Mikrotik CHR as 2nd router for Wireguard tunnel

McKajVah · July 9, 2022, 12:03pm

Hi.

I currently have a RB5009 on order and will eventually migrate the router over to that and dump the ISP provided one.

Now I’m currently running the default router from my ISP with a port forwarding to a Mikrotik CHR Routeros V7 running on Proxmox. I’m running Wireguard on the CHR Routeros v7 and can connect to it from outside. Problem is I cannot connect to anything else on the network. I want to connect out to the Internet via the Wireguard and connect to other “machines” on my home network.
Seems I’m missing some “routing” rules on the Mikrotik CHR, but I’m not sure.

|-----------Wireguard tunnel ----------|
Internet → ISP router → Mikrotik CHR routeros v7 → Home network
… \ → Internet

How can I achieve what I want?

Thanks.

anav · July 9, 2022, 1:28pm

Post your config from the CHR.

Sob · July 9, 2022, 3:05pm

If other devices don’t have CHR as gateway, they don’t know that they should send responses to WG clients there. You can either add route to WG client on main router, to point to CHR. Or quick fix, if you don’t care about devices seeing addresses of WG clients, add srcnat on CHR, to make all their connections appear as if they are from CHR itself.

anav · July 9, 2022, 4:06pm

Covered in Para 8…
https://forum.mikrotik.com/viewtopic.php?t=182340