Community discussions

MikroTik App
  4. RouterOS
  5. General

WireGuard : I am missing something

Post Reply
 
DejanAgain
just joined
Topic Author
Posts: 11
Joined: Fri May 10, 2019 12:01 am

WireGuard : I am missing something

Wed Jul 17, 2024 7:47 pm

I have weird problem with WireGuard. As I am not posting configuration I guess I should explain status, just need idea what may be missing.

Network 172.18.111.0/24 is unattended, if I play to simplify something for example here I may lost access, that for need to be careful.

I do have two L2TP tunnels (two just as backup because both IP are dynamic)
Also, have created WireGuard to improve performance and this is working with one only problem :

Router 1 :
172.18.111.1/24

Router 2 :
172.18.127.1/24

when L2TP is disabled and WireGuard is active everything is working ok except routers itself.

172.18.127.5 <-> 172.18.111.5 works fine
172.18.127.1 -> anything in 172.18.111.0/24 is not working
172.18.111.1 -> anything in 172.18.127.0/24 is not working

For testing purpose I have created lots of accept rules on both side, input/output/forward, even rules with no sense, but this is just not working from router itself.

I CAN connect from 172.18.127.55 to 172.18.111.1 (ping or winbox)
I just can not initiate connection from any of routers to another network and this is important because of dns forwarding and netwatch.


Any idea what may be wrong ?

Following exists on both side, again, 172.18.127.<anything but 1> is working with 172.18.111.<anything but 1>
(I know few of them make no sense, just testing)

/ip firewall filter
add action=accept chain=input dst-address=172.18.127.0/24 src-address=172.18.111.0/24
add action=accept chain=forward dst-address=172.18.127.0/24 src-address=172.18.111.0/24
add action=accept chain=input dst-address=172.18.111.0/24 src-address=172.18.127.0/24
add action=accept chain=forward dst-address=172.18.111.0/24 src-address=172.18.127.0/24
add action=accept chain=input dst-address=172.18.127.1 src-address=172.18.111.1
add action=accept chain=forward dst-address=172.18.127.1 src-address=172.18.111.1
add action=accept chain=output dst-address=172.18.127.1 src-address=172.18.111.1
add action=accept chain=input dst-address=172.18.111.1 src-address=172.18.127.1
add action=accept chain=forward dst-address=172.18.111.1 src-address=172.18.127.1
add action=accept chain=output dst-address=172.18.111.1 src-address=172.18.127.1
add action=accept chain=input in-interface=WireGuardStgoBgd
add action=accept chain=output out-interface=WireGuardStgoBgd
add action=accept chain=forward in-interface=WireGuardStgoBgd
add action=accept chain=forward out-interface=WireGuardStgoBgd
Top
Post Reply
  4. RouterOS
  5. General