Community discussions

MikroTik App
 
ykleet
newbie
Topic Author
Posts: 29
Joined: Thu Oct 17, 2019 11:29 am

Multiple WG clients(peers) per WG service

Sat Mar 27, 2021 5:23 pm

Multiple WireGuard clients (peers) connect to one WireGuard service.

My purpose is trying to allow wireguard clients to communicate each others. If I create one WG service and connect to 1 peer then everything works well.
If I create two WG services, allow one peer connect to each service and creating routing rule to allow communication between wireguard peers, then everything is work as expected too.
But if only one service is created and allow 2 peers to connect, the service seems crash every time when the second peer try to connect.

I am not sure whether multiple peers per Wireguard service is allowed, if yes, how to config it. Please advice and thx in advance.
 
lucidnx
just joined
Posts: 15
Joined: Tue Jan 08, 2019 10:17 am

Re: Multiple WG clients(peers) per WG service

Fri May 28, 2021 10:35 am

Hello! I am facing this issue too, on latest ROS 7.1beta6.
1 peer - working perfectly
2 or more peers - after first one connect, others are unable to receive data from ROS. In rare situation, it can even drop connection for first peer (one that is successfully connected)

Help in this situation is to restart service (maybe), but only thing that work for me now, is to change peer's config (anything, just to re-save whole peer config). Only this peer can be connected afterwards without issue.
 
haagen6000
just joined
Posts: 1
Joined: Fri May 28, 2021 5:56 pm

Re: Multiple WG clients(peers) per WG service

Fri May 28, 2021 6:01 pm

Hi,

I'm having exactly the same issue, I've stumbled upon this yesterday, behavior is exactly as described by guys before me. It really is disappointing.

Version: ROS 7.1beta6
Last edited by haagen6000 on Fri May 28, 2021 6:05 pm, edited 1 time in total.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Multiple WG clients(peers) per WG service

Sun May 30, 2021 10:00 pm

Interesting. All I can say is using Beta5, I can connect an external PC and my iphone.
I am using two different wg interfaces however for the two peers (not two peers to one interface,).

In my case I have an RBG router acting as a server behind an MT CCR primary router.
At the client end I have an RB4011 router acting as a client behind a Consumer Router.
The iphone uses my cellular data for example.

With the IPHONE I can access the RB4011 with my MT application and configure/manage the RB4011 (as well as both MT routers on the server side)
This tells me I can go from one tunnel to the other.
Since I have a destination route on the router SERVER for internet return packets (to the client PC at the other end), all I had to do was to use the IP on the MT APP for the client router.
On the client router of course on the input chain I had to include the IP address of the cell phone to allow access to the router.
The RBG looking at the traffic coming out of the iphone wireguard tunnel and seeing the destination address was for the other end of the WG tunnel on the other wg interface just ported it out the appropriate other wireguard interface.

Therefore suggesting that if you need to access something from one client or another, the routing may already be in place for each client subnet and thus accessible. Client A reaching Client B PC or vice versa. Here it would be a case at the client end to ensure forward filter rules allows access............ I think, but not sure what is being asked,
However if you are talking about both clients accessing a specific subnet on the server router that is a different matter.
Ensuring the requirements are crystal clear will point the right path.
 
lucidnx
just joined
Posts: 15
Joined: Tue Jan 08, 2019 10:17 am

Re: Multiple WG clients(peers) per WG service

Mon Jun 07, 2021 12:20 pm

Maybe we all have WG server on separate ROS in LAN, not on Primary gateway? I have DST-NAT 13231 >> ROS in local network.
 
BillyVan
newbie
Posts: 36
Joined: Tue Sep 04, 2018 10:29 pm
Location: Greece

Re: Multiple WG clients(peers) per WG service

Sat Sep 25, 2021 9:21 pm

Hi.
I have same problem.
I want to connect 5 Mikrotik routers as peers to RB450gx4.
Only one working from 5
Some times if i close the peer from 450 other one connect.
Did you find any solution?

All routers v7.1rc4

Thanks
 
parham
Frequent Visitor
Frequent Visitor
Posts: 62
Joined: Sun Feb 15, 2015 11:35 pm

Re: Multiple WG clients(peers) per WG service

Sat Sep 25, 2021 10:04 pm

On each peer use /32 for the assign IP and then check.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Multiple WG clients(peers) per WG service

Sat Sep 25, 2021 11:25 pm

Try 5 separate WG interfaces each with its own single peer.
 
BillyVan
newbie
Posts: 36
Joined: Tue Sep 04, 2018 10:29 pm
Location: Greece

Re: Multiple WG clients(peers) per WG service

Sat Sep 25, 2021 11:46 pm

Try 5 separate WG interfaces each with its own single peer.
yes its my second option

but wireguard 2, 3, 4, 5 not running on same port
i see maybe tommorow because i need again for ports open on firewall and port forw etc...

Didnt help /32 on peer ip

Thanks
 
User avatar
npeca75
Frequent Visitor
Frequent Visitor
Posts: 75
Joined: Thu Aug 03, 2017 3:12 pm

Re: Multiple WG clients(peers) per WG service

Sun Sep 26, 2021 10:34 am

working fine

7.1 rc4 CHR

one WG interface, 8 peer
all at once

router to peer OK
peer to peer OK
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Multiple WG clients(peers) per WG service

Sun Sep 26, 2021 3:49 pm

Nice, maybe hardware specific then...........
 
holvoetn
Forum Guru
Forum Guru
Posts: 5323
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Multiple WG clients(peers) per WG service

Sun Sep 26, 2021 4:12 pm

4 different peers connected on the same WG interface.
It just works.
subnet 10.255.255.0/24 reserved for WG interface.
10.255.255.1 - Hex (home: 192.168.2.0/24)
10.255.255.2 - mAP (with subnet 192.168.90.0/24)
10.255.255.3 - laptop (no subnet)
10.255.255.4 - SXT LTE 930km further South in France (with subnet 192.168.88.0/24, also cAP and cAP AC on that network)
10.255.255.5 - mAP Lite (with subnet 192.168.91.0/24)

Be careful though:
- on "server" side (peer) set allowed address to ip/32 address of the endpoint (or it will not know where to go to), you can add subnet if needed
- on "client" side the easiest is to set 10.255.255.0/24 as allowed address and the subnets you want to be able to contact. E.g. I did not bother to go beyond home network for mAPLite. I did set all on mAP for educational purposes :D
For laptop I set 0.0.0.0/0 so everything goes home when WG is fired up.
 
BillyVan
newbie
Posts: 36
Joined: Tue Sep 04, 2018 10:29 pm
Location: Greece

Re: Multiple WG clients(peers) per WG service

Sun Sep 26, 2021 5:59 pm

i spend 2 hours to reset and config all of them

οκ, all working as described

Thank you
 
drekinov
just joined
Posts: 1
Joined: Fri Oct 22, 2021 6:25 pm

Re: Multiple WG clients(peers) per WG service

Fri Oct 22, 2021 6:30 pm

We have Hex S with v7rc4.
we specifically updated to v7 because of wireguard.
from day one multiple peers are not working.
i think it is understandable that reseting the whole router just to test IF it works is not acceptable considering time and downtime.

i am even blocked right now because i tried to add second peer and wireguard interface now accept connection but there is no internet.
probably i have to go to office to reboot whole router and hope return it to normal.

all peers can be anywhere , even at same place at same time.

right now workaround is each peer to be wireguard interface and have its own /30 network.
===
i just deployed (today) AWS EC2 instance with ubuntu and wireguard using popular wireguard-install.sh and it is just adding peers to same wireguard interface . so from wireguard point of view it is supported case.


EDIT: i just restarted router two times.
my wireguard interface is not working. so that second peer i tried to add just to confirm if commrnts here are correct and issue disappeared .. ruin whole setup.
will confirm with other collegues if their are working at least :)
Last edited by drekinov on Fri Oct 22, 2021 7:04 pm, edited 1 time in total.
 
corp9592
just joined
Posts: 12
Joined: Sun May 05, 2019 10:14 pm

Re: Multiple WG clients(peers) per WG service

Thu Dec 09, 2021 1:34 am

4 different peers connected on the same WG interface.
It just works.
subnet 10.255.255.0/24 reserved for WG interface.
10.255.255.1 - Hex (home: 192.168.2.0/24)
10.255.255.2 - mAP (with subnet 192.168.90.0/24)
10.255.255.3 - laptop (no subnet)
10.255.255.4 - SXT LTE 930km further South in France (with subnet 192.168.88.0/24, also cAP and cAP AC on that network)
10.255.255.5 - mAP Lite (with subnet 192.168.91.0/24)

Be careful though:
- on "server" side (peer) set allowed address to ip/32 address of the endpoint (or it will not know where to go to), you can add subnet if needed
- on "client" side the easiest is to set 10.255.255.0/24 as allowed address and the subnets you want to be able to contact. E.g. I did not bother to go beyond home network for mAPLite. I did set all on mAP for educational purposes :D
For laptop I set 0.0.0.0/0 so everything goes home when WG is fired up.
Sorry to bring back this topic, but I just wanted to thank this user for the info on the "allowed address to ip/32" on the server side. This totally helped me get multiple wg peers for just one interface.
 
uberwebguru
Member Candidate
Member Candidate
Posts: 172
Joined: Sat Feb 26, 2022 12:05 pm

Re: Multiple WG clients(peers) per WG service

Sun Apr 03, 2022 4:17 am

I am having similar issues
wireguard1 is showing as running, but wireguard2 is not showing as running
why is this?

Image
 
holvoetn
Forum Guru
Forum Guru
Posts: 5323
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Multiple WG clients(peers) per WG service

Sun Apr 03, 2022 7:28 am

I am having similar issues
wireguard1 is showing as running, but wireguard2 is not showing as running
why is this?
Because you used the exact same listen port as the other entry.
Change that port and it will start.
 
uberwebguru
Member Candidate
Member Candidate
Posts: 172
Joined: Sat Feb 26, 2022 12:05 pm

Re: Multiple WG clients(peers) per WG service

Sun Apr 03, 2022 8:01 am

I am having similar issues
wireguard1 is showing as running, but wireguard2 is not showing as running
why is this?
Because you used the exact same listen port as the other entry.
Change that port and it will start.
Wow you are right
So the add feature does not auto increment the port
Yup changed the port and now it shows running
Thanks
 
holvoetn
Forum Guru
Forum Guru
Posts: 5323
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Multiple WG clients(peers) per WG service

Sun Apr 03, 2022 8:07 am

So the add feature does not auto increment the port
No, why should it ?
It's the responsibility of the admin to make sure the port to be used is available and filled in correctly when setting up a new WG-interface.
There is no way ROS can know which port you plan to use so it simply fills in a default (which on itself should be an indication that you need to change it to something else).

Who is online

Users browsing this forum: No registered users and 24 guests