I already posted this in another older topic, but apparenly it's not visible enough.
I'm having some problems with Wireguard on Hap Ac2 (7.1 beta3). I manage to get port forwarding working on my main router (Hap AC3) and now i would like to make a wireguard server on one of the CAPsMAN client (HapAC2).
It seems, that connection is working, since i can ping my phone's IP from Wireguard server and also i can ping Wireguard server from my phone. But that is all that is working. I can't get acces to any device in local network and also not to the internet from my phone. In allowed IP's on client i have 0.0.0.0/0.
Should i enter some aditional routes in IP/routes or maybe some firewall rules?
HapAC3 has an ip 192.168.3.3 and is also gateway and DNS server for my network. If i check for firmware upgrade on HapAc2, new firmware check works, so internet acces is working.
Code: Select all
[admin@MikroTik] > export hide-sensitive
# jan/05/2021 22:31:35 by RouterOS 7.1beta3
# software id = 1W79-SWFL
#
# model = RBD52G-5HacD2HnD
# serial number = C6140BFD9F14
/interface bridge
add admin-mac=C4:AD:34:EA:50:EA auto-mac=no comment=defconf name=bridgeLocal
/interface wireless
# managed by CAPsMAN
# channel: 2442/20-eC/gn(17dBm), SSID: Kmetija, local forwarding
set [ find default-name=wlan1 ] disabled=no ssid=MikroTik
# managed by CAPsMAN
# channel: 5745/20-Ceee/ac(17dBm), SSID: Kmetija 5, CAPsMAN forwarding
set [ find default-name=wlan2 ] installation=indoor ssid=MikroTik
/interface wireguard
add listen-port=51821 mtu=1420 name=WG
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip vrf
add list=all name=main
/interface bridge port
add bridge=bridgeLocal comment=defconf interface=ether1
add bridge=bridgeLocal comment=defconf interface=ether2
add bridge=bridgeLocal comment=defconf interface=ether3
add bridge=bridgeLocal comment=defconf interface=ether4
add bridge=bridgeLocal comment=defconf interface=ether5
add bridge=bridgeLocal interface=wlan2
/interface list member
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
add interface=wlan2 list=LAN
add interface=wlan1 list=LAN
add interface=ether1 list=WAN
/interface wireguard peers
add allowed-address=10.0.0.2/32 interface=WG public-key=\
"xxxxxxxxxxxxxxxxxxxxxxxxxxx="
add allowed-address=10.0.0.3/32 interface=WG public-key=\
"xxxxxxxxxxxxxxxxxxxxxxxxxx="
/interface wireless cap
#
set bridge=bridgeLocal caps-man-addresses=192.168.3.3 discovery-interfaces=\
bridgeLocal enabled=yes interfaces=wlan2,wlan1
/ip address
add address=192.168.3.31/24 interface=ether2 network=192.168.3.0
add address=10.0.0.1/24 interface=WG network=10.0.0.0
/ip dhcp-client
add comment=defconf interface=bridgeLocal
/ip dns
set servers=192.168.3.3
/ip firewall filter
add action=accept chain=input dst-port=51821 log=yes protocol=udp
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.3.3 pref-src=
"" scope=30 target-scope=10