Community discussions

MikroTik App
 
daemonx9
just joined
Topic Author
Posts: 3
Joined: Tue Feb 23, 2021 2:16 am

Wireguard tunnel internet traffic issues

Tue Feb 23, 2021 2:27 am

HI I have setup a wireguard server that works pretty well and a wire client router using v7.1 Beta4, problem is that after creating the interface and some rules for policy base routing is like have the internet traffic does not work meaning for example if someone in the network tries to access "duckduckgo.com", if I set up the wireclient on a PC using windows or linux all traffic works fine, this only happens with the router as client here is kind of the configuration I created:

>wg genkey | tee privatekey | wg pubkey > publickey
>interface wireguard add listen-port=12345 mtu=1420 name=WG1 private-key="abc=="
>interface wireguard peers add allowed-address=0.0.0.0/0 endpoint-address=SERVER_IP endpoint-address=12345 interface=WG1 persistent-keepalive=15 public-key="SERVER_Public_Key"
>ip address add address=10.XX.XX.XX/16 interface=WG1

test the interface by pining google DNS servers:

> ping interface=WG1 8.8.8.8
SEQ HOST SIZE TTL TIME STATUS
0 8.8.8.8 56 121 178ms882us
1 8.8.8.8 56 121 103ms804us
2 8.8.8.8 56 121 71ms521us
sent=3 received=3 packet-loss=0% min-rtt=71ms521us avg-rtt=118ms69us max-rtt=178ms882us

After this set Policy based routing for full internal subnet, some host or based on content using mangle rules(this example is for the whole internal subnet):

>routing table add name=Through_WG fib
>ip route add dst-address=0.0.0.0/0 gateway=WG1 routing-table=Through_WG
>ip firewall nat chain=srcnat src-address=192.168.150.0/24 out-interface="WG1" action=masquerade
>ip firewall mangle add chain=prerouting src-address=192.168.150.0/24 action=mark-routing routing-table=Through_WG

Any ideas how can I debug this issue?
 
mducharme
Trainer
Trainer
Posts: 1142
Joined: Tue Jul 19, 2016 6:45 pm

Re: Wireguard tunnel internet traffic issues

Thu Feb 25, 2021 7:06 am

I think the problem is gateway=WG1 in your ip route - you can only set gateway to an interface if it is a PPP interface. For any other interface type it must be an IP address.
 
daemonx9
just joined
Topic Author
Posts: 3
Joined: Tue Feb 23, 2021 2:16 am

Re: Wireguard tunnel internet traffic issues

Thu Feb 25, 2021 7:41 pm

got it, so I added the wireguard server IP in the route, but I still have the same issue, only some traffic makes it through the wireguard tunnel, adde something like this


ip route add dst-address=0.0.0.0/0 gateway=Wirteguard_server_IP@main routing-table=Through_WG

Could it be something in firewall stopping the traffic or should it be allowed some where?
 
Halfeez92
newbie
Posts: 45
Joined: Tue Oct 30, 2012 12:58 pm
Contact:

Re: Wireguard tunnel internet traffic issues

Fri Feb 26, 2021 2:42 am

Why do you need to put the src address in the masquerade rule?
 
daemonx9
just joined
Topic Author
Posts: 3
Joined: Tue Feb 23, 2021 2:16 am

Re: Wireguard tunnel internet traffic issues

Fri Feb 26, 2021 8:49 pm

Why do you need to put the src address in the masquerade rule?
It really does not ned it, just try a few different things to try to make it work.

Who is online

Users browsing this forum: Baidu [Spider] and 7 guests