use case: 3x Smartphones, 3x laptop computers wish to access the Home LAN over a VPN when away from home
I've enabled Wireguard, and setup 1 client for each. Installed the official Wireguard app and configured.
My phone works, but I can't get any other device to complete the handshake. This happens regardless of wireguard being active on my phone, and it happens on wifi or off wifi.
Thanks,
Code: Select all
# RouterOS 7.5
# software id = W5M1-5E8A
#
# model = RB760iGS
/interface wireguard
add listen-port=51820 mtu=1420 name=wireguard1
/interface wireguard peers
add allowed-address=10.0.0.2/32 interface=wireguard1 persistent-keepalive=20s public-key=""
add allowed-address=10.0.0.3/32 endpoint-address="" interface=wireguard1 public-key=""
add allowed-address=10.0.0.4/32 endpoint-address="" interface=wireguard1 public-key=""
add allowed-address=10.0.0.5/32 endpoint-address="" interface=wireguard1 public-key=""
/ip firewall filter
add action=accept chain=input comment="allow wireguard handshake" dst-port=51820 log=yes log-prefix=wg: protocol=udp
add action=accept chain=input comment="allow WireGuard traffic" protocol=udp src-address=10.0.0.0/24
/ip firewall mangle
add action=mark-connection chain=prerouting disabled=yes dst-address=192.168.88.1 dst-port=53 layer7-protocol=*2 new-connection-mark=local-dns-forward protocol=tcp
add action=mark-connection chain=prerouting disabled=yes dst-address=192.168.88.1 dst-port=53 layer7-protocol=*4 log=yes new-connection-mark=local-dns-forward passthrough=yes protocol=udp
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat dst-port=53 in-interface-list=LAN log-prefix=dns-cap protocol=udp src-address-list="!DNS Servers" to-addresses=192.168.88.226 to-ports=53
add action=dst-nat chain=dstnat dst-address-list="!DNS Servers" dst-port=53 in-interface-list=LAN log-prefix=DNS-Capture protocol=tcp src-address-list="!DNS Servers" to-addresses=192.168.88.226
add action=masquerade chain=srcnat dst-address=192.168.88.226 dst-port=53 log-prefix=DNS-Capture protocol=udp src-address=192.168.88.0/24 src-address-list="!DNS Servers"
add action=masquerade chain=srcnat dst-address=192.168.88.226 dst-port=53 log-prefix=DNS-Capture2 protocol=tcp src-address=192.168.88.0/24
Code: Select all
[Interface]
Address = 10.0.0.x/24
ListenPort = 51820
PrivateKey = PK1
DNS = 192.168.88.1
[Peer]
PublicKey = PubKey1
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = xxx:51820
Code: Select all
[APP] Status update notification timeout for tunnel 'Home'. Tunnel status is now 'connected'.
[NET] peer(server_key) - Handshake did not complete after 5 seconds, retrying (try 2)
[NET] peer(server_key) - Sending handshake initiation
[NET] peer(server_key) - Handshake did not complete after 5 seconds, retrying (try 2)
[NET] peer(server_key) - Sending handshake initiation
[NET] peer(server_key) - Sending handshake initiation