I need to access multiple devices that are behind adsl modem nat (the adsl modem is also behind isp cgnat), for this purpose I setup a central wireguard server and add mutiple peers that will use mikrotik hap lite.
Server config file:
Code: Select all
[Interface]
Address = 10.200.200.1/24
PrivateKey = cD06xYcsW9Nb5ccUqkBzbOlRPxq01QKEmfoqX+rIAkM=
ListenPort = 51820
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
#Mikrotik hap lite
[Peer]
PublicKey = sNt6tq44aeyDejNUNVE+hhueD6g4hbTDq530r6ulWGQ=
AllowedIPs = 10.200.200.2/32, 192.168.88.0/24
# The smartphone
[Peer]
PublicKey = zf+DL6lpR9iYinDV+kPjPZAygQUwjj9toni37W37YjY=
AllowedIPs = 10.200.200.3/32
I can use wireguard peer for "Mikrotik hap lite" on wireguard windows client without problem, config I use is:
Code: Select all
[Interface]
PrivateKey = gJMO/r0EAiLKbEruZjSd0TJvIJ25bLGBF5irSRAmgUA=
ListenPort = 51820
Address = 10.200.200.2/32
DNS = 8.8.8.8
[Peer]
PublicKey = HgSmme2UI2hYwaMVjJHO+6Ow5fYVusGi953Kf5uHXXo=
AllowedIPs = 0.0.0.0/0
Endpoint = 213.232.235.116:51820
PersistentKeepalive = 25
I config mikrotik as above config, also disable firewall rules for sake of testing, but it seems that peer isn't working.
Wireguard interface config:
Code: Select all
0 R name="wireguard1" mtu=1420 listen-port=2343 private-key="gJMO/r0EAiLKbEruZjSd0TJvIJ25bLGBF5irSRAmgUA=" public-key="sNt6tq44aeyDejNUNVE+hhueD6g4hbTDq530r6ulWGQ="
Wireguard peer config:
Code: Select all
Columns: INTERFACE, PUBLIC-KEY, ENDPOINT-ADDRESS, ENDPOINT-PORT, ALLOWED-ADDRESS
# INTERFACE PUBLIC-KEY ENDPOINT-ADDRESS ENDPOINT-PORT ALLOWED-ADDRESS
0 wireguard1 HgSmme2UI2hYwaMVjJHO+6Ow5fYVusGi953Kf5uHXXo= public-ip 51820 ::/0
IP addresses:
Firewall: