Over my local wifi I can connect to my hAP AX3 using the Mikrotik iOS app just fine. When I’m connected to my network (192.168.10.x/24) using wireguard (10.0.0.0/24) the iOS app fails to login. The hAP AX3 is not the wireguard server.
I get the following message in logs on the AX3 when connecting over wireguard:
system, error, critical login failure for user myusername from 10.0.0.2 via winbox
However, when connected using wireguard to my network I can connect to the pihole container dashboard which is hosted on the AX3. I can websurf normally.
Not much is filtered on the AX3, as it divides my wifi network from some local wired hosts. I’m using it as a bridge for the most part, monitoring queues, netwatch, and pihole DNS.
Is there a setting I’ve overlooked preventing a winbox connection from a non-local network?
Do you maybe have set allowed addresses for user which you are using for login?
Check /user/print detail if address property for user contains some subnet/ip (range) from which is allowed to login. If set, add 10.0.0.0/24 if is missing there.
Network diagram please, show where iSP is coming in, what subnets are moving between what devices etc.......
/export file=anynameyouwish (minus router serial number, any public WANIP information, keys, dhcp lease lists)
If you use the defconf (the factory configuration) firewall rules, then you'll need to add the WireGuard interface to the LAN interface list (this interface list only contains bridge in the defconf default).
If you are not using defconf then post an export of your configuration as @anav instructed.