Hi!
I can't get Wireguard to start with the config file from my VPN provider "Integrity VPN".
I have tried a variety of settings in my Mikrotik x86 but could not get Wireguard to connect.
The following text is in the config file that I received from the VPN provider.
-------------------------------------------------
[Interface]
PrivateKey = *****secret*****
dns = 2001:9b1:8826::53, 2001:9b0:4:53, 98.128.186.86, 155.4.89.136
Address = 10.0.245.27/24,fdab1337:245::27/64

[Peer]
PublicKey = *****secret*****
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = wireguard.5july.net:48575
-------------------------------------------------
Please help me!!
rgds
/R

Can you share this info (just remove the keys and public IP):

Not enough,
/export file=anynameyouwish ( minus router serial number, any public WANIP information, keys etc.)

Plus.
What are the requirements for wireguard traffic, one user, a whole subnet etc......

@anav , while we there. (sorry as i didn't open separate topic)

can you please tell me in which cases can i use the option Responder

I need your e.g. dw about wiki.

Hi nichky, Sorry does not compute LOL.
I dont recall every writing about "responder" ?
What is the context and what is the requirement?

To me it is strange to see portnumbers in the DNS line.

@anav,

do u know what i'm asking about?

Also i've noticed that with BTH , Responder is enabled by default.

Responder is a new option for peers introduced in 7.15. Turn it on for a peer if the router will not be the one who initiates a WireGuard connection with the peer (router only listens for incoming connections)

https://help.mikrotik.com/docs/display/ ... uard-Peers

is-responder (yes | no; Default: no)

Specifies if peer is intended to be connection initiator or only responder. Should be used on WireGuard devices that are used as "servers" for other devices as clients to connect to. Otherwise router will all repeatedly try to connect "endpoint-address" or "current-endpoint-address" causing unnecessary system logs to be written.

@CGGXANNX

That is reminding me to IPsec--> passive mode.
But back to WG. How about on the WG_Server if i didn't specify the Endpoint (usually set up), is that the seme thing?

Than what is purpose of Responder?

@CGGXANNX

That is reminding me to IPsec--> passive mode.
But back to WG. How about on the WG_Server if i didn't specify the Endpoint (usually set up), is that the seme thing?

Than what is purpose of Responder?

In v7.14 this change was made to WG in RouterOS:

*) wireguard - optimised and improved WireGuard service logging;

That resulted in excessive log messages, as you can read from the 7.14 release thread viewtopic.php?t=205097#p1059453, when RouterOS tries to send handshake packets and the remote peer is no longer available. It did that before 7.14 but the error was not logged so nobody noticed. As you can read from the documentation quote above, you don't have to explicitly specify the endpoint address and port for RouterOS to initiate the handshake. If a connection was previously established, the current-endpoint-address and current-endpoint-port will have non-empty values and will be used for the handshake.

Now in 7.15 you can enable the "Responder" option and handshake will no longer be initiated by the router.