I’m wondering if anybody could give me a hint how to configure remote road warrior over wireguard to connect to machines on LAN.
Firstly, a network diagram:
Secondly, a config file:
mikrotik-config.rsc (4.53 KB)
Thirdly, a background story. Originally I have configured my Mikrotik router through the Quick set with LAN adresses 192.168.1.3/24. That’s why you’ll see “defconf” references. On the top of that I have created Wireguard tunnel with 10.-something-/24. I was able to reach out router, machines in wireguard network and also machines on LAN. It turned out that some WiFi hotspots/networks uses same network as my LAN. That’s why I have decided to change IP addresses of both LAN and wireguard networks.
You can see visual representation of new subnets on this link. In particular it is network 172.31.32.0/19 (172.31.32.1 - 172.31.63.254) where:
- 172.31.32.0/20 (172.31.32.1 - 172.31.47.254) is LAN network - in the config commented as “newconf”
- 172.31.48.0/20 (172.31.48.1 - 172.31.63.254) is Wireguard network - in the config commented as “wireguard”
PC is Linux machine configured through Network Manager. I believe relevant sections of config file follows:
[connection]
id=wg1
type=wireguard
interface-name=wg1
[wireguard-peer.<REDACTED>]
endpoint=192.0.2.99:51003
allowed-ips=172.31.48.0/20;
[ipv4]
address1=172.31.48.42/32
method=manual
I have tried various combinations of allowed-ips without much luck. I have also tried to replace this host by a client running on Android phone.
Virtual server is jail running on FreeNAS. Also instead of it I’ve tried to reach out physical Linux machine without luck.
Once I establish a wireguard tunel, I’m able to reach out to router’s and file server’s wireguard addresses. What I’m not able to reach out is the virtual server, which has only LAN address.
Don’t worry if you don’t get it.