Community discussions

MikroTik App
 
2fast4u
just joined
Topic Author
Posts: 2
Joined: Thu Apr 15, 2021 11:56 pm

Wireguard IPv6 configuration

Sat Apr 17, 2021 12:51 am

Hi networking experts,

I'm trying to setup wireguard VPN with IPv6 for private use, to access 2 devices in LAN, but something seems to be misconfigured.
Network itself is pretty simple ISP(lte) -> Mikrotik router -> 2 LAN devices
I've created wireguard interface, setup peer(no address restrictions) for it, assigned fixed IPv6 address to wireguard interface added interface to WAN list, disabled all ipv6 firewall filters, but even with that connection is not established, on the client side the error message is "failed to send handshake initiation: write udp6[::]"

Rest of the configuration is default, provided by ISP
# RouterOS 7.1beta5
# model = RBD53G-5HacD2HnD&EG18-E
/interface bridge
add admin-mac=08:55:31:A1:8F:C2 auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether3 ] arp=disabled
/interface wireguard
add listen-port=13231 mtu=1420 name=wireguard1 private-key=\
    "privKey"
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN

/interface lte apn
    add apn=static62.lmt.lv ipv6-interface=lte1 name=LMT-static62.lmt.lv

/ipv6 dhcp-server
add address-pool=delegation interface=wireguard1 name=wg-ipv6
/ipv6 pool
add name=delegation prefix=2222:0000:bbbb:5:1:1::/112 prefix-length=120

/interface bridge host
add bridge=bridge interface=ether3 mac-address=08:55:31:A1:8F:C4
add bridge=bridge interface=ether3 mac-address=C0:51:7E:23:4F:06

/interface bridge port
add bridge=bridge comment=defconf interface=ether1
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge interface=WAN

/ipv6 settings
set accept-router-advertisements=yes forward=no
/interface detect-internet
set wan-interface-list=WAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=lte1 list=WAN
add interface=wireguard1 list=WAN

/interface wireguard peers
add endpoint-port=13231 interface=wireguard1 public-key=\
    "publicKey"
/ipv6 route
add disabled=no dst-address=wireguard1/128 gateway=lte1

/ipv6 address
add address=2222:0000:bbbb:5:1::/128 advertise=no interface=wireguard1
add address=2222:0000:bbbb:5:a55:31ff:fea1:8fc2 eui-64=yes interface=bridge

/ipv6 firewall filter
add action=accept chain=forward disabled=yes dst-address=::/0 dst-port=13231 \
    protocol=udp
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked disabled=yes
add action=accept chain=input comment="Accept WireGuard" disabled=yes \
    dst-address=2222:0000:bbbb:5:1:: dst-port=13231 log=yes log-prefix=WG: \
    protocol=udp
 
2fast4u
just joined
Topic Author
Posts: 2
Joined: Thu Apr 15, 2021 11:56 pm

Re: Wireguard IPv6 configuration

Tue May 04, 2021 9:32 pm

Anyone?
 
Cablenut9
Long time Member
Long time Member
Posts: 542
Joined: Fri Jan 08, 2021 5:30 am

Re: Wireguard IPv6 configuration

Tue May 04, 2021 9:46 pm

I'm suspecting that ROS doesn't support Wireguard over IPv6. Wait until the next beta release to see if it changes

Who is online

Users browsing this forum: BioMax, Farid0085 and 41 guests