Community discussions

MikroTik App
 
birkhoff
just joined
Topic Author
Posts: 1
Joined: Sat Sep 05, 2020 7:32 pm

Wireguard VPN - routing issues

Sat Sep 05, 2020 7:40 pm

Hi, I'm trying to forward some traffic through Wireguard site-to-site VPN in v7.1beta2. The Wireguard link is correctly set up and I can ping both sides from each hosts.

Lets say I have host A with Wireguard internal IP address of 10.77.77.1
and host B with Wireguard internal IP address of 10.77.77.2

I set up a route on host B:
/ip route add dst-address=1.1.1.1 gateway=10.77.77.1
And I can ping 1.1.1.1 from within host B routerOS. However I'm unable to ping 1.1.1.1 from the LAN hosts of host B anymore.

So I looked up and found that apparently I need to create a route that has a routing mark with it, which identifies the packets that are originated from within the LAN and destined for 1.1.1.1.
According to this thread viewtopic.php?t=162471 , I ran
/routing table add name=abc fib
/routing rule add dst-address=1.1.1.1 action=lookup-only-in-table table=abc
/ip route add dst-address=1.1.1.1 gateway=10.77.77.1@main routing-table=abc
But I still can't ping 1.1.1.1 from LAN. Could anyone shed some light on this? Thanks.
 
rplant
Member Candidate
Member Candidate
Posts: 281
Joined: Fri Sep 29, 2017 11:42 am

Re: Wireguard VPN - routing issues

Sun Sep 06, 2020 12:55 pm

My Suggestion would be at least initially to set the wireguard1 interface on host B routerOS to be a wan interface.
So the outgoing traffic is natted, and looks to be coming from 10.77.77.2.

Perhaps remove the route marking stuff.

If this works, it is likely the problem is at the other end.
Perhaps doesn't allow the IP addresses of the host B lan clients on A routerOS's wireguard
perhaps doesn't know how to route back to the host B lan clients.

Who is online

Users browsing this forum: No registered users and 21 guests