Page 1 of 1
Access to Mikrotik from wireguard peer
Posted: Mon Jun 17, 2024 12:39 pm
by zhouck
1. Mikrotik hap AC^2
2. Wireguard installed, Mikrotik has wg IP 174.16.0.1
3. IP address pool 174.16.0.0/24
4. Peers could comunicate with each other but when I try to open Winbox (174.16.0.1) got connection refused
Re: Access to Mikrotik from wireguard peer
Posted: Mon Jun 17, 2024 1:05 pm
by erlinden
Sounds like your firewall is blocking this traffic (which it should). Have you added the Wireguard interface to the LAN Interface List? Assuming you are using this Interface List in the firewall?
Otherwise, please share your config:
/export file=anynameyoulike
Remove serial and any other private information.
Re: Access to Mikrotik from wireguard peer
Posted: Mon Jun 17, 2024 1:31 pm
by Larsa
@zhouck, I'm just guessing here, but make sure you've added the Wireguard network interface to: Interfaces > Interface List > LAN
Re: Access to Mikrotik from wireguard peer
Posted: Mon Jun 17, 2024 2:11 pm
by zhouck
Yeah, adding to interface list LAN fix the issue. Am I introducing any security issue with such solution? Why Wireguard not added to LAN by default?
Re: Access to Mikrotik from wireguard peer
Posted: Mon Jun 17, 2024 2:19 pm
by anav
Your config is wrong, a reasonable request to post it has been ignored.
Re: Access to Mikrotik from wireguard peer
Posted: Mon Jun 17, 2024 2:35 pm
by erlinden
Am I introducing any security issue with such solution?
That depends. Do you want all Wireguard peers to be able to connect to your router?
Why Wireguard not added to LAN by default?
Well...because that would be a very stupid default.
Re: Access to Mikrotik from wireguard peer
Posted: Mon Jun 17, 2024 2:46 pm
by anav
Concur, there are many instances where wireguard is to a third party server and in that case it makes more sense for WG to part of the WAN interface list, and thus the default masquerade rule covers local subnet to wireguard traffic.