I observe that the export conf file that is created for a back-to-home-vpn client has two peers. One peer has the correct public key for the back-to-home-router and the vpn endpoint (e.g. xxxx.vpn.mynetname.net:port). The other peer contains an intentionally bad PublicKey:
This second peer will never succeed in establishing a connection (even if the vpn and sn endpoints are the same). In fact when imported into the wireguard client on windows (along with the rest of conf file), it causes a continual stream of errors in the windows wireguard log file. The connection from windows works fine without this second key (if you edit it out of the conf file). So why is it generated by the back-to-home router?
Good question. IDK exactly. But agree I think it’s superfluous when using the generated config in a normal WG client. It is NOT a /0 default route, rather a /32 — so not sure it’s be useful if normal WG app, unless some client app used “0.0.0.0”. But dunno
My only WAG is it’s used by their app to test the direct path…you’ll note it’s .sn. DNS name, which always the route’s detect WAN IP, so never be the proxy server. While the peer which .vpn. DNS could either Mikrotik’s proxy, or /ip/cloud’s detect WANIP) and the /32 is just 0.0.0.0 itself. And further guessing the Mikrtok BTH uses some WG library that that’s use the generated config, and Mikrotik app does 0.0.0.0 for something.
But I’ve been curious what that 0.0.0.0/32 peer is used for myself…
@Amm0: Right, it could be used by their app on phones, but it would seem that they could deduce all the “information” in that peer entry from the “good” entry: substitute “vpn” for “sn” and there is not much left, except the funny route that you mentioned. It would be nice hear from someone at MikroTik about this!
Yeah I really don’t know for sure on this one. Only guesses… Presumably the generated config should be the generic peer configuration, and it’s totally unclear what the 0.0.0.0/32 is for from docs…
Agreed. Mikrotik really should write up the BTH schemes on their wiki. i.e. any “side-effects” of its automatic configuration should be documented IMO. Overall, @normis seems to assume the only use case is someone with a default configuration and only the BTH app — while docs do say BTH supports standard WG client apps…