I'm happy to tell you that I solved this problem. Actually I have nothing wrong in the configuration of MT, the cause of the problem is that in the port group of ESXI, promiscuous mode needs to be turned on, I don't understand why this setting is needed, I use VRRP with Ubuntu with OpenWrt, without...

(1) Why is dns server set at 192.168.0.2 for dhcp settings ??? ( vice the standard 192.168.0.1 ) ? (2) The input chain rules can be modified but are not your problem recommend... /ip firewall filter add action=accept chain=input comment=\ "defconf: accept established,related,untracked" co...

The gateway address of your nas(192.168.0.2) is not ROS, right? There are two gateways in your lan network, so this problem arises. There are actually two solutions, None of these solutions are perfect, but they can solve your problem. 1. Ros dst-nat to your other gateway, your other gateway dst-nat...

This is a duplicate question, I've searched other posts before I asked, but didn't find any solution. Actually I'm using VRRP in MT, but when VRRP status changes to Master, I can't ping VIP, am I doing something wrong? 1.jpg I use AdGuard as a DNS server in ubuntu. In order to prevent abnormalities ...

I'm in a very similar situation, but still no solution.

Tip: No need to type "TRACERT.EXE" each time... you can just use "tracert"

Thanks for your advice

I'm using WireGuard to connect MT, I can't access Ubuntu (192.168.2.3) in Lan, but I can access Nas in Lan. I try to use Ping ubuntu in MT and it works fine. I think it's the same problem as mine, but it's not fixed. https://forum.mikrotik.com/viewtopic.php?p=1007978&hilit=wireguard+Lan#p1007978...

(1) You do not need to create a route for wireguard on the router. ( Get rid of the one you made ) When you add the ip address add address=10.0.2.1/24 interface=wireguard1 network=10.0.2.0 this automatically creates a route for you. <dac> dst-address=10.0.2.0/24 gateway=wireguard1 routing-table=mai...

Wouldnt this work and avoids marking/mangling.... Firewall rule/ routing table/ ip route / routing rules /ip firewall filter add action=forward chain=accept in-interface=wirequard dst-address= 192.168.2.2 /routing table add fib name=useOP /ip route add dst=0.0.0.0./0 gwy=192.168.2.4 table=useOP /ro...

I think the VPN protocol is different. Commonly used VPN protocols such as ipsec are easily detected by gfw and block traffic. I understand. I guess I live in the same country as you. If you want to avoid censorship, you can consider deploying your own vps node with a more advanced xray protocol. I...

What is your purpose? I am somewhat dizzy after looking at your topology. If openwrt is for client bypass routing service, you can use ip dhcp-server option code 3 & 6 to distribute gateway and dns. If you are accessing internal lan-side services externally, you already have esxi, so it is more...

What is so special about openwrt that the traffic needs to go from wireguard through MT router and then not directly to WAN? I dont get it? What is is that the MT router cannot do?? I think the VPN protocol is different. Commonly used VPN protocols such as ipsec are easily detected by gfw and block...

Why do you send wg to openwrt??? what is GFW??? Are the users coming into the router via WG and then NOT going out the local WAN but out a remote WAN via an openwrt tunnel ???? Sent to openwrt to let openwrt handle traffic, I use open clash in openwrt to provide me with VPN function, let me pass GF...

(1) Are you accessing internet of network from wireguard clients or just subnets and the router/devices for config purposes? (2) Why are you marking wireguard traffic? (3) Why are your source nat rules SO OBTUSE. and I dont even see a default rule??? (4) Are you attempting to run your own DNS serve...

Because I deal only in home networks, I need simple talk. Is the problem that you cannot get your wireguard users 'pad/notebook' to use the local DNS server at device .2.3 ?? Aka what is the problem in clearer terms It can use 2.3 as a dns server, but the query record shows that the ip is from 2.1 ...

An internal DNS server is being used by my peer. The masquerade for the LAN interface in NAT was stopped because the query logs all contain the IP address of ROS . Thank you for your reply, I also try to stop LAN To LAN masquerade in NAT, but after I stop masquerade, my peer will not be able to vis...

Provide a network diagram to help describe.

Thanks for your reply, I have provided the network diagram

My peered is using an internal DNS server. However, the query logs all indicate the ip address of ROS, and I canceled the masquerade for the LAN interface in NAT. After that I couldn't access the LAN through Wireguard. I traced via tracert and it only traced to the Wireguard address and then the req...

I have the same problem, but I want to get the ip of WireGuard Peer in home network, when I change masquerade in NAT, I can't access Lan network. Can i get any advice? Thanks