Hi guys,
I hope it's ok that I post my question here as it's connected with feature that's not yet available in official release. But soon it will be, so maybe someone with similar issues will benefit from this thread.
I've studied like a dozen different articles and video tutorial regarding wireguard on routerOs and I still can't make it work (unfortunate most of them describe router-2-router connections). Please forgive me that I'm not posting my config (yet) because I've tried like all possible combinations of settings and I'm ready to start from scratch but I just want to establish clear requirements for what I need in my config:
What I do:
let's assume my network is 192.168.2.0/24
1. I create WG interface
2. I create WG peer
3. I leave endpoint field empty
4. I add my peer's vpn address with '32 mask in allowed ip's (let's say 192.168.3.2/32)
5. I assign ip address to WG interface (192.168.3.1/24)
6. Accept wireguard's port on firewall
I cross add public keys to peer's config in phone and in mikrotik
Now in phone: I set peer address (with /32 mask), dns, my router's address in endpoint. And that should be it...
Now I can properly connect. I see packets on firewall, I see them on wireguard interface and that's all. I see much more data going from the phone than coming back. The best I could do was to be able to load mikrotik's login page (couldn't pass thru that even). Normally I can't even ping router. No communication pass thru. (I've tried "allowed ip" on phone as all combinations of 192.168.3.0/24, 192.168.2.0/24 and 0.0.0.0/0, same result on PC).
Now my questions :)
1. Do I need NAT rule for wireguard network?
2. I have dynamic route to WG interface, any additional settings needed?
3. Should I add WG interface to bridge?
or.. maybe I'm doing it all wrong and someone could provide me with just a simple recipe what elements are needed to make it work in this setup?
Any help will be greatly appreciated because I'm starting to lose my mind over that :(