Community discussions

MikroTik App
 
User avatar
Anime4000
just joined
Topic Author
Posts: 18
Joined: Fri Nov 13, 2020 3:12 pm
Contact:

Cannot connect Wireguard endpoint via IPv4 (IPv6 works)

Mon Jun 13, 2022 7:32 pm

Hi,
I have RB5009 and RB3011, I have successfully create a connection between router using Wireguard over IPv6
Wireguard over IPv6.png
However, I trying to connect over IPv4, both router attempt to connect but not connecting...
I have set IPv4 Firewall Filter (input, accept, dst port: 13231/udp)

How to make it work? Do I need to disable FastPath/NAT Acceleration?
You do not have the required permissions to view the files attached to this post.
Last edited by Anime4000 on Tue Jun 14, 2022 8:57 pm, edited 1 time in total.
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: Cannot connect Wireguard via IPv4 (IPv6 works)

Mon Jun 13, 2022 8:45 pm

I don't understand the problem.
In the screenshot provided you have IPv6 endpoints and trying to make IPv4 traffic inside wireguard?
And what does not work? IPv4 endpoints?
 
User avatar
Anime4000
just joined
Topic Author
Posts: 18
Joined: Fri Nov 13, 2020 3:12 pm
Contact:

Re: Cannot connect Wireguard via IPv4 (IPv6 works)

Tue Jun 14, 2022 4:00 pm

what does not work? IPv4 endpoints?
Yes, IPv4 endpoint doesn't work.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Cannot connect Wireguard via IPv4 (IPv6 works)

Tue Jun 14, 2022 4:04 pm

Is between two local devices or between two remote devices?
Check if your IPv4 is not a private class and is NATted from ISP, and on that case, you can not do nothing, except ask your ISP.
 
User avatar
Anime4000
just joined
Topic Author
Posts: 18
Joined: Fri Nov 13, 2020 3:12 pm
Contact:

Re: Cannot connect Wireguard via IPv4 (IPv6 works)

Tue Jun 14, 2022 8:45 pm

Is between two local devices or between two remote devices?
Check if your IPv4 is not a private class and is NATted from ISP, and on that case, you can not do nothing, except ask your ISP.
Both site having Public IPv4

Site: A, RB5009
ISP: Maxis
GPON Fiber, 500/100Mbps
121.121.202.184
Site-A.png

Site: B, RB3011
ISP: TIME
GPON Fiber, 500/500Mbps
202.185.168.118
Site-B.png

Torch:
torch wg.png
Site A to Site B, No Handshake:
wg no connect.png
... if I use IPv6 can connect, when I change IPv4 endpoint - never connect
You do not have the required permissions to view the files attached to this post.
Last edited by Anime4000 on Tue Jun 14, 2022 9:25 pm, edited 1 time in total.
 
holvoetn
Forum Guru
Forum Guru
Posts: 5403
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Cannot connect Wireguard endpoint via IPv4 (IPv6 works)

Tue Jun 14, 2022 9:01 pm

/export hide-sensitive file=whatever
For both sides.

Review for sensitive info before posting between code quotes.
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: Cannot connect Wireguard endpoint via IPv4 (IPv6 works)

Tue Jun 14, 2022 9:03 pm

Firewall? try another port? ¯\_(ツ)_/¯
And please edit your public IPs, serial numbers and DDNS hosts.
 
User avatar
Anime4000
just joined
Topic Author
Posts: 18
Joined: Fri Nov 13, 2020 3:12 pm
Contact:

Re: Cannot connect Wireguard endpoint via IPv4 (IPv6 works)

Tue Jun 14, 2022 9:11 pm

Firewall? try another port? ¯\_(ツ)_/¯
And please edit your public IPs, serial numbers and DDNS hosts.
I tried different port (27015/half-life) just to make sure ISP not filter it... didn't work
I have remove S/N, IP Address I have is dynamic, change every 14 days
/export hide-sensitive file=whatever
I have attached and remove sensitive data
You do not have the required permissions to view the files attached to this post.
Last edited by Anime4000 on Tue Jun 14, 2022 9:27 pm, edited 1 time in total.
 
holvoetn
Forum Guru
Forum Guru
Posts: 5403
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Cannot connect Wireguard endpoint via IPv4 (IPv6 works)

Tue Jun 14, 2022 9:26 pm

What interface should ip4 traffic arrive on the router ?
It's not clear to me what interface pppoe-out1 should be ... and that's the one accepting WG in your ip4 firewall rules.

On b-router there is no itf specified, so all accepted.
On a-router it's pppoe-out1.

PS remove sensitive info from exports. Serial number, pppoe-account names, public key (useless without private key, I know, but no need to test the waters ...)

EDIT:
I see ... sfp, then vlan, then pppoe-out1
 
User avatar
Anime4000
just joined
Topic Author
Posts: 18
Joined: Fri Nov 13, 2020 3:12 pm
Contact:

Re: Cannot connect Wireguard endpoint via IPv4 (IPv6 works)

Tue Jun 14, 2022 9:33 pm

What interface should ip4 traffic arrive on the router ?
It's not clear to me what interface pppoe-out1 should be ... and that's the one accepting WG in your ip4 firewall rules.
both site is "pppoe-out1"
either I add "in interface" or not, both mikrotik wont connect

however, I have tested between remote PC wireguard to mikrotik wireguard
Remote PC A to Site A WG = Connected
Remote PC B to Site B WG = Connected

both are connected... Mikrotik A WG cannot connect IPv4 endpoint to Mikrotik B WG or vice-versa (A>B, B>A)
torch wg.png
Torch showing both is trying to connect, same issue with different port...


.
PS remove sensitive info from exports. Serial number, pppoe-account names, public key (useless without private key, I know, but no need to test the waters ...)
deleted old one

.
EDIT:
I see ... sfp, then vlan, then pppoe-out1
Yes, both site using GPON ONU SFP

...
if IPv6 endpoints can connect both mikrotik, it seem IPv4 FastTrack causing this issue
You do not have the required permissions to view the files attached to this post.
 
holvoetn
Forum Guru
Forum Guru
Posts: 5403
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Cannot connect Wireguard endpoint via IPv4 (IPv6 works)  [SOLVED]

Tue Jun 14, 2022 9:43 pm

Disable FastTrack.
It doesn't work with WG.
Once you know it works, the rule can be refined.
 
User avatar
Anime4000
just joined
Topic Author
Posts: 18
Joined: Fri Nov 13, 2020 3:12 pm
Contact:

Re: Cannot connect Wireguard endpoint via IPv4 (IPv6 works)

Tue Jun 14, 2022 9:48 pm

Disable FastTrack.
It doesn't work with WG.
Once you know it works, the rule can be refined.
Alright, I disable FastTrack on both site, I'll let you know the results
 
User avatar
Anime4000
just joined
Topic Author
Posts: 18
Joined: Fri Nov 13, 2020 3:12 pm
Contact:

Re: Cannot connect Wireguard endpoint via IPv4 (IPv6 works)

Fri Jun 17, 2022 1:06 pm

After run several test... Wireguard works when FastTrack/NAT Acceleration disabled!

Who is online

Users browsing this forum: Cr4shOnPc, patrikg and 80 guests