I have the following IP ROUTEs created dynamically by the router (from IP ADDRESS assignments):

Default route

DAd 0.0.0.0/0 96.x.y.z 1

Wireguard interface IP:

DAc 10.10.100.0/24 212-Wireguard 0

WAN IP acquired via DHCP

DAc 96.x.y.0/24 ether1 0

Local LAN network

DAc 192.168.2.0/24 bridge 0


I have the following manually added routes. These are all remote wireguard networks:

/ip route

add comment=355 disabled=no distance=1 dst-address=192.168.0.0/24 gateway=212-Wireguard pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
	
add comment=255 disabled=no distance=1 dst-address=192.168.1.0/24 gateway=212-Wireguard pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10

add comment=355-cameras disabled=no distance=1 dst-address=192.168.5.0/24 gateway=212-Wireguard pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10

add comment=629 disabled=no distance=1 dst-address=192.168.20.0/24 gateway=212-Wireguard pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10

add comment=76 disabled=no distance=1 dst-address=192.168.30.0/24 gateway=212-Wireguard pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10

add comment=371 disabled=no distance=1 dst-address=192.168.40.0/24 gateway=212-Wireguard pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10

add comment=125 disabled=no distance=1 dst-address=192.168.70.0/24 gateway=212-Wireguard pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10

I was wondering if I could/should replace all the manually added routes with something like this:

add comment=all-remote-wireguard-networks distance=1 dst-address=192.168.0.0/16 gateway=212-Wireguard prep-src="" routing-table=main scope=10 suppress-hw-offload=no target-scope=10

From what I understand, this means that everything in 192.168.2.0/24 will still be routed through the bridge (because /24 is smaller than /16), but everything else in 192.168.0.0/16 will be routed through the 212-Wireguard interface.

Is that correct?

The reason this came up is because everytime I enter a site I forget to add a local route to each router to the new site. And, I don’t know if this is accurate, but maybe fewer routers will improve the performance of the hEX?

Thank you.

Yes. It would work in exactly the same manner as versus 0.0.0.0/0 via your upstream ISP gateway … 192.168.2.0/24 has longer subnet mask and has thus priority over the 0.0.0.0/0 when deciding where to send packets for destination IP address e.g. 192.168.2.200.

The only problem with too short subnet mask is that some bogus traffic might get routed towards 212-wireguard interface and it has to dealt with there instead of hitting some black hole … and handling with “invalid” traffic inside wireguard process/driver is most probably pricier than dealing with it on pure routing layer.

Thank you.

I’ll be playing around with this and looking for unintended consequences.

With lots of sites you should consider using a protocol for dynamic routing, like OSPF. That way your routers will learn the routes automatically from each other, no more forgotten or borked configuration.

It sounds amazing but I know absolutely zero about OSPF.

Steep learning curve?

It depends somewhat where you are starting from. For a few routers in one area without route redistribution it is not too bad, but it assumes you understand connected routes, how static routing works, e.g. how routes are chosen, what netmasks are, etc. If you do decide to go this way, having something link GNS3 or EVE-NG to “simulate” multiple routers makes playing/learning a lot easier. There are some Mikro Tips by Druvis on setting up GNS3. The Network Berg also has videos about the advantages of having a virtualized lab.

See this post for some pointers to OSPF resources. I would start with the first two videos from The Network Trip’s OSPF playlist, then the one from The Network Berg.

Thanks again for your help and the link to the thread.

I’d love to learn this, but there’s a bunch of things I’ve got to get to first (the list keeps growing).