Wireguard responds by wrong interface

th0massin0 · June 7, 2022, 1:20pm

ROS 7.3 , 2 WANs, wireguard

Interfaces:

Columns: ADDRESS, NETWORK, INTERFACE
#   ADDRESS           NETWORK       INTERFACE     
0   172.22.100.1/24   172.22.100.0  br0           
1   10.78.210.1/24    10.78.210.0   wgVpn         
2 D 192.168.1.17/24   192.168.1.0   eth1-WAN1-ADSL 
3 D 192.168.8.100/24  192.168.8.0   eth2-WAN2-LTE

Routes:

#     DST-ADDRESS       GATEWAY         DISTANCE
0  As 0.0.0.0/0         192.168.1.1            1
1   s 0.0.0.0/0         192.168.8.1            2
DAc 10.78.210.0/24    wgVpn                  0
DAc 172.22.100.0/24   br0                    0
DAc 192.168.1.0/24    eth1-WAN1-ADSL         0
DAc 192.168.8.0/24    eth2-WAN2-LTE        0

… so ADSL is default route.. but I want to use Wireguard on LTE (which is NOT default route) Let’s assume that Wireguard listens on port 7587.

Let’s see at connections:
Request: :RandomPort :7587
Response :7587 :RandomPort

How to bind Wireguard to the the proper interface: WAN2 ?
Mangle does not working.

Sob · June 7, 2022, 5:39pm

Check this: http://forum.mikrotik.com/t/nat-in-output-chain-for-wireguard/156626/1

th0massin0 · June 8, 2022, 7:34am

Thank you!
I will test whoole network behaviour, but in this point I see that wireguard woks as expected.

/routing rule add action=lookup-only-in-table disabled=no src-address=192.168.8.1/24 table=to_WAN2

Sob · June 8, 2022, 2:48pm

Not with this rule, source should be what’s on eth2-WAN2-LTE, i.e. 192.168.8.100. If if would work with 192.168.8.1, it would be even weirder than I thought.