I wanted to test the new Wireguard stuff so I upgraded a wAP AC to 7.1beta6 and tried to set it up according to the guides and using my iPad as a client. Doing so, I see no traffic on the wireguard interface on the wAP AC at all. When I use nmap to scan the wireguard port, I do see a couple of packets in my firewall rule, so I can get traffic to the mikrotik unit.
Now, before I start digging into this, should this work at all or am I barking up a dead tree here?
Can you confirm what you are actually trying to do?
Draw a network diagram to illustrate.
Right now, it’s very simple. Maybe it is too simple and that is the problem.
I just want to see a WireGuard connection between my iPad and the wAP AC unit, both on the same local network 192.168.0.0/24. Nothing in between the two devices except switches and another wireless AP.
Make sure the “allowed addresses” setting is set to 0.0.0.0/0. ROS has a bug where you have to set it through the terminal because the GUI keeps deleting it because eit thinks it’s not needed.
Just as a data point, if you’re using the original wAP AC (not the new version that released a couple of months ago-ish) then you have zero hardware crypto acceleration.
With the old version (which I have 5 of); if/when you get it to “work”, it will not be fast.
You have a single meager MIPSBE core with zero hardware crypto acceleration. Also, Wave1 AC, not Wave2 (with ROS7 and the Wave2 package).
The new ones have a quad-core ARM cpu with hardware acceleration for non-GCM ciphers (traditional AES CBC and CTR modes).
Wireguard doesn’t traditionally have hardware acceleration anyway, but is still known for being very efficient and fast regardless.
All good suggestions. I’ll look into it.
At least it sounds like this should work so I’ve probably made some error in the config.