Wireguard handshake but no traffic

Rox169 · January 17, 2022, 9:35pm

Hi,

Im using zerotier and wireguard on two sites. Zerotier is working fine, but wireguard is not working. The wireguard has handshake but no traffic i think there is problem in routes.
Could you please help?

please see /interface/wireguard export

site1
/interface wireguard
add listen-port=443 mtu=1420 name=wireguard1
/interface wireguard peers
add allowed-address=10.1.168.101/24 endpoint-address=185.5.225.240
endpoint-port=443 interface=wireguard1 public-key=
“xxx”

site2
/interface wireguard
add listen-port=443 mtu=1420 name=wireguard1
/interface wireguard peers
add allowed-address=192.168.144.22/24 endpoint-address=185.16.81.156
endpoint-port=443 interface=wireguard1 public-key=
“xxx”

anav · January 17, 2022, 9:57pm

Would need to see both configs.

Which end acts as server and which as client for the initial connection?
I would not use port 433, unless its the only way to get traffic through niggly ISPs…

Rox169 · January 17, 2022, 10:04pm

sorry, which config do you need to see?

sorry, but I do not know how to check which is server or clinet..

msatter · January 17, 2022, 10:47pm

All the *number gateways are broken. The occur when WG settings are delete and recreated.

You can ping from the router but no traffic will be directed into tunnel.

anav · January 17, 2022, 11:47pm

Okay clearly you are not the admin, I need to speak with the person that setup the sites.

Rox169 · January 18, 2022, 2:26am

Im admin, in mikrotik there is no option to see which is server or client…both sites are setup the same way according to mikrotik wiki even the firewall setting,there is handshake but no trafffic

Sob · January 18, 2022, 2:55am

And what exactly are you trying to do? Typically you connect LAN to LAN, but here it looks like you want to access WAN subnets on both routers, but not any LAN at all.

Rox169 · January 18, 2022, 5:07am

is it possible to have working zerotier and wireguard on one network? I like zerotier but I have slow speed. Thats why im trying the wireguard I have HAP AC3 on both sides.

holvoetn · January 18, 2022, 5:50am

Make a network drawing indicating all subnets.
If known, also the bandwidth limits of the outgoing isp links.

A picture says more then a thousand words…

Rox169 · January 18, 2022, 6:22am

What should I draw? you have 2 sites and 2 wireguard config export above. Is there anything wrong with the routes?

jvanhambelgium · January 18, 2022, 6:31am

ZeroTier & Wireguard can happily co-exist together. Obviously NOT using the same IP’s !
192.168.1.x could be ZeroTier (and participants on your cloud-network) and 192.168.2.x could be for WireGuard.
Works fine here. (but not in a “site-to-site” topology, more hub-spoke alike)

holvoetn · January 18, 2022, 6:39am

No offense intended but a couple of people have asked you some questions where each time you seem to try to dodge the bullet not revealing the complete setup.
If you do not provide the info which is requested, that’s your good right.
But don’t expect us to have a crystal ball about your situation if you are not providing all info which might be relevant (maybe not to you).

You have a problem, that’s clear.
We do not.

You need help.
There are enough here willing to help but we need … info.

Rox169 · January 18, 2022, 7:05am

Hello,

as you can see from the routes,
wireguard is using subnet 192.168.144.0/24 and the zerotier is using 192.168.192.0/24. Wchich is obviously NOT using the same IP’s

Rox169 · January 18, 2022, 7:28am

Why do you think so? This is dynamic route for zerotier and zeroties is working fine.