Community discussions

MikroTik App
 
aah
newbie
Topic Author
Posts: 27
Joined: Wed Apr 21, 2021 7:37 pm

Can wireguard act as both server and client?

Sat Sep 03, 2022 8:02 am

Hi,
I have a CHR on AWS, and a physical router at home. I have setup a WG server at home, so I can connect my devices to home (road warrior) when I am on the go.
I also have devices at home (such as Apple TV) that I want to go through a WG tunnel (S2S) connecting to the CHR endpoint that is set up on AWS.

I tried to setup a second WG interface on my home router, but apparently only one can be running at any time? Am I correct to understand this?
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: Can wireguard act as both server and client?

Sat Sep 03, 2022 8:30 am

You can have more than one interface but obviously with unique listening ports.
 
holvoetn
Forum Guru
Forum Guru
Posts: 5413
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Can wireguard act as both server and client?

Sat Sep 03, 2022 10:36 am

Newsflash
There is no server nor client with wireguard.
Only peers.
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: Can wireguard act as both server and client?

Sat Sep 03, 2022 10:49 am

Irrelevant to the issue described in the contents of the first post.
 
holvoetn
Forum Guru
Forum Guru
Posts: 5413
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Can wireguard act as both server and client?

Sat Sep 03, 2022 12:02 pm

Yet very relevant to title of the post...
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19114
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Can wireguard act as both server and client?

Sat Sep 03, 2022 4:36 pm

Lets not bicker and provide facts.
For the connection instance, there has to be an initiating side (pseudo client) and an initial receiving side (pseudo server).
Once the connection is established we have a TWO-WAY peer to peer tunnel to use.

What determines the pseudo server and client? Well usually its clear in that one end of a connection has to meet the wireguard requirement of having a publicly accessible IP address, OR one end is behind an ISPs modem/router where one can AT LEAST forward the chosen wireguard port from the ISP modem/router to the mikrotik device.

In the case where one has lets say TWO REACHABLE mikrotik routers at both ends, then yes either or both can be set up as the initiator or receiver.

I think the advantage here is that it may overcome the deficiency of the initiator, at least in the mikrotick schema of wireguard, in that if the receiver side changes their IP, (think dynamic IP) or power is lost for a bit of time, then there is the possibility that the wireguard tries to connect before the IP address has resettled. The result is no connectivity as the wireguard does not persist on trying. Work arounds are available on scripts but it would be easy for mikrotik to address this within the wireguard module of code or an interface code.
Regardless, if both ends can initiate, then I suspect continuity of the connection may better survive an interruption due to this phenomena.
Last edited by anav on Sun Sep 04, 2022 1:32 am, edited 2 times in total.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19114
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Can wireguard act as both server and client?

Sat Sep 03, 2022 4:39 pm

To answer your question you have two options.
a. do everything from the same WG interface at home OR
b. use two tunnels, one to reach home and one to reach CHR from home.

Both are possible for the most part, but without knowing the full requirements its still a guess.
So need better set of requirements (what do users or devices need at home need wrt wireguard, what do road warriors need (assuming just the admin), etc..
A network diagram helps and finally
FULL config of both CHR and home mikrotik is required ( less of course any public WANIP info or key info )
 
aah
newbie
Topic Author
Posts: 27
Joined: Wed Apr 21, 2021 7:37 pm

Re: Can wireguard act as both server and client?

Sat Sep 03, 2022 8:46 pm

To answer your question you have two options.
a. do everything from the same WG interface at home OR
b. use two tunnels, one to reach home and one to reach CHR from home.
Exactly. My initial preference was to go with option b.
Both are possible for the most part, but without knowing the full requirements its still a guess.
So need better set of requirements (what do users or devices need at home need wrt wireguard, what do road warriors need (assuming just the admin), etc..
A network diagram helps and finally
FULL config of both CHR and home mikrotik is required ( less of course any public WANIP info or key info )
Will send them tomorrow.
Newsflash
There is no server nor client with wireguard.
Only peers.
Valid point.
You can have more than one interface but obviously with unique listening ports.

You think I'd be alert to keep something as simple as that in mind while configing the second "peer".. I wasn't! :!:
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19114
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Can wireguard act as both server and client?  [SOLVED]

Sun Sep 04, 2022 1:33 am

 
aah
newbie
Topic Author
Posts: 27
Joined: Wed Apr 21, 2021 7:37 pm

Re: Can wireguard act as both server and client?

Sat Sep 10, 2022 11:40 am

The above link was an absolute gem! thanks

Who is online

Users browsing this forum: araqiel, Khulatach, pants6000, synchro and 117 guests