Page 1 of 1

MT Router as Wireguard Client & Benchmarks

Posted: Thu Oct 29, 2020 12:02 am
by mawebi

today I tried to use the MT router as wireguard client (peer) and worked really easy. I had problems with MTU (I guess), but with the mangle entry (see #fix MTU) it worked like a charm:
# add interface
/interface wireguard
add listen-port=5555 mtu=1420 name=wireguard1 private-key=\
    "<private key MT peer>"
# add peer
/interface wireguard peers
add allowed-address=,::/0 endpoint=<ip of wireguard server>:5555 interface=\
    wireguard1 public-key="<pub key wireguard server>"
# add ip to interface
/ip address
add address= interface=wireguard1 network=
# nat
/ip firewall nat
add action=masquerade chain=srcnat out-interface=wireguard1
# fix MTU
/ip firewall mangle
add action=change-mss chain=forward new-mss=clamp-to-pmtu out-interface=wireguard1 protocol=tcp tcp-flags=syn
Afterwards I changed the default route to the IP (wireguard server) and added a static router to reach the server itself without the tunnel (see viewtopic.php?t=73775). Now the whole traffic is tunneled.

For the benchmark, I used my internet connection (100mbit), with the following results:
* RB951G-2HnD - max. 65mbit/s at 99% CPU
* hEX (RB750Gr3) - max. 95mbit/s at 50-60% CPU

Re: MT Router as Wireguard Client & Benchmarks

Posted: Thu Nov 19, 2020 4:20 pm
by cascom
I have a Wireguard subsciption vis and trying to use their config file to enter my info into my SXT LTE6 running 7.1
I'm using Winbox, have not mastered CLI yet.
I can see wireguard in my interfaces list.
Do I now need to add it to the interface list?
Sorry, I'm real new.