Hi, on one hAP ac^3 @7.15.2 I have strange behaviour, only the “latest edited” peer will connect, the others have 92bytes received and nothing more (wireguard android app and the same with wireguard windows program), it’s just necessary to edit any parameter in the peer’s configuration, and restore that parameter and press apply that now that peer will connect, but the last one no more.
After 5 seconds these 92 bytes become 124, then after 5sec 156.. it seems mikrotik sending keepalive requests but don’t receive anything from peer.. and peer is sending…
I’ve checked config with another OS7 router where wireguard is working regulary with different peers and they are equal, nothing is missing, is this a Mikrotik bug? What should I do to correct it?
By not assuming your config is correct.
Please post /export file=anynameyouwish ( minus router serial number, any public WANIP info, keys etc.O)
Usually means you have overlapping allowed addresses on your peer configurations.
This is an error.
If this what you actually need and want, (eg. you want to use ospf to the peers and route via the ospf chosen link, etc)
You need to have multiple wireguard interfaces with one (overlapping) peer per wireguard interface.
I’ve cleaned all useless parameters ain all peers, leaving only allowed IP /32 and it’s public key, now it works. I guess there is a bug that still have to be fixed, there weren’t overlap and I connected only one client at time to test. Runnng 7.15.3
Couldn’t possibly be your config right? I use multiple peers without an issue btw. There’s no bug that I have encountered.
Sadly, anything you day is pure fabrication without evidence or at least opinion without any substantiation.
Llamajaja led your dehydrated self to water and you refused to drink 
Friend, the config is full of sensible data and I don’t think it’s important, since the problem is solved now..
to solve it I’ve deleted all unecessary parameters, on server side (Mikrotik router) it’s just necessary to specify the public key of device and its allowed adress /32, that’s all
Thank you
Which means you initially let the router config wireguard for you instead of doing it yourself manually LOL… Glad you took control!!
Solution of this problem described in other topic.
http://forum.mikrotik.com/t/only-one-wireguard-peer-working-at-a-time/167740/6
In my case it was ipv6 addresses with mask /64, for correct work mask must be /128
thanks khaaleex, Im ipv6 illiterate so any help in that regard is greatly appreciated. I suppose the OP thought his brainwaves were powerful enough that we knew he was using IPV6.
Hi, the solution for me was to reduce at max the necessary parameters to make it work, shortly a wireguard to work needs:
Interface wireguard enabled and static IP configured on it (on client too)
On server,'s peer items, specify peer with its public key and its IP address allowed, use responder flag
On client’s peer items, add also the endpoint (the server IP address) and its port, allowed destination address (subnet) the client will be able to reach though the server and the persisten keepalive (I chosed 20 sec). Nothing more is necessary