- Mikrotik hap AC^2
- Wireguard installed, Mikrotik has wg IP 174.16.0.1
- IP address pool 174.16.0.0/24
- Peers could comunicate with each other but when I try to open Winbox (174.16.0.1) got connection refused
Sounds like your firewall is blocking this traffic (which it should). Have you added the Wireguard interface to the LAN Interface List? Assuming you are using this Interface List in the firewall?
Otherwise, please share your config:
/export file=anynameyoulike
Remove serial and any other private information.
@zhouck, I’m just guessing here, but make sure you’ve added the Wireguard network interface to: Interfaces > Interface List > LAN
Yeah, adding to interface list LAN fix the issue. Am I introducing any security issue with such solution? Why Wireguard not added to LAN by default?
Your config is wrong, a reasonable request to post it has been ignored.
That depends. Do you want all Wireguard peers to be able to connect to your router?
Why Wireguard not added to LAN by default?
Well…because that would be a very stupid default.
Concur, there are many instances where wireguard is to a third party server and in that case it makes more sense for WG to part of the WAN interface list, and thus the default masquerade rule covers local subnet to wireguard traffic.