I’m struggling with a wireguard site to site VPN configuration. I have read a lot of tutorials and such but haven’t got around to ake it work yet..
Setup:
Home Net: 10.10.10.0/24
ISP public IP on WAN interface using DDNS of Mikrotik Cloud
ROS 7.15.2
Setup as Wireguard server with wireguard interface IP 172.16.88.1/24
Starlink Net: 10.10.11.0/24
ISP CGNATed
ROS 7.15.2
Setup as Wireguard client with wireguard interface IP 172.16.88.2/24
The tunnel is established I can ping any IP from homelan router to starlink lan but no pc on Homelan can ping any IP of Starlink lan except the Wireguard IP of the StarlinkLan router
Also from the Starlink lan router I can ping only the Homelan router IP, the Wireguard IP of the Homelan router. Also from any PC on the Starlinklan I can ping only the Wireguard IP and nothing more…
I’m at a loss and I’m sure I’m missing a lot… Can you please help? I’m attaching both configurations if anyone has the time to read them.
I could care less about pinging interfaces.
Please explain the actual traffic flow requirements.
Are there local subnet users on the starlink??
a. if so, do they require access to subnets at home router.
b. do they require to use the internet at home router (and not go out starlink WAN).
At home
a. do users need access to starlink lan associated subnets
Does the admin need access to both routers lan subnets via wireguard from the road?
Does the admin need to config the starlink router while on home router ( on a local subnet )? note: assuming from the road yes.
Does the admin need to config the home router while on site at starlink and on a starlink lan subnet? note: assuming from the road yes.
Your starlink config is confused,
You have bridge.
Your have a vlan which has interface of the bridge
BUT
Missing turning vlan filtering ON, on the main bridge config
Missing any associated /interface bridge vlan settings.
Please describe the purpose of ether3, and vlan100.
What is connected on ports 1 and 2 ???