Road Warrior Config by the Network Berg

mozerd · May 24, 2022, 6:52pm

Outstanding WireGuard Video by the one and only Network Berg
Using RoS 7.2.3
https://m.youtube.com/watch?v=CH10spRyGpU&feature=youtu.be

Larsa · May 24, 2022, 7:55pm

Hmm…

Steve Trujillo:

“Can you show us the firewall setup for WireGuard? Would it be in the Input chain or the forward? Filter list or nat list?”

The Network Berg:

Hi Steve, my firewall has no filter rules. The default rules on ROS should also still allow the traffic I think. But you want to make sure that “INPUT” on the Filter List allows the listening port on your firewall since a session is being established to the router’s IP. So a rule might look something like: /ip/firewall/filter/add chain=input protocol=tcp/udp dst-port=13231 in-interface=“WAN PORT” (Could change interface to destination as well)"

Alexander Chobot:

“what you mean? you just make “ip firewall filter add chain=input action=accept protocol=udp dst-port=XXXXX place-before=0 in-interface-list=WAN” like rule where XXXXX is wireguard interface port.”

holvoetn · May 24, 2022, 8:09pm

I hate YT videos…

Protocol= tcp/udp.

Was that really mentioned ?

Larsa · May 24, 2022, 8:15pm

In the comments. Curious why he called it a Road Warrior Config. It looks like a regular wg tunnel to me…

anav · May 24, 2022, 9:45pm

I watched it live stream this morning, its short on detail and content and it was more of an exposure to road warrior setup vice an indepth discussion.
Much better is this article… - https://forum.mikrotik.com/viewtopic.php?p=906311

TheNetworkBerg · May 26, 2022, 4:48am

“Road Warrior” by definition means someone who might be travelling a lot, this type of wireguard setup allows for a “Road Warrior” to establish a wireguard tunnel to the wireguard server regardless of internet connection or origin. The server is not aware of what connection IPs the client is using since those IPs may be dynamic and it may be changing constantly or be behind a NATTED connection. The biggest point of this setup is just to have matching keys so that the client can establish the tunnel whenever needed to either route all internet traffic through to the WG server or very specific routing, which will require some further tweaking. This provides encryption for your traffic for secure browsing. There are more things that you can do with Wireguard which is why I have 2 other videos besides the “Road Warrior” setup. The links to the whitepaper for Wireguard as the top pinned comment also explains a lot more how Wireguard works if you want to get more in-depth into it.