WG road warrior - access another's router LAN through S2S tunnel

haris013 · April 3, 2023, 9:47am

Hello,

I have the bellow topology, 2 routers connected Site to Site with IPSEC policy based. Each router’s LAN have access the opposite LAN and everything works fine.

I have a wireguard server at ROUTER 1 and I have 1 road warrior WG client for managing. Is it possible to access router’s 2 LAN devices from WG through the IPSEC tunnel?

I want the road warrior client to have access at router’s 1 LAN and router’s 2 LAN.

Both routers have default Mikrotik config with 1 WAN, default firewall and an IPSec policy based tunnel.

anav · April 3, 2023, 2:52pm

Should be, I am no expert in converting WG client incoming traffic to be routed out ipsec tunnel so cannot give any specific pointers other than,

At R1
ensure firewall allows wg client to enter ipsec tunnel.
ensure there is route/path for wg client to enter ipsec tunnel.

At R2
ensure firewall allows wg client to exit tunnel and reach subnet
ensure route exists so wg client return traffic can re-enter tunnel.

haris013 · April 3, 2023, 6:24pm

Thanks for the reply.

Do you know how I can ensure that traffic enters and exists from the ipsec tunnel?

There is no interface at the ipsec tunnel and there no static or dynamic routes. The routing is based through ipsec policy.

Is there any way to point the wg interface at the opposite subnet ?