Hi,
I am having trouble trying to connect a linux wireguard client to the internal subnet of my routerboard. I am using V 7.20.5. I have been searching for solutions that were already written, but nothing matches this simple scenario. Any help is appreciated.
The client PC handshakes wireguard with no problems. My hosts are on the 10.10.9.0 subnet and can ping each other through the bridge. The VPN client PC can not ping anything but the router wireguard IP. The internal hosts also cannot ping the wireguard client internal ip. The router can not ping a host on the VPN subnet either.
Config below…
/interface bridge
add arp=proxy-arp comment=internal igmp-snooping=yes name=bridge1
/interface ethernet
set [ find default-name=ether1 ] arp=proxy-arp
set [ find default-name=sfp1 ] disabled=yes
/interface wireguard
add listen-port=13231 mtu=1420 name=wg1
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
/ip firewall connection tracking
set enabled=yes
/ip neighbor discovery-settings
set discover-interface-list=dynamic
/interface list member
add interface=ether1 list=WAN
add interface=bridge1 list=LAN
add interface=wg1 list=LAN
/interface wireguard peers
add allowed-address=10.10.9.251/32 comment=Linux interface=wg1 name=peer1 persistent-keepalive=25s public-key=
"PUBLIC KEY HERE"
/ip address
add address=192.168.111.1/24 comment=outside interface=ether1 network=192.168.111.0
add address=10.10.10.252/24 comment=inside interface=bridge1 network=10.10.10.0
add address=10.10.9.253/24 comment=WireGuard interface=wg1 network=10.10.9.0
/ip firewall filter
add action=accept chain=input comment="WG inbound" dst-port=13231 protocol=udp
/system clock
set time-zone-name=US/Arizona