I'm not great with networking stuff, but I'm trying to set up routing. I need to send one machine (192.168.88.195) on our local network through a VPN to get online. The VPN server is in a specific region. Here's a simple diagram to help explain.
I've set up a wireguard connection, and it's working fine. I can ping back and forth between the router and the peer without any issues. I can also ping any machine in the router's local network as well as the wireguard private network. I've even tested connecting directly to the peer (VPN server) from another laptop on a different network using the same settings, and the VPN works perfectly.
However, I'm encountering a problem. After configuring everything, it seems like the machine at 192.168.88.195 is stuck in a loop on the router. All the established connections (like SSH, for example) are still reachable, but any new connections seem to get stuck. I can't reach any remote destinations, and even local connections aren't working properly.. some example:
Code: Select all
traceroute: sendto: Can't assign requested address
64 traceroute: wrote 8.8.8.8 52 chars, ret=-1
*traceroute: sendto: Can't assign requested address
traceroute: wrote 8.8.8.8 52 chars, ret=-1
*traceroute: sendto: Can't assign requested address
traceroute: wrote 8.8.8.8 52 chars, ret=-1
here is my wireguard configuration
Code: Select all
/interface/wireguard print detail
Flags: X - disabled; R - running
0 R name="evergate" mtu=1420 listen-port=13233 private-key="****" public-key="****"
Code: Select all
/interface/wireguard/peers/print detail
Flags: X - disabled; D - dynamic
0 ;;; gate
interface=evergate public-key="****" private-key=**** endpoint-address="" endpoint-port=0 current-endpoint-address=199.34.230.84
current-endpoint-port=57023 allowed-address=0.0.0.0/0 preshared-key=**** persistent-keepalive=25s client-address=10.1.102.2/32 client-dns=10.1.102.1 client-endpoint=public.domain.com
client-keepalive=25s rx=597.0KiB tx=1029.9KiB last-handshake=16s
Code: Select all
/ip/firewall/nat/print detail
Flags: X - disabled, I - invalid; D - dynamic
0 ;;; defconf: masquerade
chain=srcnat action=masquerade out-interface-list=WAN ipsec-policy=out,none
1 chain=srcnat action=masquerade connection-mark=specific_conn out-interface=evergate
Code: Select all
/ip/firewall/mangle/print detail
Flags: X - disabled, I - invalid; D - dynamic
0 D ;;; special dummy rule to show fasttrack counters
chain=prerouting action=passthrough
1 D ;;; special dummy rule to show fasttrack counters
chain=forward action=passthrough
2 D ;;; special dummy rule to show fasttrack counters
chain=postrouting action=passthrough
3 chain=prerouting action=mark-connection new-connection-mark=specific_conn src-address=192.168.88.195
4 chain=prerouting action=mark-routing new-routing-mark=specific_route connection-mark=specific_conn
Code: Select all
/ip/route/print detail
Flags: D - dynamic; X - disabled, I - inactive, A - active; c - connect, s - static, r - rip, b - bgp, o - ospf, i - is-is, d - dhcp, v - vpn, m - modem, y - bgp-mpls-vpn; H - hw-offloaded; + - ecmp
DAv dst-address=0.0.0.0/0 routing-table=main pref-src="" gateway=pppoe immediate-gw=pppoe distance=1 scope=30 target-scope=10 vrf-interface=pppoe suppress-hw-offload=no
DAc dst-address=10.1.102.0/24 routing-table=main gateway=evergate immediate-gw=evergate distance=0 scope=10 suppress-hw-offload=no local-address=10.1.102.1%evergate
DAc dst-address=183.38.252.335/32 routing-table=main gateway=pppoe immediate-gw=pppoe distance=0 scope=10 suppress-hw-offload=no local-address=178.34.12.16%pppoe
DAc dst-address=192.168.88.0/24 routing-table=main gateway=bridge immediate-gw=bridge distance=0 scope=10 suppress-hw-offload=no local-address=192.168.88.1%bridge
0 As dst-address=0.0.0.0/0 routing-table=specific_route pref-src="" gateway=10.1.102.2 immediate-gw=10.1.102.2%evergate distance=1 scope=30 target-scope=10 suppress-hw-offload=no
Code: Select all
/routing/table/print detail
Flags: D - dynamic; X - disabled, I - invalid; U - used
0 D name="main" fib
1 name="specific_route" fib