Community discussions

MikroTik App
 
archont
just joined
Topic Author
Posts: 6
Joined: Sun Nov 15, 2020 5:11 am

ROS 7.1beta2 - routing via Wireguard

Sun Nov 15, 2020 5:17 am

Hello,
I'm trying to route all traffic for one lan IP over Wireguard. I'm just a little confused, because there was some changes related to routing etc.
I have working wireguard interface, I can ping it from Mikrotik, or from my local PC (I added masquerade, in order to use wireguard server as DNS source - this is also working fine).
I was trying to make this config, but it doesn't work:
/routing table add name=via-wg fib
/ip route 
add check-gateway=ping distance=10 dst-address=0.0.0.0/0 gateway=wg_01@main routing-table=via-wg
 
archont
just joined
Topic Author
Posts: 6
Joined: Sun Nov 15, 2020 5:11 am

Re: ROS 7.1beta2 - routing via Wireguard

Mon Nov 16, 2020 11:34 pm

Ok, so I was able to make it run:
/routing table add fib name=via-wg
/ip firewall mangle add action=mark-routing chain=prerouting src-address=192.168.88.200 new-routing-mark=via-wg
/ip firewall nat add action=masquerade chain=srcnat out-interface=10.13.13.3 // my local wireguard IP
/ip route add gateway=10.13.13.1@main routing-table=via-wg  // remote wireguard IP
The problem is, that with fastrack enabled it is not working - DNS and ICMP (ping) is working fine, but I'm not able to use browser (even after clearing cache). Any ideas?
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: ROS 7.1beta2 - routing via Wireguard

Tue Nov 17, 2020 12:26 am

Fasttrack skips a lot of processing, including prerouting mangle, so what you're doing is incompatible with it. If you need it for static address, you can use routing rule instead. Or you could mark connections instead of directly marking routing, then mark routing based on connection mark, and only fasstrack packets without this connection mark.
 
archont
just joined
Topic Author
Posts: 6
Joined: Sun Nov 15, 2020 5:11 am

Re: ROS 7.1beta2 - routing via Wireguard

Tue Nov 17, 2020 12:44 am

Ok, so in that case it will be:
/routing table add fib name=via-wg  
/routing/rule/add src-address=192.168.88.200/32 action=lookup table=via-wg  
/ip firewall nat add action=masquerade chain=srcnat out-interface=10.13.13.3 // my local wireguard IP  
/ip route add gateway=10.13.13.1@main routing-table=via-wg  // remote wireguard IP
It is working with fasttrack, thanks!
I used mangle, because I will have different types of connection, which I want to pass trough VPN. Constant IP is only a start. What do you suggest in that case?
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: ROS 7.1beta2 - routing via Wireguard

Tue Nov 17, 2020 1:12 am

Previous post, last sentence. :)

Who is online

Users browsing this forum: No registered users and 17 guests