Hello,
I have a mikrotik L41G-2axD behind an isp router.
I have done all the forward from isp router to mikrotik so now i complete handshake from windows client and iphone.
But both devices didnt have internet and also didnt ping the wireguard server.
I attach you the config file if anybody could help me.
configtel.rsc (6.23 KB)
Try using protocol UDP with wireguard not TCP.
Also ensure you are forwarding udp not tcp on the ISP modem/router.
Hello,
Thanks for the reply,
I change the protocol port in the listening port 8181 to udp.
In isp router it is udp but the problem continues
Can you confirm you are at least getting a handshake on Wireguard?
Look at the firewall rule on the input chain allowing connection on the Mikrotik, the counter should increase by one each time you try… also resetable to zero.
I confirm that i getting handshake from wireguard.
Which firewall rule must have?
Also where is the counter that should increase?
(1) Okay make sure the wireguard version you got for windows was from the Wireguard site, and not microsoft.
(2) In terms of settings the client interface IP address should be 192.168.100./32
(3) The client peer settings, endpoint you have on the client is incorrect. It should be the public WANIP of the ISP Router.
Typically you can use the IP CLOUD provided address of the MT as it resolves to the public IP of your ISP.
Turn on IP cloud (DDNS enabled) and use the DNS name for the endpoint on the client settings.
Typically its either endpoint address and port separately or sometimes together depending upon the client
endpoint=xxxxsn.mynetname.net endpoint port=8181 OR xxxxsn.mynetname.net**:**8181
(4) The client settings also must have a keep alive setting 35s is fine.
(5) On the mikrotik this rule in the input chain, should see the counter go up by one, on the handshake.
add action=accept chain=input dst-port=8181 in-interface=ether1 protocol=tcp
2)i fix the client interface ip 192.168.100./32
3)in endpoint ip i use xxxxsn.mynetname.net:8181 and after activating the wireguard show these ip 192.168.0.34
Which is the ip of MT taking from the ISP router.
Now while making changes i realize that handshake complete only when the client is connected in the MT wifi/ethernet but not from outside.
Maybe these is the problem.
In ISP router i have port forward the port 8181 udp but when i check in portchecker it is showed as close.
I do not understand. you should not be connecting to wireguard from within the router???
I think your problem is the ISP router then, it seems its not forwarding the port correctly if you are not getting any counts on the input chain rule on the Mikrotik.
I would also add the WG interface to your list members
/interface list members
add interface=wireguard1 list=LAN