Community discussions

MikroTik App
 
serambca
just joined
Topic Author
Posts: 3
Joined: Mon Jun 24, 2024 5:58 pm

WireGuard connection site-to-site configuration

Mon Jun 24, 2024 6:18 pm

RedLocal-Wireguard.png
Good afternoon,
I am having troubles to use WireGuard protocol to connect two sites between them.
I installed and configured Wireguard in each site and I can do ping to remote gateway.

For example:
Site A:
- Ping from Mikrotik to 10.99.255.2 - OK
- Ping from LAN to 10.0.2.0/24 - KO

Site B:
- Ping from Mikrotik to 10.99.255.1 - OK
- Ping from LAN to 10.0.1.0/24 - KO

I added Wireguard routes to other gateway but I can't access to subnet remotely.

Site A:

/ip/route/print
Flags: D - DYNAMIC; A - ACTIVE; c - CONNECT, s - STATIC, d - DHCP
Columns: DST-ADDRESS, GATEWAY, DISTANCE
# DST-ADDRESS GATEWAY DISTANCE
DAd 0.0.0.0/0 192.168.200.1 3
DAc 10.0.1.0/24 Bridge_LAN 0
;;; Ruta acceder a la subred de SVM desde tunel WireGuard
0 As 10.0.2.0/24 10.99.255.2 1
DAc 10.99.255.2/32 WireGuard-FYA 0
1 As 192.168.10.0/24 10.99.255.2 1
DAc 192.168.200.0/24 ether1 0

Site B:
/ip/route/print
Flags: D - DYNAMIC; I - INACTIVE, A - ACTIVE; c - CONNECT, s - STATIC, d - DHCP; H - HW-OFFLOADED
Columns: DST-ADDRESS, GATEWAY, DISTANCE
# DST-ADDRESS GATEWAY DISTANCE
DAd 0.0.0.0/0 192.168.10.1 3
;;; Ruta acceder a la subred de SVM desde tunel WireGuard
0 As 10.0.1.0/24 WireGuard-SVM 1
;;; Ruta para acceder a la subred de FYA desde tunel L2TP
1 IsH 10.0.1.0/24 10.98.255.1 2
DAc 10.0.2.0/24 Bridge_LAN 0
DAc 10.99.255.1/32 WireGuard-SVM 0
DAc 192.168.10.0/24 ether1 0
2 As 192.168.200.0/24 10.99.255.1 1

In Allowed address in Wireguard SITE A:
0.0.0.0/0

In Allowed address in Wireguard SITE B:
10.99.255.2/32

I can't found the issue. I think the problem probably is about NAT or Firewall. Could you please help me?
Best regards,
You do not have the required permissions to view the files attached to this post.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 21760
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: WireGuard connection site-to-site configuration

Tue Jun 25, 2024 12:24 am

BoTH configs
/export file=anynameyouwish (minus router serial number, any public WANIP information, keys etc.)

Who is online

Users browsing this forum: No registered users and 18 guests