Down below is diagram which briefly discribe current setup. The main goal is to be able to get access only from PC_1 to whole 192.168.0.1 LAN subnet via MikroTik_2 and from PC_4 to whole 192.168.16.0 LAN subnet.
Here is some explanation to scheme:
All devices on 192.168.16.0 subnet, including Main Router and MikroTik_2, are connected through their LAN interfaces via switch. DHCP server is running on Main Router. MikroTik_2 and PC_1 have static IP’s on their LAN interfaces. PC_1 has MikroTik_2 set up as it’s default gateway. All other devices have Main Router set up as their default gateway.
WireGuard tunnel is established and running between MikroTik_1 and MikroTik_2. I was guided by official tutorial here - https://help.mikrotik.com/docs/display/ROS/WireGuard
and so, i’m able to get access from PC_1 to PC_4 and whole 192.168.0.0 subnet. But from PC_4 i’m only able to get access to MikroTik_2 LAN IP and PC_1 and it seems like because all the other devices don’t have MikroTik_2 as their default gateway. So, are there any ways to get it work as desired? Additional routing rules or NAT maybe?
I would like to help but I dont have a clue what you are doing with PC1 and the mikrotik2??
If miikrotik_2 has a WAN interface then why is its private LAN the same as the Main Routers private LAN ??
The Mikrotik_2 should have its own subnet ???
Are you saying both routers, Main and mikrotik_2 are connected to the internet??
Yes, both of them are connected to the Internet and share same LAN subnet. Their uplinks are very different comparing to each other in terms of routing and speed specs.
All PC’s are in domain, and do have sharing resources, so one LAN subnet is a must. PC_1 at the same time do need access to another subnet via VPN through faster and more stable uplink, provided by Mikrotik_2.
I guess my question is why even have Main Router in place, why not just Mikrotik-2 as the only router??
Unless its an ISP router which you have no control over and it only provides you a private IP…
Also would be interested in seeing both configs
/export file=anynameyouwish
Thank you, it worked… partly. I’ve added two routes on Main Router to be able to reach 10.255.255.0/29 and 192.168.0.0/24 via 192.168.16.253 host. Now i’m able to ping MikroTik_1 WG interface 10.255.255.1 and everything on it’s LAN side (192.168.0.0/24) from any device at 192.168.16.0 subnet.
But there is still persistent problem on the other side, when i’m trying to reach anything at 192.168.16.0/24 subnet. Except MikroTik_2 WG interface (10.255.255.2) and it’s LAN address (192.168.16.253). These two addresses are both reachable from PC_4 and from MikroTik_1. In addition to that, i’m able to connect from PC_4 to PC_1 via VNC, but ICMP Ping can’t reach it at the same time.
PC_1 has MikroTik_2 (192.168.16.253) set up as it’s default gateway.
Also, i’ve tried to change PC_2 it’s default gateway to MikroTik_2 192.168.16.253. After doing that, i was able to reach it, just like this with PC_1.
Ping not working can be caused by PC_1’s firewall, some default configs don’t allow pings from non-local subnets.
The rest should work, if you now have correct routes for both directions. If 192.168.16.x → 192.168.0.x works, it means that the other direction also works, because it’s used for responses. Unless there’s NAT changing addresses. But if it’s not NAT, then 192.168.0.x → 192.168.16.x should work too. If not, it’s probably because it’s blocked by firewall on RB.
