Community discussions

MikroTik App
 
helipos
Member Candidate
Member Candidate
Topic Author
Posts: 132
Joined: Sat Jun 25, 2016 11:32 am

Mikrotik and Astrill VPN on Wireguard

Mon May 02, 2022 9:39 am

This is a bit of a guide to setup a wireguard connection when using Astrill VPN.
This only works with ROS 7+

1. Login to your Astrill account.
2. Go VPN service and then Wireguard configurations "generate Now"
https://www.astrill.com/member-zone/too ... figuration
3. Download the configuration and open in something like notepad++
Untitled.png

4. Open up the wireguard configuration.
Load the details in for the wireguard interface.
Note :You need to the = sign in at the end of the Private Keys section. The MTU size from Astrill is only 1340 bytes (when I wrote this) change that as per the text file.
Untitled1.png

5. Configure the wireguard peer.
Note the destination port
Untitled2.png
6. Configure the IP address for the wireguard interface
Untitled3.png
Now you should be able to "ping 8.8.8.8 interface=wireguard1" from the terminal.

7. Routing > Tables
Make a separate routing table, call it what you like.
Untitled4.png
8. Make rules to direct the traffic from device to that specific routing table you just created.
Untitled5.png
9. Add a default address.
This is a little bit of guesswork since the Astrill file contains no routing information. I manually created one and set the gateway as the same address as the DNS server, it seemed to work.
Untitled7.png
10. Finally a masquerade rule in the firewall.
Untitled6.png

The device needs to have its DNS lookup modified if it was originally pointing towards the router, which is pretty common. A dead give away is to ping a google server and see which server responds. Here I ping google.it. Now the round trip time is a bit slow but more importantly it's the Sydney server responding.

PING google.it (142.250.204.3) 56(84) bytes of data.
64 bytes from syd09s25-in-f3.1e100.net (142.250.204.3): icmp_seq=1 ttl=114 time=477 ms
64 bytes from syd09s25-in-f3.1e100.net (142.250.204.3): icmp_seq=2 ttl=114 time=478 ms
64 bytes from syd09s25-in-f3.1e100.net (142.250.204.3): icmp_seq=3 ttl=114 time=478 ms
^C
--- google.it ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 477.420/477.668/478.027/0.259 ms

Now with the DNS redirected to the wireguard config you downloaded.

PING google.it (172.217.169.195) 56(84) bytes of data.
64 bytes from sof02s34-in-f3.1e100.net (172.217.169.195): icmp_seq=1 ttl=120 time=181 ms
64 bytes from sof02s34-in-f3.1e100.net (172.217.169.195): icmp_seq=2 ttl=120 time=181 ms
64 bytes from sof02s34-in-f3.1e100.net (172.217.169.195): icmp_seq=3 ttl=120 time=181 ms
^C
--- google.it ping statistics ---
7 packets transmitted, 7 received, 0% packet loss, time 6012ms
rtt min/avg/max/mdev = 180.446/180.601/180.931/0.185 ms



Then you should be able to ping something like your normal google address and get a round trip time like you expect for where ever your wireguard interface terminates.
You do not have the required permissions to view the files attached to this post.
Last edited by helipos on Sun Dec 04, 2022 2:37 am, edited 4 times in total.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19106
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Mikrotik and Astrill VPN on Wireguard

Mon May 02, 2022 2:20 pm

Para 7 addresses third party VPN providers.
viewtopic.php?t=182340

Who is online

Users browsing this forum: Amazon [Bot], Bing [Bot], raphaps and 80 guests