Community discussions

MikroTik App
 
beginnersmind
just joined
Topic Author
Posts: 9
Joined: Thu Mar 23, 2023 10:52 pm

Wiregurad setup on hAP ac2 - locked out of router

Sun Mar 26, 2023 2:45 am

Hello,
I was trying to setup Proton VPN with Wireguard on my hAP ac2, (which I've recently upgraded to v7.8) following this guide: https://protonvpn.com/support/wireguard ... k-routers/
After issuing this command
/ip/route/add routing-table=protonvpn_wg dst-address=0.0.0.0/0 gateway=protonwg01 comment="ProtonVPN Wireguard default route"
the terminal froze, and since then I'm not able to access the WebFig either.
The router still assigns an IP address to the machine I connect to it with a cable, but there is no internet access on that machine.

Any tips on how to even start debugging this, I have no other devices running RouterOS from which I could access the router via the MAC address.

Thanks a lot.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Wiregurad setup on hAP ac2 - locked out of router

Sun Mar 26, 2023 4:05 am

Sounds like you will have to start from scratch (push reset button) to put it back to defaults.
Funny the route rule you put in, should not have done that by the way.

Since the MT configs for home devices comes standard with a bridge where all ports are connected ( save ether1 which is usually autosetup for a WAN connection), this means that for the new person configuring anything on the bridge can be a minefield.

RULE1 - Always use SAFE MODE in winbox. Basically make a change wait 20 seconds, no screen burps then undo SAFE MODE to lock in the change, and then put SAFE MODE back on.

PRACTICAL APPROACH - Take ether5 off the bridge, assign ether5 an IP address, like add address=192.168.55.1/24 interface=ether5 network=192.168.55.0
Now you will be able to enter the router safely by putting an ipv4 address on your laptop, such as 192.168.55.5 for example, and gain access to the router.

See PARA A --> viewtopic.php?t=182373
 
beginnersmind
just joined
Topic Author
Posts: 9
Joined: Thu Mar 23, 2023 10:52 pm

Re: Wiregurad setup on hAP ac2 - locked out of router

Mon Mar 27, 2023 12:05 am

Thank you for the reply.
Funny the route rule you put in, should not have done that by the way.
Do you have a recommendation/guide on how to config Wireguard (from the CLI possibly)? What was wrong with that rule?

RULE1 - Always use SAFE MODE in winbox. Basically make a change wait 20 seconds, no screen burps then undo SAFE MODE to lock in the change, and then put SAFE MODE back on.
Noted, thanks.

PRACTICAL APPROACH - Take ether5 off the bridge, assign ether5 an IP address, like add address=192.168.55.1/24 interface=ether5 network=192.168.55.0
Now you will be able to enter the router safely by putting an ipv4 address on your laptop, such as 192.168.55.5 for example, and gain access to the router.

See PARA A --> viewtopic.php?t=182373
I was following the Configuring Off Bridge guide, but already got stuck at
/interface list
add interface=Trusted
as the option 'interface' after 'add' is not accepted, and throws a syntax error. I was trying to find a workaround, already managed to take off ether5 from the bridge, and assign the address you suggested, even added the firewall rule, plus the static IP to my machine, but I'm not able to connect to the router through ether5 now.

I'm beyond lost, any help is highly appreciated with any of the above issues.
Thanks.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Wiregurad setup on hAP ac2 - locked out of router

Mon Mar 27, 2023 3:37 am

email me check my profile.

Who is online

Users browsing this forum: GoogleOther [Bot], holvoetn and 28 guests