I just installed my MikroTik Router (CCR1009) with the newest ROS Version (7.6 Stable) to use it as a WireGuard Router.
On the WireGuard Server I installed evrything with this script: https://github.com/angristan/wireguard-install
For testing if the server works, i added my mobile as a client to check the connection. Evrything works, I can open all websites, apps and so on.
I also added my MikroTik router as a client, added the default route and can ping the internet, DNS also works fine.
All traffic from VPN network should use the wireguard interface as default gateway, so all traffic is routed over the VPN.
My problem now is: not all websites and apps are working. For example www.reddit.com is not working.
My idea is, that maybe it is a problem with IPv6 connections, but I am not sure.
I can ping the website, but when I try to open it in the browser, no connection can be established and it is loading until abortion.
Here is my config. I hope someone had the same issue before and can help out.
Code: Select all
# nov/20/2022 09:29:41 by RouterOS 7.6
# software id = <ID>
#
# model = CCR1009-7G-1C-1S+
# serial number = <SNR>
/interface bridge
add name=VPN
add name=Online
/interface ethernet
set [ find default-name=combo1 ] combo-mode=copper
set [ find default-name=ether2 ] disabled=yes
set [ find default-name=ether3 ] disabled=yes
set [ find default-name=ether4 ] disabled=yes
set [ find default-name=ether5 ] disabled=yes
set [ find default-name=ether6 ] disabled=yes
set [ find default-name=sfp-sfpplus1 ] disabled=yes
/interface wireguard
add listen-port=13231 mtu=1420 name=wireguard_out
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool_vpn ranges=172.19.100.100-172.19.100.199
/ip dhcp-server
add address-pool=dhcp_pool_vpn interface=VPN name=dhcp_vpn
/interface bridge port
add bridge=Online interface=combo1
add bridge=Online interface=ether1
add bridge=Online interface=ether2
add bridge=Online interface=ether3
add bridge=VPN interface=ether4
add bridge=VPN interface=ether5
add bridge=VPN interface=ether6
add bridge=VPN interface=ether7
add bridge=VPN interface=sfp-sfpplus1
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface wireguard peers
add allowed-address=0.0.0.0/0,::/0 endpoint-address=185.248.140.124 endpoint-port=51997 interface=wireguard_out persistent-keepalive=10s public-key="aUzcDSApNNaiHLQmfWT+TGDOAN5ixfbQ7igWywpMmX4="
/ip address
add address=10.66.66.2/24 interface=wireguard_out network=10.66.66.0
add address=172.19.100.254/24 interface=VPN network=172.19.100.0
/ip dhcp-client
add add-default-route=no interface=Online use-peer-dns=no use-peer-ntp=no
/ip dhcp-server network
add address=172.19.100.0/24 dns-server=1.1.1.1,1.0.0.1,8.8.8.8,8.8.4.4 gateway=172.19.100.254
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,1.0.0.1,8.8.8.8,8.8.4.4
/ip firewall nat
add action=masquerade chain=srcnat out-interface=wireguard_out
/ip route
add disabled=no dst-address=<VPN-SERVER-IP>/32 gateway=192.168.1.1 routing-table=main suppress-hw-offload=no
add disabled=no dst-address=0.0.0.0/0 gateway=wireguard_out routing-table=main suppress-hw-offload=no
Thanks a lot in advance