Wireguard VPN - routing issues

RouterOS RouterOS beta
1

Hi, I’m trying to forward some traffic through Wireguard site-to-site VPN in v7.1beta2. The Wireguard link is correctly set up and I can ping both sides from each hosts.

Lets say I have host A with Wireguard internal IP address of 10.77.77.1
and host B with Wireguard internal IP address of 10.77.77.2

I set up a route on host B:

/ip route add dst-address=1.1.1.1 gateway=10.77.77.1

And I can ping 1.1.1.1 from within host B routerOS. However I’m unable to ping 1.1.1.1 from the LAN hosts of host B anymore.

So I looked up and found that apparently I need to create a route that has a routing mark with it, which identifies the packets that are originated from within the LAN and destined for 1.1.1.1.
According to this thread http://forum.mikrotik.com/t/mark-routing-ip-route-in-v7-0beta8/140541/1 , I ran

/routing table add name=abc fib
/routing rule add dst-address=1.1.1.1 action=lookup-only-in-table table=abc
/ip route add dst-address=1.1.1.1 gateway=10.77.77.1@main routing-table=abc

But I still can’t ping 1.1.1.1 from LAN. Could anyone shed some light on this? Thanks.

2

My Suggestion would be at least initially to set the wireguard1 interface on host B routerOS to be a wan interface.
So the outgoing traffic is natted, and looks to be coming from 10.77.77.2.

Perhaps remove the route marking stuff.

If this works, it is likely the problem is at the other end.
Perhaps doesn’t allow the IP addresses of the host B lan clients on A routerOS’s wireguard
perhaps doesn’t know how to route back to the host B lan clients.