RB751G-2HnD WireGuard not working

Hello,
I have an old RB751G-2HnD which I recently updated from version 6 to 7.9 as I needed Wireguard. The configuration is very basic. No firewall rules, no special routes. Just the minimum required configs to connect to the internet and connect with wireguard to the VPN provider of my choice (Mullvad). I have an identical RB5009 setup which works great. In the case of RB751G-2HnD, I see no attempt to connect to the Mullvad endpoints.

I get 0 TX bytes in the peer tab.

I found it weird. I then setup a new Wireguard endpoint to my RB5009 and tried to connect to that one from my RB751G-2HnD. Again, no movement or an attempt to initiate any connection and TX bytes were 0. In both cases I could ping the endpoints just fine from the RB751G-2HnD, so this does not like a connectivity issue. The RB5009 endpoint was working fine as I tested it with my phone wireguard client later on.

It’s as if the Wireguard service is dead for this device.

Anyone noticed anything similar? I understand that RB751G-2HnD is an ancient device, but I still have uses for it.

Without a config cannot help
/export file=anynameyouwish

/interface bridge
add name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n basic-rates-a/g=\
    6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps basic-rates-b=\
    1Mbps,2Mbps,5.5Mbps,11Mbps country="korea republic" disabled=no distance=\
    indoors frequency=2462 frequency-mode=manual-txpower ht-basic-mcs="mcs-0,m\
    cs-1,mcs-2,mcs-3,mcs-4,mcs-5,mcs-6,mcs-7,mcs-8,mcs-9,mcs-10,mcs-11,mcs-12,\
    mcs-13,mcs-14,mcs-15" nv2-security=enabled radio-name="" ssid=StarWars \
    station-roaming=enabled tx-power=15 tx-power-mode=all-rates-fixed \
    wireless-protocol=802.11 wps-mode=disabled
/interface wireguard
add listen-port=13231 mtu=1420 name=wg-ath1
/interface list
add name=WAN
add name=LAN
add name=WAN-ETHERNET
add name=VPN
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk,wpa2-eap eap-methods=\
    "" mode=dynamic-keys supplicant-identity=***************
add authentication-types=wpa2-psk eap-methods="" group-ciphers=tkip,aes-ccm \
    mode=dynamic-keys name=profile1 supplicant-identity=\
    *************** unicast-ciphers=tkip,aes-ccm
/ip pool
add name=dhcp_pool0 ranges=192.168.20.2-192.168.20.250
/ip dhcp-server
add address-pool=dhcp_pool0 interface=bridge lease-time=10m name=dhcp1
/interface bridge port
add bridge=bridge ingress-filtering=no interface=ether2
add bridge=bridge ingress-filtering=no interface=ether3
add bridge=bridge ingress-filtering=no interface=ether4
add bridge=bridge interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set max-neighbor-entries=8192
/interface detect-internet
set internet-interface-list=WAN lan-interface-list=LAN wan-interface-list=WAN
/interface l2tp-server server
set default-profile=*2 mrru=1600 use-ipsec=required
/interface list member
add interface=bridge list=LAN
add interface=wlan1 list=WAN
add interface=ether1 list=WAN
/interface ovpn-server server
set auth=sha1 certificate=mikrotik.crt_0 cipher=blowfish128,aes256-cbc \
    default-profile=*1 port=443
/interface pptp-server server
# PPTP connections are considered unsafe, it is suggested to use a more modern VPN protocol instead
set authentication=chap,mschap1,mschap2 default-profile=*2 mrru=1600
/interface sstp-server server
set default-profile=*4 mrru=1600 port=14452
/interface wireguard peers
add allowed-address=0.0.0.0/0 endpoint-address=******* endpoint-port=\
    51820 interface=wg-ath1 public-key=\
    "***************************"
/ip address
add address=192.168.20.1/24 interface=bridge network=192.168.20.0
add address=****** interface=wg-ath1 network=****** (IP provided by Mullvad)
/ip cloud
set ddns-enabled=yes ddns-update-interval=10m
/ip dhcp-client
add interface=wlan1 use-peer-ntp=no
add interface=ether1
/ip dhcp-server network
add address=192.168.20.0/24 dns-server=192.168.20.1 gateway=192.168.20.1
/ip dns
set allow-remote-requests=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip service
set telnet disabled=yes
set ftp disabled=yes
set api-ssl disabled=yes

(1) Being a client for connecting you are missing the persistent-keep-alive setting for say 35s on the wireguard peer settings.

(2) There is no reason not to post the /ip address —> the mulvad IP address, your not helping sort your issues, as the problem may lie here.
in any case just make sure the address you put is X/24 and the network entry is X.X.X.0

(3) I dont believe you that your setup is the same as the 5009. If your 5009 is setup the same way it would not work either.

YOu tell me
a. how your users are getting to the wireguard tunnel??? There is no path…
b. how are your users using mulvad with their LANIP addresses…

Why dont you post your working 5009 and I can point out the differences that you are missing

maybe he thinks that MT can read the mind,

and he wish to have wireguard running

I appreciate you take the time to help me but you need to chill with that attitude.
After I enabled persistent-keep-alive it established the connection just fine. I never touched this config before in any of my setups, but all good now.
But again, please work on this attitude. We’re all grown ups here (I hope).

Sorry when you hide facts and ask for help, you are the one with attitude problem.
If I missed something, then my bad but here is what I see (or dont see)

There is no route, no mangling, no routing rule, no indication of how users on your subnet get to the wireguard…
There is no sourcenat rule for all LAN users to get assigned the mulvad assigned IP when leaving the router towards mullvad.

Glad the keep alive worked.