Community discussions

MikroTik App
 
ITCGHolding
just joined
Topic Author
Posts: 1
Joined: Tue Nov 10, 2020 11:47 pm

HELP - Connecting Mikrotik Wireguard as Client of ubuntu Wireguard Server

Wed Nov 11, 2020 6:29 am

Hi Guys!

I've successfully installed a Wireguard Server in a Ubuntu VPS and I when I connect with the Wireguard client to the server I have internet such a Regular VPN would do.

I have the following Mikrotik router:

Model: RouterBOARD 962UiGS-5HacT2HnT
Firmware Type: qca9550L
Factory Firmware: 3.34
Current Firmware: 6.47.7
Upgrade Firmware: 7.1beta2

What I desire is to route all my Mikrotik traffic through the VPN so my home devices like Roku and firestick can access to USA media content, I'm very excited to use my Mikrotik router to achieve that.

I recently download the RouterOS V7.beta and configure the wireguard Peer but when I connect my clients to the router they do not have any internet. I dont see any RX nor TX traffic.

I have configured the ISP2 interface to serve internet traffic and force the wireguard VPN to route thru that interface but I can’t see traffic.


So The first question to the community is how to know that the Mikrotik router is connected to the VPN server? When I go to the VPN server I Can't see any connection stablished.
What routing rules do I have to configure in order to work?

Perhaps I’m asking too much but any hint would be very appreciated.
 
archont
just joined
Posts: 6
Joined: Sun Nov 15, 2020 5:11 am

Re: HELP - Connecting Mikrotik Wireguard as Client of ubuntu Wireguard Server

Tue Nov 17, 2020 12:31 am

Did you set Wireguard interface IP?
So The first question to the community is how to know that the Mikrotik router is connected to the VPN server?
Try to ping (from Mikrotik) other side of VPN using internal wireguard IP - in my case remote (VPN) side is 10.13.13.1, my local side (Mikrotik) is 10.13.13.3.
What routing rules do I have to configure in order to work?
You need to add NAT for sure:
/routing table add fib name=via-wg // create new table
/routing/rule/add src-address=192.168.88.0/24 action=lookup table=via-wg   // route traffic from whole LAN, assuming that you have default config
/ip firewall nat add action=masquerade chain=srcnat out-interface=10.13.13.3 // Mikrotik Wireguard interface IP
/ip route add gateway=10.13.13.1@main routing-table=via-wg // VPN Wireguard remote IP


And for some reason, fasttrack need to be disabled. I'm still looking why, you can check on my thread: viewtopic.php?f=1&t=169011

Who is online

Users browsing this forum: mrz and 22 guests