wireguard site to site

ChrisAVS · April 30, 2025, 8:46pm

Hello
I need to create a tunnel between 2 remote stores that shares the same server
I have 2 mikrotik rb4011IGS with a wireguard between the 2
j arrives well at ping the 2 dimensions of the tunnel WG and even the 2 addresses of the MK routers but not the other IP addresses of the network

on the A site on the B website
ip box: 192.168.1.1 192.168.70.1
ip MK: 192.168.1.198 192.168.70.199
ip WG: 10.200.1.1 10.200.1.2
Other: 192.168.1.0 192.168.70.0

on site B for example I can ping the 2 ip WG , the 2 ip MK but not the 192.168.1.50 by e.g.
I can provide a schema if necessary
I tried different different roads but nothing did about it
Thank you for your help.

These are my routes:

#     DST-ADDRESS      GATEWAY       DISTANCE
0  As    0.0.0.0/0        192.168.77.1         1
1  As   192.168.1.0/24   10.200.1.1           1
  DAc   192.168.77.0/24  bridge1              0
  DAc   10.200.1.0/30    wireguardAVS         0

rplant · May 1, 2025, 7:55am

It might be enough if you can add some static routes to your main gateways (192.168.1.1 and 192.168.70.1 (77.1?))

on 192.168.1.1 add a static route 192.168.70.0/24 is via 192.168.1.198
on 192.168.70.1 add a static route 192.168.1.0/24 is via 192.168.70.199

anav · May 1, 2025, 11:09am

/export file=anynamwyouwish (minus router serial number, any public WANIP information, keys) for both sites.

anserk · May 2, 2025, 5:39pm

If you have the tunnel working between the routers, all you need to do for site-to-site is this:

Add static route to the remote LAN subnet with the remote WireGuard IP as the gateway.
Put that same remote subnet on the allowed-ip list in WireGuard.
Review firewall rules, allow what’s needed, block what’s not needed.

This needs to be done in both locations.