It seems that with responder setting enabled RouterOS won’t even try connecting to peer as stated in changelog and validated by sniffing traffic.
But for me docs are misleading, because my wireguard VPS peer is server with public IP address and is waiting for mikrotik peers to initiate connections, because both rb5009 and cAP-ax are behind nat.
Could we get clarification regarding this setting?
Specifies if peer is intended to be connection initiator or only responder. Should be used on WireGuard devices that are used as “servers” for other devices as clients to connect to. Otherwise router will all repeatedly try to connect “endpoint-address” or “current-endpoint-address”.
If your MikroTik device is serving as server (receiving connections) it should be set to Yes (if your VPS was running RouterOS, you should set it to Yes). If your MikroTik device is acting as “client” (whereas client is not the best word, but that is your situation) the responder setting should be set to No. It is supposed to initiate the connection with your public available Wireguard server.
The responder checkbox as stated in previous post is ONLY to be used by the router if it is the SERVER for handshake.
It tells the router that if connection is interrupted and lost with the client dont keep attempting to reach the client…
a. ensure responder checkbox is not used
b. ensure you have a persistent-keep-alive set on your wireguard peer settings on the router for VPS peer.