Community discussions

MikroTik App
  4. RouterOS
  5. General

Wireguard no handshake  [SOLVED]

Post Reply
 
Poseidonhun
just joined
Topic Author
Posts: 2
Joined: Fri May 03, 2024 4:25 pm

Wireguard no handshake

Sat May 04, 2024 8:27 pm

Hello everyone,

I'm writing to here because I searched for my problem in this forum but I couldn't find the solution.

My problem is I want to use Wireguard on my LTE-AP kit router but when I try to connect the handshake packets haven't reached the router. I have tried both windows(with another wifi) and ios(with another mobile carrier) to connect but nothing reaches the router. I'm using DDNS from mikrotik. What confuses me a bit is that I can use the option "use-local-address=yes" then I can get the IP that is shown on quickset, but when I uncheck it I get a different IP, this must be related to the modem. But what is my real public IP? What does quickset show, is that?

What I have tried so far:
-DDNS with local address option and without
-Monitoring the lte1 and wireguard with torch, but not even a single packet does show
-Playing with NAT, firewall settings
-Changing MTU decrease, increase both on router and client together

I have attached the export of the config, and also here is the windows client config
Code: Select all
[Interface]
PrivateKey = *****our generated private key********
Address = 10.100.100.2/24

[Peer]
PublicKey = *****public key of the router*******
AllowedIPs = 0.0.0.0/0
Endpoint = router_address:51320
Please help me to find out whats my problem. What else could be?
Thanks
You do not have the required permissions to view the files attached to this post.
Top
 
CGGXANNX
Member Candidate
Member Candidate
Posts: 135
Joined: Thu Dec 21, 2023 6:45 pm

Re: Wireguard no handshake  [SOLVED]

Sat May 04, 2024 8:50 pm

Your provider probably uses CGNAT. On the IP -> Cloud window, do you see this on the status bar?

cgnat.png

If yes, then that's CGNAT. It's understandable because most mobile networks now no longer have enough IPv4 addresses for all their subscribers. Nowadays, IPv6 should be well supported by mobile networks. You can use IPv6 for the WireGuard connection instead. But you might have to setup IPv6 on your device first, if you currently don't see any IPv6 address listed in the IP -> Cloud window (if that's the case, you need to do the usual IPv6 configuration: DHCPv6 Client -> IPv6 pool -> Get prefix from pool to assign to the bridge interface -> open port 13231 UDP chain input on the IPv6 firewall filter table, for the LAN devices to have working IPv6, IPv6 ND must also be configured). If there is already an IPv6 address listed on the IP -> Cloud window, then you only need to open port 13231 UDP on your IPv6 firewall.
You do not have the required permissions to view the files attached to this post.
Top
 
Poseidonhun
just joined
Topic Author
Posts: 2
Joined: Fri May 03, 2024 4:25 pm

Re: Wireguard no handshake

Mon May 06, 2024 9:24 am

Thanks for your reply, yes you were right the CGNAT was my problem. Unfortunately the ipv6 enabled wireguard is not an option for me. I asked my internet cable provider to put me out of form NAT, and this means I only have ipv4 address. This was new to me that, the mobile operators are now using CGNAT only connection.

What I have tried and work, I changed the original plan. I was set up the MT router as a client and the server is now sitting on my cable internet which is accessible. I would be happier if the MT was the server, but I see no chance on ipv4.
Top
Post Reply

Who is online

Users browsing this forum: Amazon [Bot], clambert, ColinM9991, Fogga, Google [Bot], kleshki, sindy and 34 guests
  4. RouterOS
  5. General