I am able to extract the Nordlynx's private and public key on linux system. But i am not familiar on routing configuraiton. Hope someone can teach me to setup a routing on routeros to route the traffic from apple tv to wireguard vpn.
Hi Daniel,
This is one way to approach a wireguard setup and it fits most circumstances.
A home connection from MT router to third party vendor should be snap easy.
viewtopic.php?t=182340 The idea is to keep it simple and clean.
The vendor is the server, and your MT acts as a client, to establish the tunnel.
Thus you need to tell the vendor some things................. like the MT public key, the IP address or IP subnet of your devices to put on the Nordlynx allow addresses peer setting.
What you need from the vendor is the listening port of their server and the public IP address or URL dyndns name they provide to go with that.
You need their public key to put in your MT peer settings.
The allowed address you put on your MT peer settings is 0.0.0.0/0
Suggest you put persistent keep alive to something like 30 seconds.
You are pretty much done................ except for one thing.
You need to tell the apple device to go out the wireguard tunnel right.
Lets say apple device is on a subnet and its IP address is 192.168.5.0.10 That is the IP address you needed to give nordlynx for their allowed address peer settings as noted above.
All you need is three steps.
1. Create a table via terminal CLI command:
/routing table add name=
useWG fib
2. Create IP route
dst-address=0.0.0.0/0 gwy=wg-interface-name table=
useWG
3. Create Route rule:
source address=192.168.50.10
Action=lookup-only-in-table
Table=
useWG
Note: if you wanted the apple tv to be able to access the normal MT router internet if the wireguard connection is broken then use --> Action: "lookup" instead.
Done and no need for any other settings on the MT (no need to set IP address for example).