Recently installed v 7.1 at home and trying to setup Wireguard following https://help.mikrotik.com/docs/display/ROS/WireGuard
I got wireguard up (all steps by manual) and connected to peer in office (pfsense) and all is working from mikrotik himself, (pinging to peer and lan behind peer from wireguard interface) but not from LAN
Only after i have added masquarade rule in NAT for out interface wireguard, i was able to connect to peer from my home lan. And i'm not sure it was right (i'm not an expert)
So, why this step is ommited in manual? Is my setup so unique that it is not needed in general (i have simple ppooe wan and default lan) ?
Is it analogue to
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
?
Also mikrotik manual have some differences compared to wireguard site , and it not so clear for not an expert to find why something is not working as expected while reading different instructions
thanks
Re: Wireguard manual
If routing is set up correctly there is no need for a masquerading rule.
Have a look on your setup on both sides... I guess you missed a static route and/or matching network in peer's allowed-address.
Have a look on your setup on both sides... I guess you missed a static route and/or matching network in peer's allowed-address.
Re: Wireguard manual
update.
i was unable to setup mikrotik-pfsense site-to-site wireguard tunnel,
so i bought another mikrotik and tested wireguard mikrotik to mikrotik and it is working as expected when set up by manual
thanks, my bad
Is there some info about how many peers site-to-site can be (or suggested) in one tunnel ?
i was unable to setup mikrotik-pfsense site-to-site wireguard tunnel,
so i bought another mikrotik and tested wireguard mikrotik to mikrotik and it is working as expected when set up by manual
thanks, my bad
Is there some info about how many peers site-to-site can be (or suggested) in one tunnel ?