Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

Port Forward help - wireguard  [SOLVED]

Post Reply
 
danielsza
just joined
Topic Author
Posts: 3
Joined: Sun Jun 12, 2022 4:26 pm

Port Forward help - wireguard

Sun Jun 12, 2022 4:40 pm

Total Mikrotik Noob here...
Coming from Unifi

after lots of frustration, I got almost everything working, except my vpn.


I'm trying (unsuccessfully) to get my wire guard VPN working

I need to forward udp port 51820 to 192.168.0.222 (my vpn server), using a PPPoE connection

I had everything working with my previous unifi setup, with port 51820 forwarded to the same ip

I'm sure it's me not understanding something.

Any help would be greatly appreciated .
Code: Select all
[admin@MikroTik] > ip firewall export
# jun/12/2022 09:33:13 by RouterOS 7.4beta2
# software id = 0KPK-3LU0
#
# model = CCR2004-16G-2S+
# serial number = HB********
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=forward connection-nat-state=dstnat connection-state=\
    new in-interface-list=WAN
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=input src-address=231.0.0.160
add action=drop chain=input src-address=239.255.255.250
add action=drop chain=input src-address=212.56.101.192
add action=drop chain=input src-address=51.195.234.92
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
    invalid
add action=drop chain=forward comment="drop all else" disabled=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
add action=dst-nat chain=dstnat in-interface-list=WAN protocol=udp src-port=\
    51820 to-addresses=192.168.0.222 to-ports=51820
Top
 
danielsza
just joined
Topic Author
Posts: 3
Joined: Sun Jun 12, 2022 4:26 pm

Re: Port Forward help - wireguard  [SOLVED]

Mon Jun 13, 2022 3:11 am

i figured out what i did wrong.

when i changed my router from 192.168.0.1 to 192.168.0.2
I forgot that i had dhcp (client) disabled on my rpi which runs wireguard.
and it had the old router address set, which casued all my problems.
I changed it to the new address (rebooted) and it worked.
Top
Post Reply

Who is online

Users browsing this forum: elbob2002, tangent, unhuzpt and 58 guests
  4. RouterOS
  5. Beginner Basics