MikroTik

Community discussions
https://forum.mikrotik.com/

Site to site with Wireguard

https://forum.mikrotik.com/viewtopic.php?t=193988

Page 1 of 1

Site to site with Wireguard

Posted: Mon Feb 27, 2023 11:11 am
by Datanav
Has anyone been able to implement wireguard for site to site VPN. I have done my config as per the blog post https://grzegorzkowalik.com/konfiguracj ... e-to-site/ and honestly it does not connect. Also followed the video post on youtube https://youtu.be/P6f8Qc4EItc but still my routers do not connect. Both have static IP but still no traffic inbetween. Have allowed the necessary firewall filters(udp port 13231) on both ends plus have added static routes for the interfaces.

Code for Site A:
Code: Select all
# feb/24/2023 09:27:48 by RouterOS 7.7
# software id = MXWL-FJNR
#
# model = RB951Ui-2HnD
# serial number = xxxxxx
/interface wireguard
add listen-port=13231 mtu=1420 name=WG-Rongai
/interface wireguard peers
add allowed-address=0.0.0.0/0 endpoint-address=41.72.208.126 endpoint-port=\
    13231 interface=WG-Rongai public-key=\
    "UlMiz3f9oz97OS/M6DaAfibhp0wbtrrjLs4rSLBhDiA="


Config for Site B
Code: Select all
# feb/27/2023 12:06:25 by RouterOS 7.7
# software id = 0AFC-HK9B
#
# model = RB2011UiAS-2HnD
# serial number = xxxxxxx
/interface wireguard
add listen-port=13231 mtu=1420 name=WG-PRD
/interface wireguard peers
add allowed-address=0.0.0.0/0 endpoint-address=102.215.189.11 endpoint-port=13231 interface=WG-PRD public-key=\
    "+YvP+o0REkrCVLCiXdypp+q/uL7b82YzoSq0iedX9mU=
Thanks.

Re: Site to site with Wireguard

Posted: Mon Feb 27, 2023 2:36 pm
by anav
You have to be kidding me! Why not go to hell and listen to satan for advice........... ( do you think we have time chasing you tube LOL , kills me when people post those links, the evidence is in your config and the important information is your stated user requirements. )

All jesting aside..................
How the Eff will anyone be able to solve the issues with seeing your small bit of wireguard config?
Further if you think the problem is there, then you must know what the problem is...............

So Strike 1 - consulted idiots
Strike 2 - think you know where the problem is and thus why here lol

So as to not strike out....... the usual requests.
Please export both configs

/export file=anynameyouwish ( minus router serial number and any public WANIP information, keys etc.

Please provide a network diagram indicate key subnets and which is client and which is server for initial handshake.

By the way this is the first time I have seen both ends of a wireguard connection from two routers, with 0.0.0.0/0 set as allowed IPs.
Thus also need the requirements as in, what do you need users to do at both router vis-a-vis the wireguard tunnel.
All times are UTC+02:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/