Community discussions

MikroTik App
 
agehall
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 63
Joined: Fri Aug 15, 2014 8:47 pm

Wireguard on wAP AC

Tue Jul 20, 2021 9:10 pm

I wanted to test the new Wireguard stuff so I upgraded a wAP AC to 7.1beta6 and tried to set it up according to the guides and using my iPad as a client. Doing so, I see no traffic on the wireguard interface on the wAP AC at all. When I use nmap to scan the wireguard port, I do see a couple of packets in my firewall rule, so I can get traffic to the mikrotik unit.

Now, before I start digging into this, should this work at all or am I barking up a dead tree here?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 7680
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Wireguard on wAP AC

Tue Jul 20, 2021 10:16 pm

Can you confirm what you are actually trying to do?
Draw a network diagram to illustrate.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
agehall
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 63
Joined: Fri Aug 15, 2014 8:47 pm

Re: Wireguard on wAP AC

Tue Jul 20, 2021 10:41 pm

Right now, it’s very simple. Maybe it is too simple and that is the problem.

I just want to see a WireGuard connection between my iPad and the wAP AC unit, both on the same local network 192.168.0.0/24. Nothing in between the two devices except switches and another wireless AP.
 
Cablenut9
Member
Member
Posts: 434
Joined: Fri Jan 08, 2021 5:30 am

Re: Wireguard on wAP AC

Tue Jul 20, 2021 11:47 pm

Make sure the "allowed addresses" setting is set to 0.0.0.0/0. ROS has a bug where you have to set it through the terminal because the GUI keeps deleting it because eit thinks it's not needed.
Serial question asker
 
goodbye
newbie
Posts: 31
Joined: Sat Feb 25, 2017 12:48 am

Re: Wireguard on wAP AC

Wed Jul 21, 2021 8:33 am

Just as a data point, if you're using the original wAP AC (not the new version that released a couple of months ago-ish) then you have zero hardware crypto acceleration.

With the old version (which I have 5 of); if/when you get it to "work", it will not be fast.
You have a single meager MIPSBE core with zero hardware crypto acceleration. Also, Wave1 AC, not Wave2 (with ROS7 and the Wave2 package).
The new ones have a quad-core ARM cpu with hardware acceleration for non-GCM ciphers (traditional AES CBC and CTR modes).
 
mducharme
Trainer
Trainer
Posts: 1391
Joined: Tue Jul 19, 2016 6:45 pm

Re: Wireguard on wAP AC

Wed Jul 21, 2021 10:11 am

Wireguard doesn't traditionally have hardware acceleration anyway, but is still known for being very efficient and fast regardless.
 
agehall
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 63
Joined: Fri Aug 15, 2014 8:47 pm

Re: Wireguard on wAP AC

Wed Jul 21, 2021 10:11 pm

All good suggestions. I’ll look into it.

At least it sounds like this should work so I’ve probably made some error in the config.

Who is online

Users browsing this forum: No registered users and 8 guests