Untitled

[[email protected]] > interface/wireguard/print
Flags: X - disabled; R - running
...
 3  R name="wg-nordvpn" mtu=1420 listen-port=58673
      private-key="[privatekey]"
      public-key="[publickey]"

 4  R ;;; wg-protonvpn
      name="wg-protonvpn" mtu=1420 listen-port=13234
      private-key="[privatekey]"
      public-key="[publickey]"

[[email protected]] > ip/address/print
Flags: I - INVALID; D - DYNAMIC; S - SLAVE
Columns: ADDRESS, NETWORK, INTERFACE
 #     ADDRESS            NETWORK       INTERFACE
;;; defconf
 0   S 192.168.1.1/24     192.168.1.0   ether2
;;; defconf
...
10     10.5.0.3/32        10.5.0.3      wg-nordvpn
11     10.2.0.2/30        10.2.0.0      wg-protonvpn

[[email protected]] > interface/wireguard/peers/print
Columns: INTERFACE, PUBLIC-KEY, ENDPOINT-ADDRESS, ENDPOINT-PORT, ALLOWED-ADDRESS
# INTERFACE     PUBLIC-KEY                                    ENDPOINT-ADDRE  ENDPO  ALLOWED-ADDRESS
...
;;; wg-nordvpn
3 wg-nordvpn    [publickey]  [nordvpnpeer]   51820  0.0.0.0/0
;;; wg-protonvpn
4 wg-protonvpn  [publickey]  [protonvpnpeer]  51820  0.0.0.0/0

[[email protected]] > ip/firewall/filter/print
Flags: X - disabled, I - invalid; D - dynamic
 0  D ;;; special dummy rule to show fasttrack counters
      chain=forward action=passthrough
...
 8 X  ;;; DNS from VPN
      chain=output action=accept protocol=udp src-address=192.168.0.0/16 out-interface=wg-protonvpn
      dst-port=53 log=no log-prefix=""
...
12    ;;; defconf: accept established,related,untracked
      chain=input action=accept connection-state=established,related,untracked
...
18    ;;; defconf: drop invalid
      chain=input action=drop connection-state=invalid
19    ;;; defconf: accept ICMP
      chain=input action=accept protocol=icmp log=no log-prefix=""
20    chain=forward action=accept protocol=icmp log=no log-prefix=""
21    ;;; defconf: accept to local loopback (for CAPsMAN)
      chain=input action=accept dst-address=127.0.0.1
22    ;;; defconf: drop all not coming from LAN
      chain=input action=drop in-interface-list=!LAN
23    ;;; defconf: accept in ipsec policy
      chain=forward action=accept ipsec-policy=in,ipsec
24    ;;; defconf: accept out ipsec policy
      chain=forward action=accept ipsec-policy=out,ipsec
25    ;;; defconf: fasttrack
      chain=forward action=fasttrack-connection hw-offload=yes connection-state=established,related
      src-address=!192.168.1.0/24 log=no log-prefix=""
26    ;;; defconf: accept established,related, untracked
      chain=forward action=accept connection-state=established,related,untracked
27    ;;; defconf: drop invalid
      chain=forward action=drop connection-state=invalid
28    ;;; defconf: drop all from WAN not DSTNATed
      chain=forward action=drop connection-state=new connection-nat-state=!dstnat
      in-interface-list=WAN

[[email protected]] > ip/firewall/nat/print
Flags: X - disabled, I - invalid; D - dynamic
...
 1    ;;; Ubuntu PP
      chain=srcnat action=masquerade src-address=192.168.3.10 out-interface=wg-protonvpn log=no
      log-prefix=""
 2    ;;; defconf: masquerade
      chain=srcnat action=masquerade out-interface-list=WAN log=no log-prefix=""
      ipsec-policy=out,none
...

[[email protected]] > ip/firewall/mangle/print
Flags: X - disabled, I - invalid; D - dynamic
 0  D ;;; special dummy rule to show fasttrack counters
      chain=prerouting action=passthrough
 1  D ;;; special dummy rule to show fasttrack counters
      chain=forward action=passthrough
 2  D ;;; special dummy rule to show fasttrack counters
      chain=postrouting action=passthrough
...
 5    ;;; Win11 Pro VM
      chain=prerouting action=mark-routing new-routing-mark=nordvpn passthrough=yes
      src-address=192.168.1.42 log=no log-prefix=""
 6    ;;; Ubuntu PP
      chain=prerouting action=mark-routing new-routing-mark=protonvpn passthrough=yes
      src-address=192.168.3.10 log=no log-prefix=""

[[email protected]] > ip/route/print
Flags: D - DYNAMIC; X - DISABLED, I - INACTIVE, A - ACTIVE; c - CONNECT, s - STATIC, v - VPN
Columns: DST-ADDRESS, GATEWAY, ROUTING-TABLE, DISTANCE
 #     DST-ADDRESS        GATEWAY             ROUTING-TABLE  DISTANCE
...
   DAv 0.0.0.0/0          pppoe-out1          main                  1
   DAc 10.2.0.0/30        wg-protonvpn        main                  0
   DAc 10.5.0.3/32        wg-nordvpn          main                  0
   DAc [inetaddress]/32   pppoe-out1          main                  0
...
   DAc 192.168.1.0/24     bridge              main                  0
...
 8  As 192.168.3.0/29     192.168.1.10        main                  1
 9  As 192.168.3.8/29     192.168.1.10        main                  1
...
12  As [nordvpnpeer]/32   pppoe-out1          main                  1
13  As 0.0.0.0/0          wg-nordvpn          nordvpn               1
14  As 0.0.0.0/0          10.2.0.1            protonvpn             1

[[email protected]] > routing/rule/print
Flags: X - disabled, I - inactive
 0   src-address=192.168.1.42/32 action=lookup table=nordvpn
 1   src-address=192.168.3.10/29 action=lookup table=protonvpn

[[email protected]] > ip/dns/print
                      servers: [DNS Server1]
              dynamic-servers: [DNS Server2]
                               [DNS Server3]
               use-doh-server:
              verify-doh-cert: no
   doh-max-server-connections: 5
   doh-max-concurrent-queries: 50
                  doh-timeout: 5s
        allow-remote-requests: yes
          max-udp-packet-size: 4096
         query-server-timeout: 2s
          query-total-timeout: 10s
       max-concurrent-queries: 100
  max-concurrent-tcp-sessions: 20
                   cache-size: 2048KiB
                cache-max-ttl: 1w
      address-list-extra-time: 0s
                          vrf: main
           mdns-repeat-ifaces:
                   cache-used: 356KiB

[[email protected]] > routing/table/print
Flags: D - dynamic; X - disabled, I - invalid; U - used
 0 D   name="main" fib
 1     name="nordvpn" fib
 2     name="protonvpn" fib