Community discussions

MikroTik App
 
User avatar
a6xa3
just joined
Topic Author
Posts: 4
Joined: Mon Sep 06, 2021 10:13 am

Wireguard routing through Endpoint

Wed Sep 15, 2021 12:41 am

Hello!

RouterOS Beta 7.1RC3

The idea: route everything (Internet access) through WireGuard connection

The setup:

WireGuard server on Linux machine with INTERNET IP + WG0 INTERFACE (REMOTE)
Mikrotik acting as WireGuard client (wireguard1 interface) and connecting to WireGuard server (Endpoint set) (LOCAL)

On LOCAL, I have enabled allowed IP to be 0.0.0.0/0
On REMOTE I have enabled forwarding and other rules, so packets go as intended

Pings from LOCAL to REMOTE is OK
Pings from REMOTE to LOCAL is OK

The problem: I can't ping anything outside, for example 1.1.1.1 from LOCAL via wireguard1 interface

The strange part: i can see in torch and in tcpdump that packets are properly flow, so I get a return packet for ICMP on mikrotik side with DST: mikrotik IP and SRC: 1.1.1.1 but the ping is not working (timeout). I can see these packets on Prerouting (raw+mangle) but seems that they are lost after. For me, it seems like a bug in WireGuard filtering or something like that.

The funny part: same setup but with routing from REMOTE via LOCAL to internet — works as intended.
 
User avatar
netravnen
Frequent Visitor
Frequent Visitor
Posts: 61
Joined: Sun Dec 31, 2017 2:48 am

Re: Wireguard routing through Endpoint

Wed Sep 15, 2021 2:57 pm

Is the set-up like this?

LAN --> MT router --> WG tunnel --> VPS --> Internet, where the MT router is doing the PAT towards the Internet?

Or

LAN --> MT router --> WG tunnel --> VPS --> Internet, where the *VPS* is doing the PAT towards the Internet?

(PAT: Port address translation, aka. Firewall mangle rules.)
 
User avatar
a6xa3
just joined
Topic Author
Posts: 4
Joined: Mon Sep 06, 2021 10:13 am

Re: Wireguard routing through Endpoint

Tue Sep 21, 2021 8:14 pm

UPD: Fixed in 7.0 RC4!!! Everything works from Router and from LAN

Now I need to figure out how to route packets with Routing Mark

If I add route in rules, it works flawlessly
Image

If I add routing mark - it doesn't
Image
Image

The "strange" part I can see the incoming packet with the right SRC/DST, but it's not routed further when Mark Routing is used
Image

If policy routing is enabled, I get the same packets and everything works as intended
Image

Seems when I set up Routing Mark packets are arriving but never leave router and even router can't see them (same situation as it was with wireguard packets in RC3)

Who is online

Users browsing this forum: Bing [Bot] and 31 guests