we set up a RB4011 with RouterOS 7.1beta6 . We want to tunnel all client traffic through our WireGuard server.
That's the config we use on an unconfigured RB4011:
Code: Select all
/system identity
set name=router-1
/system clock
set time-zone-name=Europe/Berlin
/ip dhcp-client
add add-default-route=yes disabled=no interface=ether1
/interface bridge
add name=bridge_default
/interface bridge port
add bridge=bridge_default interface=ether2
add bridge=bridge_default interface=ether3
add bridge=bridge_default interface=ether4
add bridge=bridge_default interface=ether5
add bridge=bridge_default interface=ether6
add bridge=bridge_default interface=ether7
add bridge=bridge_default interface=ether8
add bridge=bridge_default interface=ether9
/interface wireguard
add disabled=no listen-port=12345 mtu=1420 name=wireguard_default private-key=\
"***"
/interface wireguard peers
add allowed-address=0.0.0.0/0 disabled=no endpoint-address=*** \
endpoint-port=55820 interface=wireguard_default persistent-keepalive=10s \
public-key="***"
/ip address
add address=172.16.1.2/24 disabled=no interface=wireguard_default network=172.16.1.0
add address=192.168.10.254/24 interface=bridge_default network=192.168.10.0
/ip pool
add name=dhcp_pool_default ranges=192.168.10.70-192.168.10.90
/ip dhcp-server
add address-pool=dhcp_pool_default disabled=no interface=bridge_default name=dhcp_default
/ip dhcp-server network
add address=192.168.10.0/24 dns-server=192.168.10.254 gateway=192.168.10.254
/routing table
add disabled=no name=wireguard
/routing rule
add action=lookup disabled=no dst-address=192.168.10.0/24 src-address=192.168.10.0/24 table=main
add action=lookup disabled=no dst-address=0.0.0.0/0 src-address=192.168.10.0/24 table=wireguard
/ip route
add distance=1 gateway=172.16.1.1 routing-table=wireguard
add distance=1 dst-address=192.168.10.0/24 gateway=bridge_default routing-table=\
wireguard
/ipv6 settings
set disable-ipv6=yes
First we thought it might be an issue with the tunnel itself, so we tried to use other clients instead RouterOS, like a Ubuntu Linux. When using any client other than RouterOS, we cannot reproduce this behavior. As we use the same WireGuard instance server side, we can also rule out it is a configuration issue on the WireGuard server.
As I don't see anything obviously wrong in RouterOS configuration and we have the same issue on several RB4011, I assume there is an issue within the RouterOS 7.1beta6 version.
An endpoint that always seems affected is duckduckgo.com , but we also have issues downloading Apps from Apple App-Store as well as iOS Updates.
Has anyone experienced something like this and know what to do?
Cheers
J