Hi all
I just got a new Mikrotik RB2011UiAS-IN which I plan to use as a Wireguard client. It’s attached to a 4G mobile router and thus has a dynamic IP with CG-NAT.
The other side (the VPN Server / Hub) is also behind a dynamic IPv4 address, but it has a dynamic hostname. There I use an older Ubiquiti ER-X with the Wireguard package.
I assume this should generally be possible?
Is there a way that the Mikrotik will realize when the IP behind the Hub URL changes to reconnect? Or is there some feature like dead-peer-detection?
Probably not, you will have to most likely MANUALLY toggle the client on and off. The keep alive feature on MT keeps the tunnel open/available but has no capacity to deal with a dynamic IP via host name etc (which is probably what you will use for endpoint address) that changes due to all the normal reasons. This has been pointed out to MT staff by many folks and on reports, but they dont want to improve this very common request which I dont understand/fathom. I would normally recommend hitting them over the head with a hammer to knock some sense into them, but I get the feeling it would have no effect on already lobotomized managers.
Hi @patoberli, the VPN site still need to have a pubic IP address. A dynamic address might be solved in various ways using for example scripts. Fixing WG if both sides is NAT’ted is a challenge but might be possible in some rare circumstances using “hole punching” (NAT traversal)
Hi All
Thanks all for your replies!
I finally found time to tinker around. After I realized I had to upgrade the firmware to 7.x I’m now a bit further. I currently fail at entering a DNS name as Endpoint, it only accepts IP addresses (the web gui).
Any ideas?
My ER-X does have a public dynamic non-natted IPv4 address, with a dynamic DNS name registered.
I just discovered that under 7.x firmware I also have now PPTP, L2TP and OpenVPN. I’ll try it with those first, as I have those already running (and they do accept DNS Namens in the webinterface).
