I've been having problems with Wireguard (not wireugard running directly on the Mikrotik). I suspect it's a NAT issue, but I'm not sure how to fix it. My firewall rules are just the default setup, and I've had this problem on v7 (up to v7.2.1) and now I've downgraded to LTS 6.48.6, and the problem persists.
When I try to connect to a wireguard endpoint running on a remote vps, it randomly won't connect. If I toggle wireguard off & on, eventually, it will connect. I've looked at wireshark, and the client is sending handshake requests to the endpoint but not receiving a reply.
Looking at the firewall connections on the Mikrotik, I can see the udp connection, with a timeout < 10 sec. It's only seeing one-way traffic.
Sometimes, if there was a previous connection and I disconnected, and reconnected, an old udp entry will be there, with a timeout < 3 min. What I notice, is the new connection might not receive a reply, but the old connection continues to be refreshed and the timer reset to 3 minutes, even though it's disconnected. I suspect the wireguard endpoint replies are going to the old connection instead of the new one. Though it's not only when there's an old connection that the problem happens, so it's more than Mikrotik being confused with an old connection.
Any ideas?