Hello Mate,
Hope you are doing well.
I enabled the BTH VPN server and configured WireGuard VPN on the same Mikrotik Router. When I connect to any public WiFi, the BTH VPN tunnel connects on public WiFi and works fine, but when I try to connect the normal WireGuard tunnel on the same Mikrotik, it does not connect.
Please help
Regards
BTH is using a proxy service.
So likely this is either of three options:
But as there’s no config there’s not much we can look at.
I also have a WireGuard server on CHR. CHR WireGuard is also not working on this Public WiFi.
Let me share the Configuration: CHR
\
/interface ethernet
set [ find default-name=ether1 ] disable-running-check=no name=ether1_WAN
set [ find default-name=ether2 ] disable-running-check=no disabled=yes name=
ether2_LAN
/interface wireguard
add listen-port=13231 mtu=1420 name=wireguard-server
add listen-port=23411 mtu=1420 name=wireguard10-chr
add listen-port=23412 mtu=1420 name=wireguard20-chr
add listen-port=23413 mtu=1420 name=wireguard30-chr
add listen-port=23414 mtu=1420 name=wireguard40-chr
add listen-port=23415 mtu=1420 name=wireguard50-chr
add listen-port=23416 mtu=1420 name=wireguard60-chr
/interface veth
add address=172.16.8.2/24 gateway=172.16.8.1 gateway6=“” name=veth1
/interface list
add name=WAN-Interface-List
add name=LAN-Interface-List
add name=Trusted-Interface-List
/port
set 0 name=serial0
/ip firewall connection tracking
set udp-timeout=10s
/ip neighbor discovery-settings
set discover-interface-list=!all
/ipv6 settings
set max-neighbor-entries=15360
/interface l2tp-server server
set enabled=yes one-session-per-host=yes use-ipsec=required
/interface list member
add interface=ether1_WAN list=WAN-Interface-List
add interface=ether2_LAN list=LAN-Interface-List
add interface=wireguard-server list=Trusted-Interface-List
add interface=wireguard-server list=LAN-Interface-List
add interface=veth1 list=Trusted-Interface-List
/interface ovpn-server server
add mac-address=FE:85:96:5C:7E:16 name=ovpn-server1
/interface wireguard peers
add allowed-address=172.16.7.8/32 client-address=172.16.7.8/32 client-dns=
67.207.67.2,67.207.67.3 client-endpoint=134.XX.XX.XX interface=
wireguard-server name=“my Phone” private-key=
“ec3m8FptA/9m8=” public-key=
“QsImxWej=”
/ip address
add address=172.16.7.1/24 comment=Wireguard interface=wireguard-server
network=172.16.7.0
add address=10.243.10.9/30 interface=wireguard10-chr network=10.243.10.8
add address=10.243.20.9/30 interface=wireguard20-chr network=10.243.20.8
add address=10.243.30.9/30 interface=wireguard30-chr network=10.243.30.8
add address=10.243.40.9/30 interface=wireguard40-chr network=10.243.40.8
add address=10.243.50.9/30 interface=wireguard50-chr network=10.243.50.8
add address=10.243.60.9/30 interface=wireguard60-chr network=10.243.60.8
/ip cloud
set ddns-enabled=yes ddns-update-interval=1m update-time=yes
/ip dhcp-client
add interface=ether1_WAN
/ip dns
set cache-size=10000KiB
/ip firewall filter
add action=accept chain=input connection-state=established,related,untracked
add action=drop chain=input connection-state=invalid
add action=accept chain=input protocol=icmp
add action=accept chain=input dst-address=127.0.0.1
add action=accept chain=input comment=“wireguard handshake” dst-port=
13231,23411-23416 protocol=udp
add action=accept chain=input comment=“admin access” in-interface-list=
WAN-Interface-List
add action=accept chain=input comment=“admin access” in-interface-list=
Trusted-Interface-List
add action=accept chain=input comment=“users to services” dst-port=53
in-interface-list=LAN-Interface-List protocol=udp
add action=accept chain=input comment=“users to services” dst-port=53
in-interface-list=LAN-Interface-List protocol=tcp
add action=drop chain=input comment=“Drop all else”
add action=fasttrack-connection chain=forward connection-state=
established,related hw-offload=yes
add action=accept chain=forward connection-state=
established,related,untracked
add action=drop chain=forward connection-state=invalid
add action=accept chain=forward comment=“internet traffic” in-interface-list=
LAN-Interface-List out-interface-list=WAN-Interface-List
add action=accept chain=forward comment=“relay for remote wg” in-interface=
wireguard-server out-interface=wireguard-server
add action=accept chain=forward comment=“port forwarding”
connection-nat-state=dstnat
add action=drop chain=forward comment=“drop all else”
/ip firewall nat
add action=masquerade chain=srcnat
add action=masquerade chain=srcnat out-interface-list=WAN-Interface-List
add action=masquerade chain=srcnat out-interface=wireguard-server
add action=dst-nat chain=dstnat dst-address=134.XX.XX.XX dst-port=
8295-8296 protocol=tcp to-addresses=172.16.7.19 to-ports=8295-8296
add action=dst-nat chain=dstnat disabled=yes dst-address=134.XX.XX.XX
dst-port=8291 protocol=tcp to-addresses=172.16.7.21 to-ports=8291
/ip ipsec profile
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
/ip route
add comment=“Static Routing Wireless AP” disabled=no distance=1 dst-address=
172.20.20.0/24 gateway=172.16.7.19 routing-table=main scope=30
suppress-hw-offload=no target-scope=10
add check-gateway=ping comment=WG10 disabled=no distance=1 dst-address=
172.30.30.0/24 gateway=10.243.10.10 routing-table=main scope=30
suppress-hw-offload=no target-scope=10
add check-gateway=ping comment=WG20 disabled=no distance=1 dst-address=
172.30.30.0/24 gateway=10.243.20.10 routing-table=main scope=30
suppress-hw-offload=no target-scope=10
add check-gateway=ping comment=WG30 disabled=no distance=1 dst-address=
172.30.30.0/24 gateway=10.243.30.10 routing-table=main scope=30
suppress-hw-offload=no target-scope=10
add check-gateway=ping comment=WG40 disabled=no distance=1 dst-address=
172.30.30.0/24 gateway=10.243.40.10 routing-table=main scope=30
suppress-hw-offload=no target-scope=10
add check-gateway=ping comment=WG50 disabled=no distance=1 dst-address=
172.30.30.0/24 gateway=10.243.50.10 routing-table=main scope=30
suppress-hw-offload=no target-scope=10
add check-gateway=ping comment=WG60 disabled=no distance=1 dst-address=
172.30.30.0/24 gateway=10.243.60.10 routing-table=main scope=30
suppress-hw-offload=no target-scope=10
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www port=8298
set ssh disabled=yes
set api disabled=yes
set winbox port=8297
set api-ssl disabled=yes
/ppp secret
add local-address=172.16.8.1 name=hotspot remote-address=172.16.8.2 service=
l2tp
add local-address=172.16.8.1 name=pppoe remote-address=172.16.8.3 service=
l2tp
/system identity
set name=MikroTik-London
/system logging
add action=disk prefix=-> topics=hotspot,info,debug
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp client servers
add address=time.google.com
/tool mac-server mac-winbox
set allowed-interface-list=Trusted-Interface-List
/tool romon
set enabled=yes
You need to draw a network diagram as your explanation makes ZERO sense.
YOu have a wireguard router, WHERE, at home?
Why are you running both BTH and regulard wireguard on this mikrotik router?
How many WANS does your MT router have??
When asked to provide config of said router, you then state a problem with a a CHR configuration in the cloud and post the configuration of that instead.
Can you please use different threads for different networks!!
Also why does CHR have so many wireguard interfaces???
As I stated you are all over the map and no one can help until you clear up many many questions
You have a wireguard router, WHERE, at home? = Yes
Why are you running both BTH and regular wireguard on this Mikrotik router? = Yes
How many WANS does your MT router have? = 5 (directly connected in Mikrotik with PPPoE user & password)
/interface bridge
add admin-mac=B8:69:F4:AE:BC:FD auto-mac=no comment=asad61 name=Bridge_WAN-1
port-cost-mode=short
add admin-mac=14:46:58:BC:18:1E auto-mac=no comment=abc name=
Bridge_WAN-2 port-cost-mode=short
add admin-mac=50:D4:F7:ED:0A:8E auto-mac=no comment=abc name=
Bridge_WAN-3 port-cost-mode=short
add admin-mac=E8:A6:60:B7:61:8F auto-mac=no comment=abc name=
Bridge_WAN-4 port-cost-mode=short
add admin-mac=D8:0D:17:04:47:D9 auto-mac=no comment=abc name=
Bridge_WAN-5 port-cost-mode=short
add admin-mac=C4:AD:34:D3:AD:72 auto-mac=no disabled=yes name=Bridge_WAN-6
port-cost-mode=short
add name=Bridge_ether2 port-cost-mode=short priority=0x7000
/interface ethernet
set [ find default-name=ether1 ] name=ether1_WAN
set [ find default-name=ether2 ] name=ether2_WAN
set [ find default-name=ether3 ] name=ether3_Loop
set [ find default-name=ether4 ] name=ether4_Loop
set [ find default-name=ether8 ] name=“ether8_LAN PPPoE”
/interface pppoe-client
add disabled=no interface=Bridge_WAN-1 name=1_WAN1 user=abc
add disabled=no interface=Bridge_WAN-2 name=2_WAN2 user=abc
add disabled=no interface=Bridge_WAN-3 name=3_WAN3 user=abc
add disabled=no interface=Bridge_WAN-4 name=4_WAN4 user=abc
add disabled=no interface=Bridge_WAN-5 name=5_WAN5 user=abc
/interface wireguard
add comment=back-to-home-vpn listen-port=48129 mtu=1420 name=back-to-home-vpn
add listen-port=13232 mtu=1420 name=wireguard-vpn
/interface vlan
add interface=ether3_Loop name=vlan501_ether3 vlan-id=501
add interface=ether4_Loop name=vlan501_ether4 vlan-id=501
add interface=ether3_Loop name=vlan502_ether3 vlan-id=502
add interface=ether4_Loop name=vlan502_ether4 vlan-id=502
add interface=ether3_Loop name=vlan503_ether3 vlan-id=503
add interface=ether4_Loop name=vlan503_ether4 vlan-id=503
add interface=ether3_Loop name=vlan504_ether3 vlan-id=504
add interface=ether4_Loop name=vlan504_ether4 vlan-id=504
add interface=ether3_Loop name=vlan505_ether3 vlan-id=505
add interface=ether4_Loop name=vlan505_ether4 vlan-id=505
add disabled=yes interface=ether3_Loop name=vlan506_ether3 vlan-id=506
add disabled=yes interface=ether4_Loop name=vlan506_ether4 vlan-id=506
/interface list
add include=none name=WAN-Interface-List
add name=LAN-Interface-List
add name=WireGuard-Interface-List
/ip pool
add name=“PPPoE Pool” ranges=172.30.30.10-172.30.30.250
/ppp profile
add dns-server=8.8.8.8,1.1.1.1 local-address=172.30.30.1 name=“PPPoE Profile”
remote-address=“PPPoE Pool”
/routing table
add disabled=no fib name=to_wan1
add disabled=no fib name=to_wan2
add disabled=no fib name=to_wan3
add disabled=no fib name=to_wan4
add disabled=no fib name=to_wan5
add disabled=no fib name=use-WAN1
add disabled=no fib name=use-WAN2
add disabled=no fib name=use-WAN3
add disabled=no fib name=use-WAN4
add disabled=no fib name=use-WAN5
/interface bridge port
add bridge=Bridge_ether2 interface=ether2_WAN internal-path-cost=10
path-cost=10
add bridge=Bridge_ether2 interface=vlan501_ether3 internal-path-cost=10
path-cost=10
add bridge=Bridge_ether2 interface=vlan502_ether3 internal-path-cost=10
path-cost=10
add bridge=Bridge_ether2 interface=vlan503_ether3 internal-path-cost=10
path-cost=10
add bridge=Bridge_ether2 interface=vlan504_ether3 internal-path-cost=10
path-cost=10
add bridge=Bridge_ether2 interface=vlan505_ether3 internal-path-cost=10
path-cost=10
add bridge=Bridge_ether2 disabled=yes interface=vlan506_ether3
internal-path-cost=10 path-cost=10
add bridge=Bridge_WAN-1 interface=vlan501_ether4
add bridge=Bridge_WAN-2 interface=vlan502_ether4
add bridge=Bridge_WAN-3 interface=vlan503_ether4
add bridge=Bridge_WAN-4 interface=vlan504_ether4
add bridge=Bridge_WAN-5 interface=vlan505_ether4 internal-path-cost=10
path-cost=10
add bridge=Bridge_WAN-6 disabled=yes interface=vlan506_ether4
internal-path-cost=10 path-cost=10
/ip firewall connection tracking
set udp-timeout=10s
/ip neighbor discovery-settings
set discover-interface-list=!all
/ipv6 settings
set disable-ipv6=yes forward=no
/interface l2tp-server server
set one-session-per-host=yes
/interface list member
add interface=1_WAN1 list=WAN-Interface-List
add interface=2_WAN2 list=WAN-Interface-List
add interface=3_WAN3 list=WAN-Interface-List
add interface=4_WAN4 list=WAN-Interface-List
add interface=5_WAN5 list=WAN-Interface-List
add interface=“ether8_LAN PPPoE” list=LAN-Interface-List
/interface pppoe-server server
add authentication=pap default-profile=“PPPoE Profile” disabled=no interface=
“ether8_LAN PPPoE” max-mtu=1500 one-session-per-host=yes service-name=
service_one
/interface wireguard peers
add allowed-address=192.168.217.2/32,0.0.0.0/0 client-address=
192.168.217.2/32 client-dns=8.8.8.8,1.1.1.1 client-endpoint=
xyz.sn.mynetname.net interface=wireguard-vpn name=“iPhone15 Pro”
persistent-keepalive=25s private-key=
“0LYjziIAAT7kyUPUOqqVPgBxgf34=” public-key=
“mA/RLaHwILWp+1PgR7MEiuMM0BA=” responder=yes
add allowed-address=192.168.217.3/32,0.0.0.0/0 client-address=
192.168.217.3/32 client-dns=8.8.8.8,1.1.1.1 client-endpoint=
xyz.sn.mynetname.net interface=wireguard-vpn name=“Redmi Note 13”
persistent-keepalive=25s private-key=
“wGQWCchbkue0c8j5xf/YxfTtkBRGM=” public-key=
“e+0cDK1WOfPFw9ayImo6gIE7Dw=” responder=yes
add allowed-address=192.168.217.4/32,172.20.20.0/24 client-address=
192.168.217.4/32 client-dns=8.8.8.8,1.1.1.1 client-endpoint=
xyz.sn.mynetname.net interface=wireguard-vpn name=Laptop
persistent-keepalive=25s private-key=
“yMBUmhSJ83Wj8nuHL7cXEFA1VyfkA=” public-key=
“F6dDXCpj7FrbmNa5ywTqpn3TlBl0=” responder=yes
/ip address
add address=192.168.217.1/24 comment=wireguard-vpn interface=wireguard-vpn
network=192.168.217.0
/ip cloud
set back-to-home-vpn=enabled ddns-enabled=yes ddns-update-interval=1m
/ip dns
set allow-remote-requests=yes cache-size=10000KiB servers=8.8.8.8,1.1.1.1
/ip firewall filter
add action=accept chain=input comment=Wireguard dst-port=13231 protocol=udp
add action=accept chain=input comment=“Router Access Remotely” dst-port=
8295,8296 protocol=tcp
add action=drop chain=input comment=“Block Attack” dst-port=
25,53,87,512-515,543,544,7547,8080 protocol=tcp
add action=drop chain=input comment=“Block Attack” dst-port=
53,80,87,161,162,1900,4520-4524,8080 protocol=udp
add action=drop chain=input comment=“Block Ping” in-interface-list=
WAN-Interface-List protocol=icmp
add action=add-src-to-address-list address-list=“Port Scanners”
address-list-timeout=none-dynamic chain=input comment=
“Port Scanners to Address List " protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list=“Port Scanners”
address-list-timeout=none-dynamic chain=input comment=
“TCP Flag-NMAP FIN Stealth scan” protocol=tcp tcp-flags=
fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list=“Port Scanners”
address-list-timeout=none-dynamic chain=input comment=
“TCP Flag-FIN/SYN scan” protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list=“Port Scanners”
address-list-timeout=none-dynamic chain=input comment=
“TCP Flag-RST/SYN scan” protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list=“Port Scanners”
address-list-timeout=none-dynamic chain=input comment=
“TCP Flag-FIN/PSH/URG scan” protocol=tcp tcp-flags=
fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list=“Port Scanners”
address-list-timeout=none-dynamic chain=input comment=
“TCP Flag-ALL/ALL scan” protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list=“Port Scanners”
address-list-timeout=none-dynamic chain=input comment=
“TCP Flag-NMAP NULL scan” protocol=tcp tcp-flags=
!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input comment=“Dropping Port Scanners”
src-address-list=“Port Scanners”
/ip firewall mangle
add action=mark-connection chain=input comment=“Old PCC” connection-mark=
no-mark connection-state=new in-interface=1_WAN1 new-connection-mark=
wan1_conn
add action=mark-connection chain=input connection-mark=no-mark
connection-state=new in-interface=2_WAN2 new-connection-mark=wan2_conn
add action=mark-connection chain=input connection-mark=no-mark
connection-state=new in-interface=3_WAN3 new-connection-mark=wan3_conn
add action=mark-connection chain=input connection-mark=no-mark
connection-state=new in-interface=4_WAN4 new-connection-mark=wan4_conn
add action=mark-connection chain=input connection-mark=no-mark
connection-state=new in-interface=5_WAN5 new-connection-mark=wan5_conn
add action=mark-routing chain=output connection-mark=wan1_conn
new-routing-mark=to_wan1
add action=mark-routing chain=output connection-mark=wan2_conn
new-routing-mark=to_wan2
add action=mark-routing chain=output connection-mark=wan3_conn
new-routing-mark=to_wan3
add action=mark-routing chain=output connection-mark=wan4_conn
new-routing-mark=to_wan4
add action=mark-routing chain=output connection-mark=wan5_conn
new-routing-mark=to_wan5
add action=accept chain=prerouting in-interface=1_WAN1
add action=accept chain=prerouting in-interface=2_WAN2
add action=accept chain=prerouting in-interface=3_WAN3
add action=accept chain=prerouting in-interface=4_WAN4
add action=accept chain=prerouting in-interface=5_WAN5
add action=mark-connection chain=prerouting connection-mark=no-mark
connection-state=new dst-address-type=!local new-connection-mark=
wan1_conn per-connection-classifier=src-address-and-port:5/0 src-address=
172.30.30.10-172.30.30.250
add action=mark-connection chain=prerouting connection-mark=no-mark
connection-state=new dst-address-type=!local new-connection-mark=
wan2_conn per-connection-classifier=src-address-and-port:5/1 src-address=
172.30.30.10-172.30.30.250
add action=mark-connection chain=prerouting connection-mark=no-mark
connection-state=new dst-address-type=!local new-connection-mark=
wan3_conn per-connection-classifier=src-address-and-port:5/2 src-address=
172.30.30.10-172.30.30.250
add action=mark-connection chain=prerouting connection-mark=no-mark
connection-state=new dst-address-type=!local new-connection-mark=
wan4_conn per-connection-classifier=src-address-and-port:5/3 src-address=
172.30.30.10-172.30.30.250
add action=mark-connection chain=prerouting connection-mark=no-mark
connection-state=new dst-address-type=!local new-connection-mark=
wan5_conn per-connection-classifier=src-address-and-port:5/4 src-address=
172.30.30.10-172.30.30.250
add action=mark-routing chain=prerouting connection-mark=wan1_conn
new-routing-mark=to_wan1 passthrough=no src-address=
172.30.30.10-172.30.30.250
add action=mark-routing chain=prerouting connection-mark=wan2_conn
new-routing-mark=to_wan2 passthrough=no src-address=
172.30.30.10-172.30.30.250
add action=mark-routing chain=prerouting connection-mark=wan3_conn
new-routing-mark=to_wan3 passthrough=no src-address=
172.30.30.10-172.30.30.250
add action=mark-routing chain=prerouting connection-mark=wan4_conn
new-routing-mark=to_wan4 passthrough=no src-address=
172.30.30.10-172.30.30.250
add action=mark-routing chain=prerouting connection-mark=wan5_conn
new-routing-mark=to_wan5 passthrough=no src-address=
172.30.30.10-172.30.30.250
/ip firewall nat
add action=masquerade chain=srcnat comment=wireguard1 in-interface=
wireguard-vpn src-address=192.168.217.0/24
add action=masquerade chain=srcnat comment=PPPoE out-interface-list=
WAN-Interface-List src-address=172.30.30.10-172.30.30.250
/ip ipsec profile
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
/ip route
add comment=PCC disabled=no distance=1 dst-address=0.0.0.0/0 gateway=1_WAN1
routing-table=to_wan1 scope=30 suppress-hw-offload=no target-scope=10
add comment=PCC disabled=no distance=1 dst-address=0.0.0.0/0 gateway=2_WAN2
routing-table=to_wan2 scope=30 suppress-hw-offload=no target-scope=10
add comment=PCC disabled=no distance=1 dst-address=0.0.0.0/0 gateway=3_WAN3
routing-table=to_wan3 scope=30 suppress-hw-offload=no target-scope=10
add comment=PCC disabled=no distance=1 dst-address=0.0.0.0/0 gateway=4_WAN4
routing-table=to_wan4 scope=30 suppress-hw-offload=no target-scope=10
add comment=PCC disabled=no distance=1 dst-address=0.0.0.0/0 gateway=5_WAN5
routing-table=to_wan5 scope=30 suppress-hw-offload=no target-scope=10
add comment=PCC-Main disabled=no distance=1 dst-address=0.0.0.0/0 gateway=
1_WAN1 pref-src=”" routing-table=main scope=30 suppress-hw-offload=no
target-scope=10
add comment=PCC disabled=no distance=2 dst-address=0.0.0.0/0 gateway=2_WAN2
routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add comment=PCC disabled=no distance=3 dst-address=0.0.0.0/0 gateway=3_WAN3
routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add comment=PCC disabled=no distance=4 dst-address=0.0.0.0/0 gateway=4_WAN4
routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add comment=PCC disabled=no distance=5 dst-address=0.0.0.0/0 gateway=5_WAN5
routing-table=main scope=30 suppress-hw-offload=no target-scope=10
/ip service
set ftp disabled=yes
set ssh disabled=yes
set telnet disabled=yes
set winbox port=82xx
set www port=82xx
set api disabled=yes
set api-ssl disabled=yes
/tool bandwidth-server
set enabled=no
/tool romon
set enabled=yes
If you have multiple wans, wireguard or BTH will work fine if using the Primary WAN.
If you have a public IP address or can forward the port from the upstream router to the MT router then use normal wireguard.
If you do not have a public IP address and want to be able to reach the router use BTH.
If you do not have a public IP address but have CHR in the cloud, use normal wireguard connecting to the CHR.
Your config is very complex and if you follow the basic rules above you should have wireguard success.
Another option is to use both BTH and CHR if you dont have a public IP.
They will be on different subnets and interfaces of course and both should go through the Primary WAN.
the term ‘public ip’ in current context is considered irrelevant since even cgnatted network uses ‘public ip’ now but works in different way. ))
probably the correct approach is asking the op to ask their isp whether their ip was behind cgnat. hence better solutions.
Hi wise…thanks for the head up…
This is not the OPs first rodeo so he should know what I mean but you are right!
Public IP means
IP cloud = whats my IP on browser = my IP DHCP client or PPPOE IP.
nope)) can’t guarantee that))
easy mode = it’s best to ask their isp.
other mode = rent a tunnel service.
borrow/rent their ‘public ip’.))
I have added a cloud DNS name to the WireGuard tunnel instead of a public IP (I use a a cloud DNS name because I have a dynamic public IP on my WAN, that’s why). It uses my WAN1 public IP for incoming and outgoing WireGuard traffic because WAN1 is in the default routing table with a distance of 1.
please recommend me what I do to established the tunnel on my Normal Wireguard on Mikrotik.
Who will use this tunnel and for what purposes/needs…
Me
From remote location I imagine.
a. to visit subnets on router
b. to manage router
c. anything else?