Community discussions

MikroTik App
 
DL7JP
just joined
Topic Author
Posts: 24
Joined: Sat Oct 19, 2013 4:14 pm

wireguard configuration

Thu Jan 28, 2021 10:10 pm

I am experimenting with wg - performance is impressive, but if there is something wrong, I find it hard to debug. I did not come across much documentation so far, is there something detailed around on Mikrotik specifics?

I want to connect multiple peers (Android, IOS, Win10) to a router and tried to have them all on one wireguard interface: 10.0.0.1/24 assiged to the wireguard1, 10.0.0.2/24, 10.0.0.3/24, etc. to the peers (each one of course with separate key pairs). I saw packets incoming, but I could not establish more than one tunnel to a peer, others did not receive responses back from the server. Using a separate wireguard interface for each peer worked: e.g., 10.0.0.1/30 for wireguard1, 10.0.0.2/30 for peer 1, 10.0.0.5/30 for wireguard2, 10.0.0.6/30 for peer 2, etc. I also had to assign different incoming udp ports to each interface, putting them all on the same port did not work.

I am wondering if this is intended behavior, or if I made mistakes in my configuration? Do I actually need a /30 subnet for each interface and peer?

Overall, it's great if it works, but deployment is hard :-).
Last edited by DL7JP on Fri Jan 29, 2021 1:25 am, edited 1 time in total.
 
Sob
Forum Guru
Forum Guru
Posts: 6517
Joined: Mon Apr 20, 2009 9:11 pm

Re: wireguard configuration

Fri Jan 29, 2021 1:25 am

One common interface is enough. Why it doesn't work for you, it's hard to tell. I don't think there's anything in current RouterOS to help you with that, some statistics for individual peers, logs, or anything.
Excessive quoting is useless and annoying. If you use it, please consider if you could do without it.
 
DL7JP
just joined
Topic Author
Posts: 24
Joined: Sat Oct 19, 2013 4:14 pm

Re: wireguard configuration

Fri Jan 29, 2021 11:48 am

One common interface is enough. Why it doesn't work for you, it's hard to tell. I don't think there's anything in current RouterOS to help you with that, some statistics for individual peers, logs, or anything.
I tried to reproduce this by setting up a new interface, now I can have multiple clients on it. No idea why it was consistently not working before... will keep an eye on it. Some debugging support in future version would be good, e.g. error messages for arriving udp packets that cannot be processed or the like.
Anyway, thanks for your help!

Who is online

Users browsing this forum: No registered users and 7 guests