Client remote peer > NAT > ISP Router Pubblic IP
↓
Internet
↓
Router ISP Pubblic IP > NAT > Private IP
↓
Mikrotik WAN2 > NO Handshake
Mikrotik > WAN1 Default Route Lan's PC > Router ISP1 > NAT> Internet
Good evening,
I would like to configure Wireguard in the context as shown in the diagram.
I don't currently have any firewall filters enabled.
I've tried dozens of mangle rules, routing tables, and prerouting.
The only solution is to configure a static route to the remote peer router's public IP.
But this isn't possible if an IP change occurs.
ROS 7.22.x
The current configuration is basic.
WAN1 private and WAN2 private
IP ethernet LAN private
Default route WAN1
Wireguard input from WAN2
WireGuard does not work with Mangling. It seems this is “by WG design” to which MT obeys.
You have to make sure if you connect via WAN2, the answer goes out via WAN2 too. If it exits via WAN1 the connection gets invalid. You have to configure a “internal double NAT” like described here: