Community discussions

MikroTik App
 
patoberli
just joined
Topic Author
Posts: 11
Joined: Sat Jul 02, 2022 12:29 pm

Wireguard as client

Sat Jul 02, 2022 12:34 pm

Hi all
I just got a new Mikrotik RB2011UiAS-IN which I plan to use as a Wireguard client. It's attached to a 4G mobile router and thus has a dynamic IP with CG-NAT.
The other side (the VPN Server / Hub) is also behind a dynamic IPv4 address, but it has a dynamic hostname. There I use an older Ubiquiti ER-X with the Wireguard package.
I assume this should generally be possible?
Is there a way that the Mikrotik will realize when the IP behind the Hub URL changes to reconnect? Or is there some feature like dead-peer-detection?

Thanks
pato
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19105
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Wireguard as client

Sat Jul 02, 2022 1:26 pm

Probably not, you will have to most likely MANUALLY toggle the client on and off. The keep alive feature on MT keeps the tunnel open/available but has no capacity to deal with a dynamic IP via host name etc (which is probably what you will use for endpoint address) that changes due to all the normal reasons. This has been pointed out to MT staff by many folks and on reports, but they dont want to improve this very common request which I dont understand/fathom. I would normally recommend hitting them over the head with a hammer to knock some sense into them, but I get the feeling it would have no effect on already lobotomized managers. ;-)
 
User avatar
Larsa
Forum Guru
Forum Guru
Posts: 1041
Joined: Sat Aug 29, 2015 7:40 pm
Location: The North Pole, Santa's Workshop

Re: Wireguard as client

Sat Jul 02, 2022 1:56 pm

Hi @patoberli, the VPN site still need to have a pubic IP address. A dynamic address might be solved in various ways using for example scripts. Fixing WG if both sides is NAT'ted is a challenge but might be possible in some rare circumstances using "hole punching" (NAT traversal)
Last edited by Larsa on Sat Jul 02, 2022 2:26 pm, edited 1 time in total.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19105
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Wireguard as client

Sat Jul 02, 2022 2:10 pm

Para 6 applies........
viewtopic.php?t=182340
 
patoberli
just joined
Topic Author
Posts: 11
Joined: Sat Jul 02, 2022 12:29 pm

Re: Wireguard as client

Sun Jul 10, 2022 11:25 pm

Hi All
Thanks all for your replies!
I finally found time to tinker around. After I realized I had to upgrade the firmware to 7.x I'm now a bit further. I currently fail at entering a DNS name as Endpoint, it only accepts IP addresses (the web gui).
Any ideas?

My ER-X does have a public dynamic non-natted IPv4 address, with a dynamic DNS name registered.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19105
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Wireguard as client

Mon Jul 11, 2022 3:19 am

I use winbox and it has no issues accepting dyndns name for endpoint?
 
patoberli
just joined
Topic Author
Posts: 11
Joined: Sat Jul 02, 2022 12:29 pm

Re: Wireguard as client

Mon Jul 11, 2022 9:34 am

I just discovered that under 7.x firmware I also have now PPTP, L2TP and OpenVPN. I'll try it with those first, as I have those already running (and they do accept DNS Namens in the webinterface).

Who is online

Users browsing this forum: LeoNaXe and 39 guests