Community discussions

MikroTik App
  4. RouterOS
  5. General

Choose Gateway for Wireguard

Post Reply
 
mattlukezahra
just joined
Topic Author
Posts: 6
Joined: Tue Aug 18, 2020 1:33 am

Choose Gateway for Wireguard

Fri Jan 14, 2022 2:37 pm

Hi,

I have Mikrotik Version 7.1.1 ( https://mikrotik.com/product/rb4011igs_5hacq2hnd_in ) with 2 WireGuard VPS active and also 2 Gateways Active both PPPOE,

how can i pick which gateway wireguard is using ?

Thanks
Top
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19318
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:
Contact anav

Re: Choose Gateway for Wireguard

Fri Jan 14, 2022 2:44 pm

What is two wireguard vps active mean................... VPS? Active?
The admin decides through the settings of course!
Top
 
mattlukezahra
just joined
Topic Author
Posts: 6
Joined: Tue Aug 18, 2020 1:33 am

Re: Choose Gateway for Wireguard

Fri Jan 14, 2022 2:57 pm

sorry i meant 2 Client WireGuard VPNs active on the MikroTik

https://ibb.co/cXw5zkP
Top
 
holvoetn
Forum Guru
Forum Guru
Posts: 5458
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Choose Gateway for Wireguard

Fri Jan 14, 2022 3:18 pm

Easiest is routing.
There you can decide which gateway (=which WG interface) to use.
Ofcourse the various peers need to allow those destination addresses as well.
Top
 
sindy
Forum Guru
Forum Guru
Posts: 10206
Joined: Mon Dec 04, 2017 9:19 pm

Re: Choose Gateway for Wireguard

Fri Jan 14, 2022 3:48 pm

If I get you right, you want one Wireguard connection to use one of the PPPoE links/accounts and the other Wireguard connection to use the other PPPoE link? The complexity of doing that depends on how the ISPs have set up the PPPoE connections.

If you get the same IP address of gateway at both connections, you have to set add-default-route=no on the /interface pppoe-client rows and add the routes manually, with gateway=pppoe-out-interface-name.

The next question is whether the addresses of the remote wireguard peers are specified as fqdns (such as uk.thevpnservice.com) or as direct IP addresses. If they are plain IP addresses, a route to that particular address with the corresponding pppoe-out-interface-name as gateway is enough for each connection to use the proper link; if they are specified as fqdns, you will need to
  • keep an up-to-date list of all IP addresses to which the fqdns resolve:
    /ip firewall address-list
    add list=vpn-uk address=uk.thevpnservice.com
    add list=vpn-us address=us.anothervpnservice.com
  • use mangle rules to choose a routing table depending on the destination address being on the list:
    /ip firewall mangle
    add chain=output dst-address-list=vpn-uk action=mark-routing new-routing-mark=via-pppoe-1
    add chain=output dst-address-list=vpn-us action=mark-routing new-routing-mark=via-pppoe-2
  • create the corresponding routing tables consisting of a single default route each:
    /ip route
    add gateway=pppoe-out-1 routing-mark=via-pppoe-1
    add gateway=pppoe-out-1 routing-mark=via-pppoe-2
  • make sure that some action=masquerade rule will act on packets leaving both via pppoe-1 and pppoe-2
Top
 
mattlukezahra
just joined
Topic Author
Posts: 6
Joined: Tue Aug 18, 2020 1:33 am

Re: Choose Gateway for Wireguard

Fri Jan 14, 2022 4:21 pm

If I get you right, you want one Wireguard connection to use one of the PPPoE links/accounts and the other Wireguard connection to use the other PPPoE link? The complexity of doing that depends on how the ISPs have set up the PPPoE connections.

If you get the same IP address of gateway at both connections, you have to set add-default-route=no on the /interface pppoe-client rows and add the routes manually, with gateway=pppoe-out-interface-name.

The next question is whether the addresses of the remote wireguard peers are specified as fqdns (such as uk.thevpnservice.com) or as direct IP addresses. If they are plain IP addresses, a route to that particular address with the corresponding pppoe-out-interface-name as gateway is enough for each connection to use the proper link; if they are specified as fqdns, you will need to
  • keep an up-to-date list of all IP addresses to which the fqdns resolve:
    /ip firewall address-list
    add list=vpn-uk address=uk.thevpnservice.com
    add list=vpn-us address=us.anothervpnservice.com
  • use mangle rules to choose a routing table depending on the destination address being on the list:
    /ip firewall mangle
    add chain=output dst-address-list=vpn-uk action=mark-routing new-routing-mark=via-pppoe-1
    add chain=output dst-address-list=vpn-us action=mark-routing new-routing-mark=via-pppoe-2
  • create the corresponding routing tables consisting of a single default route each:
    /ip route
    add gateway=pppoe-out-1 routing-mark=via-pppoe-1
    add gateway=pppoe-out-1 routing-mark=via-pppoe-2
  • make sure that some action=masquerade rule will act on packets leaving both via pppoe-1 and pppoe-2
Hi Sindy,

Thank you for your reply i think you understood my request,

I have purchased this VPN subscription ( https://torguard.net/streaming-bundle.php ) and I am givin two Static WireGuard VPN IPs USA and UK for streaming,
From my ISP I have two 1000Mbps down and 60Mbps up with static public IPs mainly due to the low upload speed setup with PPPOE,

since i have 2 connections i wished to seperate the WireGuard VPNs via different gateways to even out the download and upload speed,

going to try and follow your steps and let you know :)

Thank you very much again!

Will keep you posted if I managed !
Top
Post Reply

Who is online

Users browsing this forum: fenix24865, Gomo, GoogleOther [Bot], nescafe2002, rplant, vingjfg, ysha and 50 guests
  4. RouterOS
  5. General