Import Routes on MikroTik via .rsc Script

MikroTik RouterOS can import .rsc script files containing native routing commands — and NetRoute Pro generates that format directly. Just download the script, upload it to the router, and import it in the terminal. No manual entry, no copy-pasting dozens of commands.

Prerequisites

MikroTik router running RouterOS 6.x or 7.x
A configured VPN tunnel (WireGuard, OpenVPN, IPsec, L2TP, or any other protocol supported by RouterOS)
NetRoute Pro Chrome extension installed
Access to the router via WinBox, WebFig, or SSH

Step 1. Generate a .rsc file in NetRoute Pro

Open the target website in Chrome
Click the NetRoute Pro icon in your extensions
Select the MikroTik platform
Set the gateway to your VPN interface gateway (e.g. 10.0.0.1) — unlike Keenetic, MikroTik does use this value when installing the route
Choose aggregation mask (recommended /24)
Click Analyze Website
Download the result as a .rsc file

Tip: enable RIPE BGP optimization in the extension — it replaces individual IPs with real announced BGP prefixes. This gives stable routes that don't break when Cloudflare, Fastly, or other CDNs rotate IPs.

Step 2. Upload the file to MikroTik

There are two common ways to get the .rsc file onto the router:

WinBox / WebFig: open the Files section and drag and drop the .rsc file into the file list
SCP from your machine:
```
scp routes.rsc admin@192.168.88.1:/
```

Step 3. Import the script in the terminal

Open Terminal in WinBox (or connect via SSH) and run:

/import file-name=routes.rsc

All commands from the file execute sequentially. Routes are applied instantly — usually within a second even for hundreds of entries.

A generated .rsc file looks like this:

/ip route add dst-address=104.21.32.0/24 gateway=10.0.0.1
/ip route add dst-address=172.67.182.0/24 gateway=10.0.0.1

Why this is convenient: /import is a native RouterOS mechanism — it respects your existing configuration, logs every action, and rolls back cleanly on syntax errors. No third-party scripts or packages required.

Alternative: Address Lists + Routing Rules

For more flexible, policy-based routing, you can push the IP set into a firewall address list and apply a routing rule against it instead of installing individual static routes:

Generate the script with NetRoute Pro, then edit the .rsc so each line uses the address-list form:

/ip firewall address-list add list=vpn-routes address=104.21.32.0/24
/ip firewall address-list add list=vpn-routes address=172.67.182.0/24

Add a routing rule that sends traffic matched against the list into a dedicated routing table:
```
/ip route rule add src-address-list=vpn-routes action=lookup table=vpn
```
Populate the vpn table with a default route through your VPN gateway

This pattern keeps the main routing table clean and scales well across hundreds of prefixes.

Alternative: WireGuard AllowedIPs

If your VPN is WireGuard, you can skip static routes entirely and push the subnets into the peer's AllowedIPs:

In NetRoute Pro, select the WireGuard platform
Copy the AllowedIPs string

Apply it on MikroTik:

/interface/wireguard/peers/set [find] allowed-address=...

Verify

After import, check that the routes are in the table:

/ip route print where dst-address~"104.21"

From a LAN client, confirm the traffic goes through the VPN:

tracert example.com     # Windows
traceroute example.com  # Linux/macOS

The first hops should go through your VPN gateway.

Common issues

Import fails with a syntax error

Most often this means the .rsc wasn't downloaded completely, or the browser saved an HTML error page under the .rsc extension. Open the file in a text editor — every line should start with /ip route add (or another RouterOS command). Re-download if needed.

Routes added but traffic doesn't route through VPN

Check NAT/masquerade on the VPN interface: /ip firewall nat print
Verify the VPN interface is up and running: /interface print
Make sure no firewall rule drops the outgoing traffic

Website IP changed — route stopped working

CDNs rotate IPs periodically. Regenerate the .rsc in NetRoute Pro with RIPE BGP optimization enabled — it substitutes announced BGP prefixes that cover all provider IPs and stay stable over time.

Too many routes

MikroTik handles thousands of static routes without issues on any modern hardware. If your route table grows to tens of thousands, consider the WireGuard AllowedIPs approach or BGP (see below) instead.

For advanced users: BGP

At very large scale, run BGP peering with a route server and import prefixes dynamically rather than managing static routes. This is out of scope for this guide, but RouterOS has full BGP support built in.

References

Ready to try?

NetRoute Pro — a free Chrome extension to generate routes from any website.

Install Extension