Community discussions

MikroTik App
 
bardulf
just joined
Topic Author
Posts: 3
Joined: Sat Mar 05, 2022 7:15 am

Wireguard peer doesn't work

Sat Mar 05, 2022 8:39 am

Hi,

I need to access multiple devices that are behind adsl modem nat (the adsl modem is also behind isp cgnat), for this purpose I setup a central wireguard server and add mutiple peers that will use mikrotik hap lite.

Server config file:
[Interface]
Address = 10.200.200.1/24
PrivateKey = cD06xYcsW9Nb5ccUqkBzbOlRPxq01QKEmfoqX+rIAkM=
ListenPort = 51820

PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE


#Mikrotik hap lite
[Peer]
PublicKey = sNt6tq44aeyDejNUNVE+hhueD6g4hbTDq530r6ulWGQ=
AllowedIPs = 10.200.200.2/32, 192.168.88.0/24

# The smartphone
[Peer]
PublicKey = zf+DL6lpR9iYinDV+kPjPZAygQUwjj9toni37W37YjY=
AllowedIPs = 10.200.200.3/32

I can use wireguard peer for "Mikrotik hap lite" on wireguard windows client without problem, config I use is:
[Interface]
PrivateKey = gJMO/r0EAiLKbEruZjSd0TJvIJ25bLGBF5irSRAmgUA=
ListenPort = 51820
Address = 10.200.200.2/32
DNS = 8.8.8.8

[Peer]
PublicKey = HgSmme2UI2hYwaMVjJHO+6Ow5fYVusGi953Kf5uHXXo=
AllowedIPs = 0.0.0.0/0
Endpoint = 213.232.235.116:51820
PersistentKeepalive = 25

I config mikrotik as above config, also disable firewall rules for sake of testing, but it seems that peer isn't working.

Wireguard interface config:
0  R name="wireguard1" mtu=1420 listen-port=2343 private-key="gJMO/r0EAiLKbEruZjSd0TJvIJ25bLGBF5irSRAmgUA=" public-key="sNt6tq44aeyDejNUNVE+hhueD6g4hbTDq530r6ulWGQ=" 
Image


Wireguard peer config:
Columns: INTERFACE, PUBLIC-KEY, ENDPOINT-ADDRESS, ENDPOINT-PORT, ALLOWED-ADDRESS

# INTERFACE   PUBLIC-KEY                                    ENDPOINT-ADDRESS  ENDPOINT-PORT  ALLOWED-ADDRESS

0 wireguard1  HgSmme2UI2hYwaMVjJHO+6Ow5fYVusGi953Kf5uHXXo=  public-ip           51820  ::/0           
Image


IP addresses:
Image


Firewall:
Image
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Wireguard peer doesn't work

Thu Mar 10, 2022 7:52 pm

Wireguard in RouterOS does not automatically add routes, you need to do that manually. For example, you can assign client's address with different mask 10.200.200.2/24 and it will give you automatic route to 10.200.200.x. If you need routes to other subnets, add them like this:
/ip route
add dst-address=192.168.55.0/24 gateway=wireguard1
 
holvoetn
Forum Guru
Forum Guru
Posts: 5323
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Wireguard peer doesn't work

Thu Mar 10, 2022 9:34 pm

How do you conclude peer is not working ?
You can only tell if data is coming BACK that it works. It will always try to send.

And which peer is not working ?
Since you say it works with your windows client, there should be nothing terribly wrong with the wireguard setup on your haplite.

Is your haplite also behind that adsl modem ?

A small drawing might clarify quite some things ...
 
bardulf
just joined
Topic Author
Posts: 3
Joined: Sat Mar 05, 2022 7:15 am

Re: Wireguard peer doesn't work  [SOLVED]

Fri Mar 11, 2022 7:02 pm

My mistake was that I didn't set persistent keepalive, It doesn't need custom route for my case. Thanks for your guides.
 
User avatar
mozerd
Forum Veteran
Forum Veteran
Posts: 871
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: Wireguard peer doesn't work

Fri Mar 11, 2022 7:40 pm

@bardilf
I hope that the WG private key and your Wan IP that you posted are not real … you should never show those when posting …. For private key just state my private key and for WAN IP just show xxx.vvv.zzz.fff …..

If the private key that you showed is real I strongly suggest that you immediately change it plus change your public key now as well.
 
bardulf
just joined
Topic Author
Posts: 3
Joined: Sat Mar 05, 2022 7:15 am

Re: Wireguard peer doesn't work

Sat Mar 12, 2022 8:59 am

@mozerd
Thanks for your informative answer, I changed both keys before posting it here.

Who is online

Users browsing this forum: No registered users and 25 guests