Suggest you have some basic understanding issues first to navigate and learn prior to making a wireguard configuration.
Pay particular attention to setting up both client and server (local and remote) peer settings. Half an hour spent here will pay dividends and it would not surprize me if you come back and say its all working fine now. Do some planning go through the steps and you will be fine! https://forum.mikrotik.com/viewtopic.php?t=182340
running on port 443…sure there is nothing else running on port 443? Which ports do you suggest? I knowthe 443 should not by blocked.
what does logging say (you might want to add some ligging)? Sorry but im not sure how to log WG?
you only accept wireguard connections from a specific IP address, is this rule hit (tip: counter)? The allowed adress are correct, I could change it to subnests? But I have fallowed the guide which you have mentioned and there is exact IP not subnet.
Please sort your firewall rules (input, forward) - I have added the FW rulles according the guide from you.
Might want to add in-interface as well (and please don’t ask how, it is described in the help page I linked prefiously).
Just wondering…is the 185.5.225.xxx your public IP adress? Then it is correct (but you might want to remove it).
If you write down and answer these questions, and provide a network diagram I will be able to help.
Step 1: Identify all the connecting devices involved
Step2: Identify all the users, either individuals (like a smart phone or road warrior/laptop), or groups of users (aka a subnet of users).
Step3: Identify which user(s) need access to internet through WG (and thus not from their local ISP)
Step4: Identify which user(s) need access to the subnet at the other end of the tunnel (could be on an MT device or another router up or down from the MT device).
Step5: Identify as you the admin, which MT devices you wish to manage/Config from your local MT end of the WG tunnel.
Step6: Identify between applicable pairs of WG devices devices, WHICH device, for the initial connection, will be acting as SERVER (listening port active) and which will be CLIENT (sends original request).
In a nutshell one should do the following:
PLAN Traffic Flows - from where to where for all use cases! (Dont forget Admin to Router for configuration if required)
PLAN Initial Tunnel Connection - which site will start the tunnel request (client).
PLAN Firewall Rules - how to get the traffic, entering and exiting the wg interface, to where it needs to go.
PLAN Routing of Traffic - how to get the traffic routed properly (IP routes predominantly, and possibly dynamically accomplished by IP address if assigned to WG interface)
A diagram would certainly clear out a lot of questions and/or assumptions.
Port 443 is default https when using TCP. Not sure about UDP.
Some other VPN protocols also use it (via TCP) but (my view) I think it’s a bad choice for wireguard since it’s UDP only.
And how do you know it’s not blocked ?
Outgoing most likely not (https, remember).
But what about incoming (ASSUMING you want to have your Mikrotik act as “server” ) ?? That’s what needs to work.
Since you say followed the guide, start with the port suggested there (and make SURE it gets forwarded on whatever device is sitting in between so your Mikrotik can be reached using that port, or it will NEVER work).
Change the port later once you understand how it is supposed to work.
But first some more info is needed.
We’re fishing here … but we don’t know where or for what.
Which port do you suggest to use? Why would anyone blocked 443 UDP? There was a time and WG had handshake on this port.I do not know if this port 13231 is not blocked…
To be honest I do not know how to recognize server and client?, when i need only one tunel between two mikroticks.
How could I check that Mikrotik can be reached using that port?
@Rox169
443 UDP is used by QUIC a Google tech … so if you use chrome or any chrome derivative you will have issue with that port under WG. I suggest that you use port 44355 and see if that helps you. I have not checked your config properly so I cannot make further comment other that to suggest that you get WG working first before you introduce ZeroTier …
You didn’t even explain how you wanted to set up wireguard. Do you want those two routers connected to each other over wireguard? Or are you simply setting up two completely different routers for a roadwarrior type configuration? or is it something else?
mducharme, the OP refuses to communicate despite given all the tools and ways and means to do so. Language barriers are not an excuse as google translate can be used both ways to answer the questions posed… Clearly there has been very little attempt to learn or read any reference material available or linked.
If the OP doesnt want to communicate not much else can be done.
OP: If it is PTP you want, I notice you have each router on a different wireguard subnet - it is nonsensical. One router has 192.168.144.1/24 on the wireguard interface and the other has 10.1.168.1/24 on its wireguard interface. I don’t see how you expect to get a point to point link working when using different subnets. I think you have not really understood the tutorials that you read, or you do not have a basic understanding of routing. It is the same scenario as configuring an IP on one router on one subnet on ether2 and configuring an IP on another router on ether2 on a different subnet and plugging the ether2’s together and expecting to get a response - you would not.