Community discussions

MikroTik App
 
User avatar
kaherdin
newbie
Topic Author
Posts: 32
Joined: Sat Nov 20, 2021 7:47 am

Wireguard client to access LAN

Sat Jul 30, 2022 5:36 pm

Hi
I want to access everything in my LAN (10.0.0.1/24), while using my phone and Wireguard.
I get the ip address 10.0.10.10 on my phone while using wg.

I have the connection working, and I can access docker containers on my home server, but I can't access the router (10.0.0.1) it self.
How can I fix this issue?
 0  D ;;; special dummy rule to show fasttrack counters
      chain=forward action=passthrough 

 1    ;;; defconf: accept established,related,untracked
      chain=input action=accept connection-state=established,related,untracked 

 2    ;;; WireguardDrosken
      chain=input action=accept protocol=udp in-interface-list=WAN dst-port=13231 log=no log-prefix="" 

 3    ;;; defconf: drop invalid
      chain=input action=drop connection-state=invalid 

 4    ;;; defconf: accept ICMP
      chain=input action=accept protocol=icmp 

 5    ;;; defconf: accept to local loopback (for CAPsMAN)
      chain=input action=accept dst-address=127.0.0.1 

 6    ;;; defconf: drop all not coming from LAN
      chain=input action=drop in-interface-list=!LAN 

 7    ;;; defconf: accept in ipsec policy
      chain=forward action=accept ipsec-policy=in,ipsec 

 8    ;;; defconf: accept out ipsec policy
      chain=forward action=accept ipsec-policy=out,ipsec 

 9    ;;; defconf: fasttrack
      chain=forward action=fasttrack-connection hw-offload=yes connection-state=established,related 

10    ;;; defconf: accept established,related, untracked
      chain=forward action=accept connection-state=established,related,untracked 

11    ;;; defconf: drop invalid
      chain=forward action=drop connection-state=invalid 

12    ;;; defconf: drop all from WAN not DSTNATed
      chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface-list=WAN 
 
User avatar
BrateloSlava
Member Candidate
Member Candidate
Posts: 168
Joined: Mon Aug 09, 2021 10:33 am
Location: Ukraine, Kharkiv

Re: Wireguard client to access LAN

Sat Jul 30, 2022 5:52 pm

I don't see a rule, that allows access to the INPUT chain from your Wireguard interface.
;;; defconf: drop all not coming from LAN
      chain=input action=drop in-interface-list=!LAN 
 
User avatar
kaherdin
newbie
Topic Author
Posts: 32
Joined: Sat Nov 20, 2021 7:47 am

Re: Wireguard client to access LAN

Sat Jul 30, 2022 10:01 pm

I don't see a rule, that allows access to the INPUT chain from your Wireguard interface.
;;; defconf: drop all not coming from LAN
      chain=input action=drop in-interface-list=!LAN 
Yeah well, I am not entirely sure about all the things that are defined in the NAT or FIREWALL section... So I'm not sure about what you are trying to tell me?
And if I'm missing something that you see can remedy my issue, please enlighten me!!
Best regards
 
User avatar
kaherdin
newbie
Topic Author
Posts: 32
Joined: Sat Nov 20, 2021 7:47 am

Re: Wireguard client to access LAN  [SOLVED]

Sat Jul 30, 2022 10:23 pm

/interface list member
add interface=wireguard1 list=LAN
That was the fix.
Found @ https://help.mikrotik.com/docs/display/ ... uardtunnel

Who is online

Users browsing this forum: soulflyhigh, svh79 and 37 guests