish

/ip route add gateway=ipvanish routing-mark=ipvanish


Check your DNS entries under IP -> DNS (and in the Static area), you should have at least one or two DNS servers, like a local one or Google DNS servers ( and

Other tutorials recommend enabling “Allow Remote Requests” checkbox. I left it disabled and it also works fine.

/ip dns
set cache-size=5000KiB max-udp-packet-size=512 servers=,,
/ip dns static
add address= name=intern
add address= name=extern


Check if your IPVanish interface is up and running:

If it shows an error, check your logs, especially your DNS, host, user and password.