Hello,

I have a hAP ac (mipsbe) as my main router, with a wireguard network to several satellites and one other subnet. Connecting to all the satellites works fine, but the other subnet is not accessible. I believe it to be a routing issue, as a traceroute initially ended up on the internet. I've tried adding a route similar to how I would do so under linux, but it shows up as Invalid and Unreachable.

Local Subnet: 10.187.42.0/24
Remote Subnet: 10.187.43.0/24
Wireguard Subnet: 10.187.40.0/24
MikroTik router: 10.187.42.1 / 10.187.40.1
Remote router: 10.187.43.1 / 10.187.40.178

# dec/26/2021 21:50:48 by RouterOS 7.1.1
# software id = CHHT-47Y3
#
# model = RB962UiGS-5HacT2HnT
# serial number = CC4F0DAE076C
/interface wireguard
add listen-port=13231 mtu=1420 name="hub - xa"
/ip address
add address=10.187.42.1/24 comment=defconf interface=ether2 network=10.187.42.0
add address=10.187.40.1 interface="hub - xa" network=10.187.40.1
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yes
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
add action=accept chain=input dst-port=12321 protocol=udp
add action=accept chain=forward dst-address=10.187.40.0/24 src-address=10.187.42.0/24
add action=accept chain=forward dst-address=10.187.42.0/24 src-address=10.187.40.0/24
/ip route
add dst-address=10.187.40.0/24 gateway="hub - xa"
add dst-address=10.187.43.0/24 gateway=10.187.40.178

[admin@MikroTik] > ip route print
Flags: D - DYNAMIC; I, A - ACTIVE; c, s, v, y - COPY; H - HW-OFFLOADED
Columns: DST-ADDRESS, GATEWAY, DISTANCE
# DST-ADDRESS GATEWAY DISTANCE
DAv 0.0.0.0/0 pppoe_out 1
0 As 10.187.40.0/24 hub - xa 1
DAc 10.187.40.1/32 hub - xa 0
DAc 10.187.42.0/24 bridge 0
1 IsH 10.187.43.0/24 10.187.40.178 1
DAc 185.93.175.234/32 pppoe_out 0

[admin@MikroTik] > ping 10.187.40.178
SEQ HOST SIZE TTL TIME STATUS
0 10.187.40.178 56 64 15ms361us
1 10.187.40.178 56 64 16ms223us
2 10.187.40.178 56 64 15ms148us
sent=3 received=3 packet-loss=0% min-rtt=15ms148us avg-rtt=15ms577us max-rtt=16ms223us

[admin@MikroTik] > ping 10.187.43.1
SEQ HOST SIZE TTL TIME STATUS
0 10.187.43.1 timeout
1 10.187.43.1 timeout
2 10.187.43.1 timeout
sent=3 received=0 packet-loss=100%

There is a route to 10.187.40.178 via "hub - xa", and I can ping 10.187.40.178 just fine. But the routing table doesn't seem able to find the ip, calling it invalid and unreachable.

I read the wiki on routing and did some googling, but I can't figure it out. I'm probably missing something elementary and hope someone here will spot it.

Cheers!

Add address with mask and it will give you connected route automatically:

Ah, thank you! Adding the subnet specification on the ip address makes things work exactly as expected.

I knew it was something elementary I had overlooked.

Cheers!