Hi
I have a mikrotik router with two WAN (StarLink gateway 1 and a local ISP gateway 2) with recursive gateway
I also have wireguard VPN and the problem is that the first Gateway (StarLink) doesnt allow port forwarding
I need to know if there is any way to route VPN traffic in my second gateway
I think as long as you have your Wireguard service attached to the proper gateway you should do fine.
It would help to see your current config:
/export file=anynameyoulike
Remove serial and any other private info, post as Preformatted text by using the </> button
You can create two routing tables, and choose one using policy-based routing (i.e. when source address belongs to your VPN network, you use second routing table with default gateway2).
port forwarding
Do you mean uPnP?
GoodMorning
My configuration is like that
/interface bridge
add name=bridge1 port-cost-mode=short
/interface wireless
set [ find default-name=wlan1 ] ssid=MikroTik
set [ find default-name=wlan2 ] ssid=MikroTik
/interface wireguard
add listen-port=13231 mtu=1420 name=wg1
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=192.168.11.2-192.168.11.254
/ip dhcp-server
add address-pool=dhcp_pool0 interface=bridge1 lease-time=10m name=dhcp1
/routing table
add disabled=no fib name=to_OTE
/interface bridge port
add bridge=bridge1 ingress-filtering=no interface=ether3 internal-path-cost=
10 path-cost=10
add bridge=bridge1 ingress-filtering=no interface=ether4 internal-path-cost=
10 path-cost=10
/ip firewall connection tracking
set udp-timeout=10s
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface ovpn-server server
add auth=sha1,md5 mac-address=FE:EB:F6:8F:CF:C1 name=ovpn-server1
/interface wireguard peers
add allowed-address=192.168.100.2/32 interface=wg1 name=test public-key=
"xxxxxxx"
/ip address
add address=192.168.1.2/24 interface=ether2 network=192.168.1.0
add address=192.168.10.2/24 interface=ether1 network=192.168.10.0
add address=192.168.11.1/24 interface=bridge1 network=192.168.11.0
add address=192.168.100.1/24 interface=wg1 network=192.168.100.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-server network
add address=192.168.11.0/24 gateway=192.168.11.1
/ip dns
set servers=1.1.1.1,1.0.0.1
/ip firewall mangle
add action=mark-routing chain=prerouting connection-mark=no-mark
new-routing-mark=to_OTE src-address=192.168.100.0/24
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
add action=masquerade chain=srcnat out-interface=ether2
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip ipsec profile
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
/ip route
add disabled=no distance=1 dst-address=8.8.8.8/32 gateway=192.168.10.254
routing-table=main scope=10 suppress-hw-offload=no target-scope=10
add disabled=no dst-address=1.1.1.1/32 gateway=192.168.1.1 scope=10
add check-gateway=ping disabled=no dst-address=0.0.0.0/0 gateway=8.8.8.8
target-scope=11
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=
1.1.1.1 target-scope=11
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.1.1
routing-table=to_OTE suppress-hw-offload=no
/routing bfd configuration
add disabled=no interfaces=all min-rx=200ms min-tx=200ms multiplier=5
/system clock
set time-zone-name=Europe/Athens
/system routerboard settings
set auto-upgrade=yes