Code: Select all
/interface wireguard
add listen-port=12321 mtu=1420 name=wireguard1
/interface wireguard peers
add allowed-address=0.0.0.0/0 endpoint-address=11.22.33.44 endpoint-port=12321 interface=wireguard1 \
persistent-keepalive=25s public-key="keykeyey"
/interface list
add name=WAN
/interface list member
add interface=ether1 list=WAN
add interface=wireguard1 list=WAN
/routing table
add disabled=no fib name=wg-my
/ip route
add disabled=no distance=10 dst-address=0.0.0.0/0 gateway=wireguard1 routing-table=wg-my scope=30 \
suppress-hw-offload=no target-scope=10
/ip firewall address-list
add address=site.com list=vpnlist
/ip firewall mangle
add action=mark-routing chain=prerouting dst-address-list=vpnlist new-routing-mark=wg-my
/ip firewall nat
add action=masquerade chain=srcnat ipsec-policy=out,none out-interface-list=WAN
But if I use just this instead of mangle and address-list:
Code: Select all
/routing rule dst-address=special.address.ip action=lookup-only-in-table table=wg-my
What is my problem with mangle rule? Why is packets got loss in the first case?
PS. Fasttrack is disabled ofcourse