First post in this community, hope you guys can help out.
I've been trying to make a dynamic WG connection between 2 sites, both of them using a ddns address.
Site A has an EdgeRouter and is the current WG server (public IP under ddns.net)
Site B has a Mikrotik and is the one to connect to WG as as client (public IP under duckdns.org)
So far I was able to get a handshake but unfortunately I'm not able to get any traffic from the Mikrotik via the WG tunnel
Can you guys help to identify the issue?
EdgeRouter config (server)
Public IP under xxx.ddns.net
Wireguard interface: 10.6.69.1
Listening port: 51280
Peer: mikrotik
Allowed IP: 10.6.69.6/32
endpoint: xxx.duckdns.org:13231
Mikrotik config (client)
Public IP under xxx.duckdns.org
Code: Select all
/interface wireguard
add listen-port=13231 mtu=1420 name=WG-CasaPollo
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1_WAN list=WAN
add interface=WG-CasaPollo list=WAN
/interface wireguard peers
add allowed-address=0.0.0.0/0 client-address=10.6.69.6/24 client-dns=\
1.1.1.1,8.8.8.8 client-endpoint=xxx.duckdns.org client-listen-port=\
13231 endpoint-address=xxx.ddns.net endpoint-port=51280 interface=\
WG-CasaPollo persistent-keepalive=25s public-key=\
"xxx"
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
192.168.88.0
add address=10.6.69.6/24 interface=WG-CasaPollo network=10.6.69.0
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=10.0.0.2 gateway=\
192.168.88.1
/ip firewall filter
add action=fasttrack-connection chain=forward comment="from the network berg" \
connection-state=established,related hw-offload=yes
add action=accept chain=forward comment="from the network berg" \
connection-state=established,related
add action=accept chain=input comment="WG-casapollo (Mikrotik guides)" \
dst-port=13231 protocol=udp src-port=""
add action=drop chain=forward comment="from the network berg" \
connection-state=invalid
add action=drop chain=forward comment="from the network berg" \
connection-nat-state=!dstnat connection-state=new in-interface=ether1_WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN