How-to VPN: Private Internet Access (PIA) and MikroTik Router

⚠ Information in this post is outdated since the launch of PIA’s ‘Next-Gen’ VPN network in 2020, sunsetting the then-existing set-up

First create a vpn profile to use when creating l2tp/pptp connections
to privateinternetaccess.

/ppp profile add change-tcp-mss=yes \
comment="PIA VPN" \
dns-server=209.222.18.222,209.222.18.218 \
name=privateinternetaccess only-one=no \
use-compression=no use-encryption=required \
use-ipv6=no use-mpls=no use-upnp=no

Create the l2tp interface

/interface l2tp-client add \
comment="PIA VPN Netherlands" \
connect-to=nl.privateinternetaccess.com \
disabled=no name=pia-de-l2tp \
profile=privateinternetaccess \
user=[l2tp-username] \
password=[l2tp-password]
  • [l2tp-username] Your PIA username for l2tp/pptp/socks connections beginning with ‘x’ (not ‘p’!)
  • [l2tp-password] Your PIA password for l2tp/pptp/socks connections

Create a firewall mangle rule to mark IPv4 traffic we want to
go through the VPN.

/ip firewall mangle add \
action=mark-routing \
chain=prerouting \
comment="PIA VPN Netherlands" \
new-routing-mark="PPTP RM" \
passthrough=yes \
src-address=[ip-range-to-forward-through-vpn]
    • <li

[ip-range-to-forward-through-vpn]

    Fx. 192.168.1.0/24 or 192.168.1.2-192.168.1.254

Create the NAT rule and tell it to use the VPN interface.

/ip firewall nat add \
action=masquerade chain=srcnat \
comment="PIA VPN Netherlands" \
out-interface=pia-de-l2tp

Create a corresponding default route to match the previous NAT
rule. Which only get used when IPv4 traffic has been marked with
‘PPTP RM’.

/ip route add \
comment="PIA VPN Netherlands" \
disabled=yes distance=1 \
gateway=pia-de-l2tp routing-mark="PPTP RM"

Now you should see traffic from clients in the IPv4 range
of [ip-range-to-forward-through-vpn] go through the VPN.

NB: If you want to use another country apart from Netherlands. Check out Private Internet Access list of locations here: PIA VPN Tunnel Network

Problems with a IPv6 only network – Ben’s Place

In my last post I talked about running a pure IPv6 network, as part of my ISP building project, but still allowing access to resources on the internet currently only available via IPv4.This works well assuming all the clients on the local network are IPv6 capable, unfortunately this is not always the case. There are legacy devices that do not understand IPv6.This is a real problem with IoT devices that are either no longer being maintained or just that have hardware that is incapable of using anything other than IPv4. There is also a small problem that a IP cam with a IPv6 address is probably available to the world with out some firewall rules or a ACL limiting access to the local /64, but those are problems for another day…Another issue is hard coded IPv4 addresses in legacy applications, this is a problem even if the OS/device supports both IPv4 & IPv6 but is only connected via IPv6.There is are a few of solution to both these problems.

Source: Problems with a IPv6 only network – Ben’s Place

Internet censorship just doesn’t always go the way you want to ?

Iran is known for its censoring of the internet and social media sites, blocking some of them outright. Earlier this year, Iran was accused of “breaking the internet” in Hong Kong. The issue was that Iran used Border Gateway Protocol (BGP) to spoof traffic away from a few hundred sites, the false routes spread and […]

via Iranian Censorship – Big Business and Massive Restrictions — Freedom Star

Compiled list of Acronyms in the Network Field of A LOT of Things

The list is still subject to updates and changes  from time to time.
Last updated: 20170121.
AcronymDefinitionComment
AcronymDefinitionComment
6PEIPv6 Provider Edge Router
6VPEIPv6 Virtual Private Network Provider Edge Router
ABCAbstract Base Class
ACEAccess Control Entry
ACIDAtomicity, Consistency, Isolation, and Durability
ACLAccess Control List
ACPIAdvanced Configuration and Power Interface
ADOActiveX® Data Objects
ADSIActive Directory Service Interfaces
AFAddress Family
AFIAddress Family Identifier
AICApplication Integration Component
ANSIAmerican National Standards Institute
ANSI SQLAmerican National Standards Institute Structured Query Language
APIApplication Programming Interface
APMAdvanced Power Management
APPCAdvanced Program-to-Program Communication
ARPAddress Resolution Protocol
ASAAdaptive Security ApplicanceCisco
ASAvAdaptive Security Virtual ApplicanceCisco
ASCIIAmerican Standard Code for Information Interchange
ASPActive Server Pages
ASRAggregation Service RoutersCisco
ATLActiveX® Library Template
ATMAsynchronous Transfer Mode
AXFRAsynchronous Full Transfer Zone
BASHBourne Again Shell
BDCBackup Domain Controller
BDMBusiness Development Manager
BFDBidirectional Forwarding Detection
BGPBorder Gateway Protocol
BINLBoot Information Negotiation Layer
BIOSBasic Input/Output System
BLOBBinary Large Object
BSDBerkeley Software Distribution
CACertification Authority
CALClient Access License
CDFSCompact Disk File System
CECustomer Edge Router
CICSCustomer Interface Control System
CIFSCommon Internet File System
CIM1. Common Information Model
2. Computer Information Model
CIPCommerce Interchange Pipeline
CLBComponent Load Balancing
CLSIDClass Identifier
CMOSComplementary Metal Oxide Semiconductor
COFFCommon Object File Format
COMComponent Object Model
COMAdminComponent Services Administration
CoPP
CORBACommon Object Request Broker Architecture
CPECustomer Premise Equipment
CRMCompensating Resource Manager
CSMICICS Mirror Transaction
CSRCloud Services RouterCisco
CSR-XCarrier Routing SystemCisco
cSRXJuniper
CTMCoordinating Transaction Manager
DACLDiscretionary Access Control List
DBDatabase
DBGDebug Format
DBMSDatabase Management System
DCOMDistributed Component Object Mode
DDF1. Distributed Database Facility
2. Data Decryption Field
DDLData Definition Language
DDM/DRDADistributed Data Management / Distributed Relational Data Access
DDNSDynamic Domain Name Service
DFSDistributed File System
DHCPDynamic Host Configuration Protocol
DHTMLDynamic HTML
DLLDynamic-link Library
DMIDesktop Management Interface
DMLData Manipulation/Modification Language
DMTF1. Distributed Management Task Force
2. Desktop Management Task Force
DNADistributed InterNet Applications
DNSDomain Name System
DPADemand Protocol Architecture
DPLDistributed Program Link
DRFData Recovery Field
DSADirectory System Agent
DSN1. Data Source Name
2. Domain Server Name
DTCDistributed Transaction Coordinator
DTDDocument Type Definition
DTSData Transformation Services
DVDDigital Video (or Versatile) Disk
EAP1. Extensible Authentication Protocol
2. Early Adopter Program
ECMAEuropean Computer Manufacturing Association
EDIElectronic Data Interchange
EFDEarly Fast Discard
EFSEncrypting File System (Windows 2000)
EGPExterior Gateway Protocol
EHLLAPIExtended HLLAPI
EIGRPEnhanced Interior Gateway Routing Protocol
ELSAElectronic Library Services and Applications
EPN
ERPEnterprise Resource Planning
EXJuniper
EXEExecutable File
FATFile Allocation Table
FEKFile Encryption Key
FPNWFile and Print Services for NetWare
FQDNFully Qualified Domain Name
FIBForward Information Base
FTPFile Transfer Protocol
GCGlobal Catalog
GDBGNU Debugger
GINAGraphical Identification and Authentication
GITGlobal Interface Table
GPEGroup Policy Editor
GPLGeneral Public License
GPOGroup Policy Object
GREGeneric Routing Encapsulation
GSNWGateway Services for NetWare
GSSCGlobal Solutions Support Center
GTMGo to Market
GUIGraphic User Interface
HAHigh Availability
HALHardware Abstraction Layer
HCLHardware Compatibility List
HIPHigh Impact Project
HKCUHKey_Current_User
HKLMHKey_Local_Machine
HLLAPIHigh Level Language Application Programming Interface
HSMHierarchical Storage Management
HTMLHypertext Markup Language
HTTPHypertext Transfer Protocol
IANAInternet Assigned Numbers Authority
IDE1. Integrated Development Environment
2. Integrated Drive Electronics
IDL1. Interface Description Language
2. Interface Definition Language
IDOCIntermediate Document
IEAKInternet Explorer Administrator Kit
IETFInternet Engineering Task Force
IGPInterior Gateway Protocol
IIDInterface Identifier
IISInternet Information Services (Internet Information Server)
IMEInput Method Editor
IMIX
IMSInformation Management System
IOSCisco
IOS XECisco
IOS XRCisco
IOS XRvCisco
IOS XRv 9000Cisco
IP1. Internet Protocol
2. Intellectual Property
IPCInterprocess Communication
IPFIX
IPSecInternet Protocol Security
IPXInternetwork Packet eXchange
IPv4Internet Protocol Version 4
IPv6Internet Protocol Version 6
IrDAInfrared Data Association
ISAMIndexed Sequential Access Method
ISISIntermediate System to Intermediate SystemJuniper
ISOInternational Organization for Standardization
ISVIndependent Software Vendor
ITILInformation Technology Infrastructure Library
ITSIncompatible Time-Sharing System
IXFRIncremental Transfer
IXPInternet Exchange Point
JDBCJava Data Base Connectivity
JITJust-in-Time
JMSJava Message Service
JNDIJava Naming and Directory Interface
JRMIJava Remote Method Invocation
JTACJuniper Technical Assistance CenterJuniper
JTSJava Transaction Service
JUNOSJunos Network Operating SystemJuniper
KCCKnowledge Consistency Checker
KDCKey Distribution Center
KVMKernel-based Virtual Machine
L2TPLayer 2 Tunneling Protocol
L2VPNLayer-2 Virtual Private Network
L3VPNLayer-3 Virtual Private Network
LANLocal Area Network
LCELoosely Coupled Events
LDAPLightweight Directory Access Protocol
LDPLabel Distribution Protocol
LISPList Processor
LORGLarge Organization
LPTSLocal Packet Transport Services
LSALocal Security Authority
LULogical Unit
LXCLinux Containers
MACMedia Access Control
MDACMicrosoft Data Access Components
MFIMultiprotocol Label Switching Forwarding Infrastructure
MGBL
MICRMagnetic Ink Character Recognition
MIMEMultipurpose Internet Mail Extensions
MLVMultilanguage Version
MMCMicrosoft Management Console
MOFManaged Object Format
MOMMicrosoft Operations Manager
MORGMedium-sized Organization
MP-BGPMultiprotocol Extensions for Border Gateway Protocol
MPLSMultiprotocol Label Switching
MQSMessage Queue Series
MROMaintenance Repair and Operations
MSCSMicrosoft Cluster Service
MSDE1. Microsoft Data Engine
2. Microsoft SQL Server 2000 Desktop Engine
MSFMicrosoft Solutions Framework
MSIMicrosoft Windows Installer
MSMQMessage Queuing
MSP1. Managed Service Provider
2. Messaging Service Provider
3. Message Security Protocol
MTAMulti-threaded Architecture
MTS1. Microsoft Transaction Server
2. Microsoft Technical Support
MVSMultiple Virtual System
NALNetWare Applications Launcher
NAVNet Asset Value
NCP1. Network Control Program
2. Network Control Protocol
3. NetWare Core Protocol
NCS
NDISNetwork Driver Interface Specification
NDPSNovell Distributed Print Services
NDSNetWare Directory Service
NFSNetwork File System
NFVNetwork Forward Virtualization
NGFNext Generation Firewall
NIC1. Network Interface Card
2. Network Adapter
3. Network Information Center
NISNetwork Information Service
NLBNetwork Load Balancing
NLSNational Language Support
NNTPNetwork News Transport Protocol
NTLMNT LAN-Manager
NTPNetwork Time Protocol
NTWNew Technology Workstation
NVTNetwork Virtual Terminal
OCROptical Character Recognition
OCX1. OLE Custom Control
2. OLE Control Extension
ODBCOpen Database Connectivity
OLAPOnline Analytical Processing
OLTPOnline Transaction Processing
OMGObject Management Group
OOObject Oriented
OOADObject Oriented Analysis and Design
OPPOrder Processing Pipeline
ORBObject Request Broker
OSOperating System
OSPFOpen Shortest Path First
OSTAOptical Storage Technology Association
OTMObject Transaction Middleware
PACPrivilege Attribute Certificate
PCLPrinter Control Language
PCMCIAPersonal Computer Memory Card International Association
PDCPrimary Domain Controller
PEProvider Edge
PECPrimary Enterprise Controller
PGProduct Group
PIE
PKPrimary Key
PKIPublic Key Infrastructure
PMIProject Management Institute
PnPPlug and Play
POS1. Programmable Option Select
2. Point of Sale
3. Point of Service
4. Packet Over Sonet
5. Persistent Object Server
POSIXPortable Operating System Interface
PPPPoint-to-Point Protocol
PPTPPoint to Point Tunneling Protocol
PSSProduct Support Services
PTMParticipating Transaction Manager
PTRPoint-in-Time Repair
PXEPre-boot Execution Environment
QCEQuality Customer Experience
QEMUQuick Emulator
QFEQuick Fix Engineering
QoSQuality of Service
QvPCQNAP virtualized Personal Computer
OTTOver-The-Top
RADIUSRemote Authentication Dial-In User Service
RAIDRedundant Array of Independent Disks
RASRemote Access Services
RDRoute Distinguisher
RDORemote Data Object
RDP1. Remote Display (or Desktop) Protocol
2. Reliable Datagram Protocol
RDSRemote Data Services
RFCRequest for Comment
RIBRouting Information Base
RID1. Relative Identifier
2. Record ID
RIPRouting Information Protocol
RISRemote Installation Services
RMResource Manager
ROLAPRelational Online Analytical Processing
RPCRemote Procedure Call
RPM
RR1. Resource Records
2. Route Reflector
RSMRemovable Storage Management
RSSRemote Storage
RTRoute Target
RTLRegister Transfer Language
RUPRoaming User Profile
SACLSystem Access-Control List
SAMSecurity Accounts Manager
SANStorage Area Network
SAS1. Secure Attention Sequence
2. Serial Attached SCSI
SCASecurity Configuration and Analysis
SCESecurity Configuration Editor
SCM1. Service Control Manager
2. Security Control Monitor
SCSISmall Computer System Interface
SCTSSecurity Configuration Toolset
SDSecurity Descriptor
SDI1. Secure Dial-In
2. Single Document Interface
3. Smart Database Interface
SDKSoftware Development Kit
SDNSoftware Defined Networking
SFUWindows Services for UNIX
SISystem Integrator
SIDSecurity Identifier
SISSingle Instance Store
SMBServer Message Block
SMSSystems Management Server
SMTPSimple Mail Transfer Protocol
SMU
SNASystems Network Architecture
SNMPSimple Network Management Protocol
SPStored Procedure
SPMShared Property Manager
SRSecure RouterCisco
SRMSecurity Reference Monitor
SRXJuniper
SSDSolid State Disk
SSLSecure Socket Layer
SSOSingle Sign-on
SSPISecurity Support Provider Interface
SVIDSystem V Interface Definition
SAASystem Application Architecture
TACTechnical Assistance CenterCisco
TCETightly Coupled Events System
TCOTotal Cost of Ownership
TCP/IPTransmission Control Protocol/Internet Protocol
TCTTerminal Control Table
TFTPTrivial File Transfer Protocol
TGSTicket-Granting Service
TGT1. Transaction Group Type
2. Ticket Granting Ticket
3. Target Tracker
TIPTransaction Internet Protocol
TLBType Library
TLSThread Local Storage
TMTransaction Manager
TPTransaction Program
TPDTransactions Per Day
TPHTransactions Per Hour
TPMTransactions Per Minute
TPSTransactions Per Second
TSATarget Service Agent
TTLTime to Live
UCS1. User Coordinate System
2. Universal Character Set
3. Unicode Conversion Support
4. Unified Communication Server
UDF1. Universal Disk Format
2. User-defined function
3. Uniqueness Database File
UDPUser Datagram Protocol
UIUser Interface
UML1. Unified Modeling Language
2. Universal Markup Language
UNCUniversal Naming Convention
UPNUser Principal Name
URLUniform Resource Locator
uRPF
USBUniversal Serial Bus
USMTUser State Migration Tool
USNUpdate Sequence Numbers
UTFUnicode Transformation Format
VANValue Added Network
vCenterVMware
vCPEVirtual Customer Premise Equipment
vESACisco
VMVirtual Machine
vNAMCisco
VNF
vPEVirtual Provider Edge
VPNVirtual Private Network
VRFVirtual Private Network Routing and Forwarding Instance
vRRVirtualized Route Reflector
VRRP
vSphereVMware
vSRXJuniper
vWLC
vWSA
vWAAS
VxDVirtual Device Driver
WANWide Area Network
WBEMWeb-based Enterprise Management
WDMWin32 Driver Model
WFPWindows File Protection
WHQLWindows Hardware Quality Lab
WINSWindows Internet Name Service
WMIWindows Management Instrumentation
WQLWMI Query Language
WRED
WSHWindows Script Host
XAExtended Architecture
XDRExternal Data Representation
XMLExtensible Markup Language
XML TIXML Transaction Integration
XSLExtensible Style Language
XSLTExtensible Stylesheet Language Transformations
Yang
ZAWZero Administration for Windows

Sources (amongst each other):

Illegitimate Source IPs At IXPs – Franziska Lichtblau

Talk on Ripe.net: https://ripe73.ripe.net/archives/video/1457/

Presentation file: Franziska Lichtblau: Illegitimate Source IP Addresses at Internet Exchange Points (PDF)

Interesting talk to watch… A thing or two to think about in the current internet when remembering the year Pakistan hijacked YouTube. [1] [2]

[1] http://research.dyn.com/2008/02/pakistan-hijacks-youtube-1/

[2] https://www.ripe.net/publications/news/industry-developments/youtube-hijacking-a-ripe-ncc-ris-case-study