Community discussions

MikroTik App
 
Cablenut9
Long time Member
Long time Member
Topic Author
Posts: 542
Joined: Fri Jan 08, 2021 5:30 am

Wireguard fails to work

Mon Apr 12, 2021 2:22 am

I'm having trouble getting Wireguard in 7.1b5 to work with Mullvad VPN. My routes:
  #       DST-ADDRESS      GATEWAY       D
     DAd  0.0.0.0/0        modem-ip      2
     DAc  mullvad-local-ip wireguard1    0
     DAc  modem-ip/22      sfp1          0
     DAc  192.168.1.0/24   bridge        0
  0   As  0.0.0.0/0        wireguard1    1
I have a masquerade rule for WG so that's out. I can't ping 1.1.1.1 or 8.8.8.8 on the WG interface:

[admin@MikroTikRouter] > tool ping address=1.1.1.1 interface=wireguard1 
  SEQ HOST                                     SIZE TTL TIME       STATUS                                                                                                                                                                                                    
    0                                                              161 (No error information)                                                                                                                                                                                
    0 mull-local-ip                                84  64 859us      host unreachable                                                                                                                                                                                          
    1                                                              161 (No error information)                                                                                                                                                                                
    1 mull-local-ip                                84  64 867us      host unreachable                                                                                                                                                                                          
    2                                                              161 (No error information)                                                                                                                                                                                
    2 mull-local-ip                                84  64 830us      host unreachable                                                                                                                                                                                          
    3                                                              161 (No error information)                                                                                                                                                                                
    3 mull-local-ip                                84  64 802us      host unreachable                                                                                                                                                                                          
    sent=4 received=0 packet-loss=100% 
I double checked my WG interface and peer settings, although there's no way to know if they're actually good because ROS has no handshake info, unlike regular Linux. What's the fix?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Wireguard fails to work

Mon Apr 12, 2021 2:40 am

Why are you posting here, thats a beta firmware issue!!
Search the threads to see if there is already a similar thread or start your own.
viewforum.php?f=1
 
Cablenut9
Long time Member
Long time Member
Topic Author
Posts: 542
Joined: Fri Jan 08, 2021 5:30 am

Re: Wireguard fails to work  [SOLVED]

Mon Apr 12, 2021 2:50 am

Search the threads to see if there is already a similar thread or start your own.
I found this one: viewtopic.php?f=1&t=173172 which had something to do with allowed-address. I checked /interface/wireguard/peers and manually set the allowed-address to 0.0.0.0/0 and it worked! Weirdly, they had the opposite problem: having an allowed-address made it not work. Earlier, I tried setting allowed-address in Webfig but it kept clearing as if 0.0.0.0/0 was a default, but it actually isn't as my new solution shows.
 
kryztoval
newbie
Posts: 27
Joined: Tue Sep 07, 2021 10:46 pm

Re: Wireguard fails to work

Mon Oct 25, 2021 3:55 pm

wow, you are correct. Blank does not mean allow all ipv4 and ipv6. it defaults to ipv6 and it results in error 161 as you showed
Actually setting this to 0.0.0.0/0 will allow ipv4 to pass and the route to be able to send data over.

Now I only need to find why it is not returning, but that is a different issue completely. Nice catch! Thank you very much.
 
User avatar
Anastasia
Frequent Visitor
Frequent Visitor
Posts: 55
Joined: Wed Oct 28, 2015 7:12 pm

Re: Wireguard fails to work

Sun Oct 31, 2021 9:58 pm

I have a slightly strange question unrelated to your problem.
1) Tell me what is your speed through a Wireguard-based VPN?
2) have you compared the speed via VPN of other options such as IPsec or OpenVPN? what were the speeds there?

Who is online

Users browsing this forum: Google [Bot] and 72 guests