Hello,
I have 3 routers that has saw their local networks each others over OpenVPN server running on one of it.
Router 1: RoS .7.4
My Home Router: RB4011iGS+5HacQ2HnD - Configured OpenVPN as server running on tcp (because if I use udp and route all lan traffic from router 2 or/and router 3 via openvpn server connection (with marking traffic), I see errors between random times " nothing received for a while"). On tcp working like a boss, but with udp for OpenVPN on RoS 7.4 is NOT stable ... at this time.
Router 1 Lan network: 172.17.72.0/22
---
Router 2: RoS .7.4
My mobillity router: 962UiGS-5HacT2HnT (I have configured Failver scenario with Wifi-Wan/LTE-Wan - when I going to vacation I get the router and connect it to hotel wifi/or I using 4G modem to have interenet) - configured as openvpn client to my home router
Router 2 Lan network: 172.27.72.0/22
---
Router 3: RoS .7.4
Router on my villa for cameras: RB941-2nD - the small guy
Router 3 Lan network: 172.28.0.0/24
===========
Router 2 and router 3 has configured ppp profile called: openvpn-client-mikrotik-main and has configured on up/down to running scripts:
after-openvpn-client-mikrotik-main-up
after-openvpn-client-mikrotik-main-down
That script on router 2 adding additional static route for local network 172.28.0.0/24 with pref source IP that router get from openvpn server to see router 3.
That script on router 3 is same but with the difference adding additional static route for local network 172.27.72.0/22 with pref source IP that router get from openvpn server to see router 2
router 1 succesfully see 172.27.72.0/22 and 172.28.0.0/24
router 2 succesfully see: 172.17.72.0/22 and 172.28.0.0/24
router 3 succesfully see: 172.17.72.0/22 and 172.27.72.0/22
Everything with that my configuration is working as expected. )))
BUT .. Today I tried to shutdown openvpn interfaces with idea to migrate that all to wireguard.
Im tried make it work with that scenario:
Router1:
Wireguard interface: Wireguard-Server
IP address on Wireguard-Server: 198.19.198.1/24
--
2 Peers:
Router2 and Router 3 on Wireguard interface: Wireguard-Server without endpoint connection with allow addresses:
198.19.198.2/32 and 172.27.72.0/22 for Router2
198.19.198.3/32 and 172.28.0.0/24 for Router3
Router 2:
Wireguard interface: Wireguard-to-MikroTik-Main
IP address on Wireguard-to-MikroTik-Main: 198.19.198.2/24
--
Peers:
Router 1 with endpoint address and port and allow addresses:
198.19.198.1/32 and 172.17.72.0/22
Router 3:
Wireguard interface: Wireguard-to-MikroTik-Main
IP address on Wireguard-to-MikroTik-Main: 198.19.198.3/24
--
Peers:
Router 1 with endpoint address and port and allow addresses:
198.19.198.1/32 and 172.17.72.0/22
And so... Router 2 and Router 3 successfully connected to wireguard-server on server 1.
On Router 1 I added static route for 172.27.72.0/22 (router 2) with gateway Wireguard-Server and another static route for 172.28.0.0/24 (router 3) again with gateway Wireguard-Server.
From router 1 I successfuly ping and access devices behind router 2 and router 3.
On Router 2 I added static route for 172.17.72.0/22 with gateway Wireguard-to-MikroTik-Main and successfuly access devices behind Router 1 from router 2.
On router 3 I also added static route for 172.17.72.0/22 with gateway Wireguard-to-MikroTik-Main and successfuly access devices behind Router 1 from router 3.
Here is the problem:
Router 2 and Router3 unable to ping / access each others.
+ From router 1 I have access to devices behind router 2 and 3.
+ From router 2 I have access to router 1 and devices behind it.
+ From router 3 I have access to router 1 and devices behind it.
But
- From router 2 unable to access/ping router 3 and devices behind it.
- From router 3 unable to access/ping router 2 and devices behind it.
I tried to add additional static route on Router 2 -> 172.28.0.0/24 with gateway Wireguard-to-MikroTik-Main with idea make it work and access local network on router 3 from router 2. Also tried and with Gateway and pref source 198.19.198.1
Also tried to add additional static route on Router 3 -> 172.27.72.0/22 with gateway Wireguard-to-MikroTik-Main with idea to access local network on router 2 from router 3. Also tried and with gateway and pref source 198.19.198.1,
but that not work.
May be I unable to understand correctly logic of wireguard. I'll be happy if any of you help me with that if my scenario with openvpn is possible to worked on wireguard.