Hello, I have two offices connected by wireguard via WAN 1. Recently, I added a second backup connection to each location.
Is it possible to achieve high availability on Mikrotik to create 4 connections? so that each link has 2 peers? I will put a dynamic routing protocol on top of everything and this would ensure high availability. The question is whether it is possible to create such routing policies that each peer enters and exits through the appropriate connection.
WANGUARD DUAL WAN HA
You do not have the required permissions to view the files attached to this post.
Re: WANGUARD DUAL WAN HA
I've done it myself so there should be no problem at all using OSPF and optional BFD for fast failover.
Another option is to use ZeroTier which automatically utilizes all available links and also enables easy access from mobile devices, home offices, etc.
Another option is to use ZeroTier which automatically utilizes all available links and also enables easy access from mobile devices, home offices, etc.
Re: WANGUARD DUAL WAN HA
thanks for the answer. How did you go about configuring routing policies for multiple vans? I have set incoming connection marking and routing marking for the appropriate WAN link, but it does not work for wireguard because during the handshake, the peer that responds to the query sends traffic through the default gateway.
Re: WANGUARD DUAL WAN HA
Concur sounds like an OSPF+BDF exercise to detect drops and to direct traffic to remaining connection.
Not having used zerotier that may be much easier,,,,,albeit through third party technically.
Not having used zerotier that may be much easier,,,,,albeit through third party technically.
Re: WANGUARD DUAL WAN HA
thanks for the answer. How did you go about configuring routing policies for multiple vans? I have set incoming connection marking and routing marking for the appropriate WAN link, but it does not work for wireguard because during the handshake, the peer that responds to the query sends traffic through the default gateway.
Yeah, the WireGuard implementation is flawed,so you need to force the reply back to the originating WAN interface by using policy routing, i.e., create a separate routing table, e.g., "ether2", add a default gateway for the WAN interface to the new routing table, and lastly, add a routing rule like add src-address=WAN-IP table=ether2 action=lookup.
EDIT: btw, you can skip the mangeling stuff since you only have to use policy routing to make WireGuard work in a dual wan environment.