WireGuard Config Issue

Innoce · April 22, 2024, 1:33pm

Hello all,

I need help to configure my vpn WireGuard. My vpn is connected but I can’t connect to my internal tools at remote. I have configured the NAT and the firewall. My public IP is dynamic. Below my addresses:
VPN WireGuard network: 192.168.65.0/32
remote laptop: 192.168.65.2/32
Serveur DNS: 8.8.8.8
Router OS: RouterBoard 7.8

Thanks.

anav · April 22, 2024, 4:35pm

Let say the router LAN is 192.168.10.0/24

FIXING Allowed IPs. ( IP autorises )
a. wireguard address should be in the format: 192.168.65.0/24
b. LAN address of the remote subnet on the router also needs to be included: 192.168.10.0/24
c. If your goal is to provide internet access for remote users through the Mikrotik router than only a single address entry is required: 0.0.0.0/0
b. add keep-alive settings: persistent-keep-alive=35s ( anywhere between 25-45s is fine, actual time not critical )

Innoce · April 23, 2024, 1:04pm

Thanks for your response but I’m confused for about where I must config IP autorises. Below my differents questions

FIXING Allowed IPs. ( IP autorises )
a. wireguard address should be in the format: 192.168.65.0/24
b. LAN address of the remote subnet on the router also needs to be included: 192.168.10.0/24 ( Where ? On the router or WireGuard tunnel?)
c. If your goal is to provide internet access for remote users through the Mikrotik router than only a single address entry is required: 0.0.0.0/0 ( Yes it is, but where I should be config this address ?)

This is my new config:

anav · April 23, 2024, 8:23pm

I dont know what the problem is??

I didnt say to change the Wireguard IP address of your device?
I clearly stated
FIXING ALLOWED IPS ( IP autorises )

a. for wireguard address of the remote site/server for handshake put in 192.168.5.0/24 and also any remote subnet if applicable like 192.168.10.0/24.
I also stated that if the intent was to go out the internet of the server router then only need 0.0.0.0/0

The rest of your device config was FINE!
address: 192.168.65.2/32 is correct for example.

Your settings are now ALL WRONG and backwards.

Only modify homologue whatever that is… not interface wireguard

vk2mpj · April 25, 2024, 10:56am

Watch this and see if it helps

https://www.youtube.com/watch?v=P8AyIFv7yNY