Community discussions

MikroTik App
 
ddejager
Member Candidate
Member Candidate
Topic Author
Posts: 147
Joined: Tue Oct 18, 2011 5:13 am

Question about back-to-home-vpn

Fri Jan 17, 2025 7:42 pm

I observe that the export conf file that is created for a back-to-home-vpn client has two peers. One peer has the correct public key for the back-to-home-router and the vpn endpoint (e.g. xxxx.vpn.mynetname.net:port). The other peer contains an intentionally bad PublicKey:
[Peer]
PublicKey = //////////////////////////////////////////8=
AllowedIPs = 0.0.0.0/32
Endpoint = XXXXX.sn.mynetname.net:14365
PersistentKeepalive = 30
This second peer will never succeed in establishing a connection (even if the vpn and sn endpoints are the same). In fact when imported into the wireguard client on windows (along with the rest of conf file), it causes a continual stream of errors in the windows wireguard log file. The connection from windows works fine without this second key (if you edit it out of the conf file). So why is it generated by the back-to-home router?
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 4505
Joined: Sun May 01, 2016 7:12 pm
Location: California
Contact:

Re: Question about back-to-home-vpn

Fri Jan 17, 2025 8:35 pm

Good question. IDK exactly. But agree I think it's superfluous when using the generated config in a normal WG client. It is NOT a /0 default route, rather a /32 — so not sure it's be useful if normal WG app, unless some client app used "0.0.0.0". But dunno

My only WAG is it's used by their app to test the direct path...you'll note it's *.sn.* DNS name, which always the route's detect WAN IP, so never be the proxy server. While the peer which *.vpn.* DNS could either Mikrotik's proxy, or /ip/cloud's detect WANIP) and the /32 is just 0.0.0.0 itself. And further guessing the Mikrtok BTH uses some WG library that that's use the generated config, and Mikrotik app does 0.0.0.0 for something.

But I've been curious what that 0.0.0.0/32 peer is used for myself...
 
ddejager
Member Candidate
Member Candidate
Topic Author
Posts: 147
Joined: Tue Oct 18, 2011 5:13 am

Re: Question about back-to-home-vpn

Fri Jan 17, 2025 8:43 pm

@Amm0: Right, it could be used by their app on phones, but it would seem that they could deduce all the "information" in that peer entry from the "good" entry: substitute "vpn" for "sn" and there is not much left, except the funny route that you mentioned. It would be nice hear from someone at MikroTik about this!
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 4505
Joined: Sun May 01, 2016 7:12 pm
Location: California
Contact:

Re: Question about back-to-home-vpn

Fri Jan 17, 2025 8:57 pm

Yeah I really don't know for sure on this one. Only guesses... Presumably the generated config should be the generic peer configuration, and it's totally unclear what the 0.0.0.0/32 is for from docs...
It would be nice hear from someone at MikroTik about this!
Agreed. Mikrotik really should write up the BTH schemes on their wiki. i.e. any "side-effects" of its automatic configuration should be documented IMO. Overall, @normis seems to assume the only use case is someone with a default configuration and only the BTH app — while docs do say BTH supports standard WG client apps...