HI,
any help for configuring the wireguard client mac os x to mikrotik wireguard server
I don't understand how the keu it's necessary to add on mikortik and mac os x
when I test the connection is Ok but no access on network or internet
-
-
spynappels
Member Candidate
- Posts: 106
- Joined:
- Location: Northern Ireland
- Contact:
Re: Wireguard for MAC OS X
Ok, do you have a Wireguard 'server' already running on your Mikrotik router? If you do, does it work with Android or Windows Wireguard clients?
I'm just trying to establish if it is just the MacOS specific part that is giving trouble, or if you want someone to talk you through the whole thing.
At it's most basic, you create a Wireguard interface on the Mikrotik, and give it an IP address. You make sure that the port you are listening on is opened in the WAN firewall.
Take a note of the public key for this interface, as you will need to use it in the client setup.
Install the client software and configure a tunnel. This requires creating the interface and giving it an IP address. The client keypair will probably be created for you, take a note of the client's public key as you'll need this later.
In the peer section of the client tunnel config, set up the Mikrotik as a peer, using the Mikrotik's public key, the Mikrotik's IP (endpoint) and port, and the IPs that you want to route over the tunnel (use 0.0.0.0/0 if you want to send all traffic over the tunnel).
Finally, on the Mikrotik, add a peer using the client's public key and the IP address of the client as an allowed address.
This is a very basic simple road-warrior type setup, which should then just work. If it doesn't, you need to check the handshake completes correctly, which is sometimes easier to do from the client end, and then look at all your firewall rules in case they may be blocking things for you.
I'm just trying to establish if it is just the MacOS specific part that is giving trouble, or if you want someone to talk you through the whole thing.
At it's most basic, you create a Wireguard interface on the Mikrotik, and give it an IP address. You make sure that the port you are listening on is opened in the WAN firewall.
Take a note of the public key for this interface, as you will need to use it in the client setup.
Install the client software and configure a tunnel. This requires creating the interface and giving it an IP address. The client keypair will probably be created for you, take a note of the client's public key as you'll need this later.
In the peer section of the client tunnel config, set up the Mikrotik as a peer, using the Mikrotik's public key, the Mikrotik's IP (endpoint) and port, and the IPs that you want to route over the tunnel (use 0.0.0.0/0 if you want to send all traffic over the tunnel).
Finally, on the Mikrotik, add a peer using the client's public key and the IP address of the client as an allowed address.
This is a very basic simple road-warrior type setup, which should then just work. If it doesn't, you need to check the handshake completes correctly, which is sometimes easier to do from the client end, and then look at all your firewall rules in case they may be blocking things for you.
Re: Wireguard for MAC OS X
Well if your mac is like my IPHONE.........
PHONE Settings
Name (on wireguard interface): Barto
Public Key: xxyy What you will put on the MT Server (at peer setting)
Addresses: 10.0.10.3/32 Give the mac a random single IP that will travel through the tunnel to the MT server
MTU: keep at default 1420 although I have seen some set it to 1450
DNS Servers: 1.1.1.1, 9.9.9.9
PEER Settings
Public Key: aabb Is the public key from the MT Server.
Endpoint:PORT ipcloudname:13321 The WANIP or public IP of the MT server (could be its IP cloud name) and colon and listening port setup on MT Server
Allowed IPs: Depends-
a. 0.0.0.0/0 (all IPs typically means you want your mac to access the internet through the MT server)
b. 192.168.30.0/24, 192.168.40.0/24 (typically used if you want your mac server to only be able to connect to two subnets on the MT Server)
c. (my iphone doesnt have this setting but if the mac has a persistant keep alive, set to something like 40 seconds).
ON the MT SERVER ROUTER
1. INPUT CHain rule allowing traffic on port 13321 to establish the initial tunnel connection.
add chain=input action=accept dst-port=13321 in-interface-list=WAN
2. WIREGUARD Settings
Name(of interface) MAC-WG
MTU - should match the mac
Listen port: 13321
Private key (not relevant)
Public Key: aabb This is the public key you give to the mac.
3. PEER Settings
Interface name: (same as above MAC_WG
Public Key: xxyy This is the public key FROM the MAC
Allowed Address: 10.0.10.3/32 matches the IP coming from the peer and allowed onto the MT server
4. TBD if required ??- ip address for wg interface on MT server
5. IP routes for traffic on MT server typically dst-address=10.0.10.3 gw=wg interface table=main (ensures any return traffic from subnets or internet get returned back through the tunnel to the mac)
6. Add wg interface to LAN interface
a. if wanting to access subnets easily or the internet (assuming you may require some addition forward chain rules)
b. access MT server internet (assuming a LAN to WAN rule)
7. add wg interface to management or base interface if wanting to be able to config the router. (assuming an associated input chain rule)
PHONE Settings
Name (on wireguard interface): Barto
Public Key: xxyy What you will put on the MT Server (at peer setting)
Addresses: 10.0.10.3/32 Give the mac a random single IP that will travel through the tunnel to the MT server
MTU: keep at default 1420 although I have seen some set it to 1450
DNS Servers: 1.1.1.1, 9.9.9.9
PEER Settings
Public Key: aabb Is the public key from the MT Server.
Endpoint:PORT ipcloudname:13321 The WANIP or public IP of the MT server (could be its IP cloud name) and colon and listening port setup on MT Server
Allowed IPs: Depends-
a. 0.0.0.0/0 (all IPs typically means you want your mac to access the internet through the MT server)
b. 192.168.30.0/24, 192.168.40.0/24 (typically used if you want your mac server to only be able to connect to two subnets on the MT Server)
c. (my iphone doesnt have this setting but if the mac has a persistant keep alive, set to something like 40 seconds).
ON the MT SERVER ROUTER
1. INPUT CHain rule allowing traffic on port 13321 to establish the initial tunnel connection.
add chain=input action=accept dst-port=13321 in-interface-list=WAN
2. WIREGUARD Settings
Name(of interface) MAC-WG
MTU - should match the mac
Listen port: 13321
Private key (not relevant)
Public Key: aabb This is the public key you give to the mac.
3. PEER Settings
Interface name: (same as above MAC_WG
Public Key: xxyy This is the public key FROM the MAC
Allowed Address: 10.0.10.3/32 matches the IP coming from the peer and allowed onto the MT server
4. TBD if required ??- ip address for wg interface on MT server
5. IP routes for traffic on MT server typically dst-address=10.0.10.3 gw=wg interface table=main (ensures any return traffic from subnets or internet get returned back through the tunnel to the mac)
6. Add wg interface to LAN interface
a. if wanting to access subnets easily or the internet (assuming you may require some addition forward chain rules)
b. access MT server internet (assuming a LAN to WAN rule)
7. add wg interface to management or base interface if wanting to be able to config the router. (assuming an associated input chain rule)
Re: Wireguard for MAC OS X [SOLVED]
It's ok that work
Thank's for your help
I view the youtube video off 7.1.1 and wireguard and work perfectly
I don't understand the key it's configure on mac for public and private
now all work perfectly
Thank's for your help
I view the youtube video off 7.1.1 and wireguard and work perfectly
I don't understand the key it's configure on mac for public and private
now all work perfectly
Who is online
Users browsing this forum: k6ccc and 64 guests