Hi Team,
So I am very sorry to open a new thread, but I’ve searched the whole forum but could not find anything relevant.
Long story short:
I have have a HAP AC2 in USA (behind an Xfinity box) with DNAT and IP 10.0.0.200 listening on 13233 (DNAT from Xfinity). The internet is a best effort 1000/500Mbps.
In Europe I have an HAP AC3 and a HEX PoE both with PPPoE and 1000/800Mbps best effort internet. THey are not DNATted as they have public IP addresses.
I use a laptop (in Europe, office, enterprise internet, 2 x 1G connections) and Wireguard Windows client to connect to both and the result are impressive for the price of Tik.
HAP AC2 from USA gives me ~365Mbps of download and about 100Mbps of upload
HAP AC3 from EU dive me about 380Mbps of download and about 140Mbps of upload
HEX gives less, about 180 down / 70 up.
So Windows client to both sites works like a champ!
The main issue is when I use the HAP AC3 as a Wireguard client to connect to HAP AC2 in USA ( to route 0.0.0.0/0 to USA). Speed caps at about 20-22Mbps no-mather-what I do and web pages are loading in ages. In the config I have uploaded I removed the mss-clamp lines as it seemed that they are doing more bad things than good ones.
I have attached both configs from EU(from HEX as it’s the one online right now) and USA (HAP AC3)
Any help is really appreciated as I am new to Mikrotik.
Thank you config-eu.txt (10.6 KB) config-usa.txt (2.94 KB)
Before looking at the configs, based on your text I would assume.
Both routers act as peer Servers for handshake for the various peer client devices.
Now you would like to connect the two devices together.
You have two options.
a. use an existing wireguard network on one of the devices (aka identifies which is peer server) and do the setup appropriately
b. create a third wireguard network for the two devices and then need to decide which is client or server for handshake.
Looking at EURO ROUTER.
This is what you have: /interface wireguard peers
add allowed-address=0.0.0.0/0 endpoint-address=catalink.home.ro
endpoint-port=13231 interface=wireguard1 name=peer4 public-key=
“blabla”
add allowed-address=0.0.0.0/0 interface=wireguard2 is-responder=yes name=
gruiu private-key=“blabla”
public-key=“blabla”[/i
Both of these are Probably WRONG.
If Wireguard1 is your attempt to connection to US router, then its missing a persistent-keep-alive=35s for example.
Then Wireguard2 is your attempt to host wireguard and the allowed IPs are incorrect. Each client peer needs to be described ( its peer to peer not peer to group !!! )
It should look like: add allowed-address=192.168.156.2/32 interface=wireguard2 public-key=“blahblah” comment=“roadwarrior 1”
add allowed-address=192.168.156.3/32 interface=wireguard2 public-key=“blahblah” comment=“roadwarrior 2”
ETC.
Also by the way this is completely bogus on and should be removed…
/ip dhcp-server network add address=0.0.0.0/24 gateway=0.0.0.0 netmask=24
add address=172.29.30.0/24 dns-server=8.8.8.8 gateway=172.29.30.1 netmask=24
add address=192.168.3.0/25 dns-server=50.223.52.23 gateway=192.168.3.1
netmask=2
Looking at USA router, I would have avoided using the same nomenclature as it gets confusing fast.
wireguardUSA works for me
Oh boy, there is nothing here that shows me you are providing Server for Europe MT to connect to.
The listening port is wrong the address is wrong etc…
And if the allowed address is wrong.
This indicates an error with your config…
/ip dhcp-client # DHCP client can not run on slave or passthrough interface!
add interface=ether1
