Community discussions

MikroTik App
 
BLONG90
just joined
Topic Author
Posts: 1
Joined: Sun Sep 12, 2021 11:58 pm

Farm Router configuration build

Mon Sep 13, 2021 5:48 am

Hi everyone I've kinda hit a roadblock attached is the details on my design and my configuration at this point.

The Wireguard network is up and running it is being hosted on an opnsense router (10.0.0.0/16). Currently, have another network 3 networks route together using pfsene & opnsense originally everything was done with OpenVPN however about a year ago I've been migrating to wireguard. i am able to get the link to wireguard server up and I can ping via wg0 not from any other vlan, on the remote side I can connect with winbox over the wireguard tunnel however I can not route to any other subnet

  • ultimately id like to be able to access all additional lans (10.0.0.0/8) over a wireguard tunnel
  • to have network camera save back a central server again over wiregaurd tunnel
  • all non 10.0.0.0/8 traffic goes exits local internet

my plan is for this to be a template that I can load on different routers with a slight tweak in addressing to allow for expansion or portable network access, which is why I am building out all the vlans even tho I will only be using main lan, guest lan, security/iot lan in this case.

Image
https://drive.google.com/file/d/1G86tMB ... xnOxT/view

# sep/12/2021 20:00:11 by RouterOS 7.1rc1
# software id = CLS4-S2HW
#
# model = RouterBOARD 750P r2
# serial number = 67D507092817
/system identity set name=MikroTik-FarmRouter

/interface bridge
add admin-mac=64:D1:54:8C:0B:3A auto-mac=no frame-types=admit-only-vlan-tagged name="Trunk Bridge" vlan-filtering=yes
add admin-mac=64:D1:54:8C:0B:3A auto-mac=no comment=defconf name=bridge

/interface vlan
add interface="Trunk Bridge" name="VLAN1 - DEFAULT" vlan-id=1
add interface="Trunk Bridge" name="VLAN15 - WIREGUARD" vlan-id=15
add interface="Trunk Bridge" name="VLAN100 - Main Lan" vlan-id=100
add interface="Trunk Bridge" name="VLAN110 - Secondary Lan" vlan-id=110
add interface="Trunk Bridge" name="VLAN111 - Guest Network" vlan-id=111
add interface="Trunk Bridge" name="VLAN150 - IOT" vlan-id=150
add interface="Trunk Bridge" name="VLAN200 - Server Lan" vlan-id=200
add interface="Trunk Bridge" name="VLAN250 - Security Devices" vlan-id=250

/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN

/ip pool
add name=VLAN1-Pool ranges=10.50.0.10-10.50.0.240
add name=VLAN100-pool ranges=10.50.100.51-10.50.100.204
add name=VLAN110-pool ranges=10.50.110.51-10.50.110.204
add name=VLAN150-pool ranges=10.50.150.51-10.50.150.204
add name=VLAN200-pool ranges=10.50.200.51-10.50.200.204
add name=VLAN250-pool ranges=10.50.250.51-10.50.250.204
add name=VLAN111-pool ranges=172.20.111.51-172.20.111.204

/ip dhcp-server
add address-pool=VLAN1-Pool interface="VLAN1 - DEFAULT" name=VLAN1-Pool
add address-pool=VLAN100-pool interface="VLAN100 - Main Lan" name=VLAN100-DHCP
add address-pool=VLAN110-pool interface="VLAN110 - Secondary Lan" name=VLAN110-DHCP
add address-pool=VLAN111-pool interface="VLAN111 - Guest Network" name=VLAN111-DHCP
add address-pool=VLAN150-pool interface="VLAN150 - IOT" name=VLAN150-DHCP
add address-pool=VLAN200-pool interface="VLAN200 - Server Lan" name=VLAN200-DHCP
add address-pool=VLAN250-pool interface="VLAN250 - Security Devices" name=VLAN250-DHCP


/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge="Trunk Bridge" comment=defconf interface=ether5

/ip neighbor discovery-settings
set discover-interface-list=LAN

/interface bridge 
add bridge="Trunk Bridge" tagged="Trunk Bridge" vlan-ids=1
add bridge="Trunk Bridge" tagged="Trunk Bridge" untagged="VLAN15 - WIREGUARD" vlan-ids=15
add bridge="Trunk Bridge" tagged="Trunk Bridge" untagged="VLAN100 - Main Lan" vlan-ids=100
add bridge="Trunk Bridge" tagged="Trunk Bridge" untagged="VLAN110 - Secondary Lan" vlan-ids=110
add bridge="Trunk Bridge" tagged="Trunk Bridge" untagged="VLAN111 - Guest Network" vlan-ids=111
add bridge="Trunk Bridge" tagged="Trunk Bridge" untagged="VLAN150 - IOT" vlan-ids=150
add bridge="Trunk Bridge" tagged="Trunk Bridge" untagged="VLAN200 - Server Lan" vlan-ids=200
add bridge="Trunk Bridge" tagged="Trunk Bridge" untagged="VLAN250 - Security Devices" vlan-ids=259

/interface detect-internet
set detect-interface-list=WAN

/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add comment=defconf interface="Trunk Bridge" list=LAN
add interface="VLAN15 - WIREGUARD" list=Internet
add interface="VLAN100 - Main Lan" list=Admin
add interface="VLAN110 - Secondary Lan" list=Admin
add interface="VLAN111 - Guest Network" list=Internet
add interface="VLAN150 - IOT" list=Internet
add interface="VLAN200 - Server Lan" list=Admin
add interface="VLAN250 - Security Devices" list=Admin

/ip address
add address=10.50.0.1/24 interface="VLAN1 - DEFAULT" network=10.50.0.0
add address=10.50.100.1/23 interface="VLAN100 - Main Lan" network=10.50.100.0
add address=10.50.110.1/23 interface="VLAN110 - Secondary Lan" network=10.50.110.0
add address=172.20.111.1/24 interface="VLAN111 - Guest Network" network=172.20.111.0
add address=10.50.150.1/24 interface="VLAN150 - IOT" network=10.50.150.0
add address=10.50.200.1/23 interface="VLAN200 - Server Lan" network=10.50.200.0
add address=10.50.250.1/24 interface="VLAN250 - Security Devices" network=10.50.250.0

/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server network
add address=10.50.0.0/24 comment=defconf dns-server=10.50.0.1 gateway=10.50.0.1 netmask=24
add address=10.50.100.0/23 gateway=10.50.100.1 netmask=23
add address=10.50.110.0/23 gateway=10.50.110.1 netmask=23
add address=10.50.150.0/24 gateway=10.50.150.1 netmask=24
add address=10.50.200.0/24 gateway=10.50.150.1 netmask=24
add address=10.50.250.0/24 gateway=10.50.250.1 netmask=24
add address=172.20.111.0/24 gateway=172.20.111.1 netmask=24


/interface wireguard add listen-port=51825 mtu=1420 name=wg0 private-key="QOqbPUNA+34lAZAWzo8zew73JNl97xiDSrzBUIbkN2Y="
/interface wireguard peers add allowed-address=10.0.0.0/8 endpoint-address=WGADDRESS.no-ip.com endpoint-port=51825 interface=wg0 public-key="xh/5TwzFD6mY6TFMTPVUjB3LDWRQgb1jse0aoXSDJDE="
/ip address add address=10.0.20.50/24 interface=wg0 network=10.0.20.0
/interface list member add interface=wg0 list=LAN

/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4

/system clock
set time-zone-name=America/New_York
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=Admin

Who is online

Users browsing this forum: No registered users and 41 guests