Why Galileo had been condemned by the Catholic Church. the same reason applies here.Probably the user needs to understand why using "Dedicated Fiber Communications" is filtered........
If your IP is assigned with DHCP, change the default route to a lower priority, or turn it off completely in IP-DHCP Client, if turning off, pay attention to the current gateway assigned..hi,
is it possible to route Mikrotik DNS request through Wireguard tunnel (interface)? my ISP block dns port of common DNS servers like 8.8.8.8. i want to Mikrotik resolved dns by sending request to dns servers through Wireguard interface.
Thanks
i did what you say but mikrotik cannot resolved blocked site by ISP for example facebook.com. other site like google.com resolved by mikrotik.If your IP is assigned with DHCP, change the default route to a lower priority, or turn it off completely in IP-DHCP Client, if turning off, pay attention to the current gateway assigned..hi,
is it possible to route Mikrotik DNS request through Wireguard tunnel (interface)? my ISP block dns port of common DNS servers like 8.8.8.8. i want to Mikrotik resolved dns by sending request to dns servers through Wireguard interface.
Thanks
Go into IP-Route and make sure the 0.0.0.0/0 route is through the Wireguard interface.. If you removed the defaut route in the DHCP client, add a route to your VPS IP using the current gateway, then there will only be the 0.0.0.0/0 route through your VPS.
If so, something wasn't done correctly. What @kevinds has suggested normally sends all traffic via the Wireguard interface, except the transport packets of Wireguard themselves. So post the export of the configuration, removing anything that might identify you (usernames, serial number of the device, public IP addresses if any). Use hide-sensitive as a parameter of the /export command if you run RouterOS 6 to suppress export of passwords and secrets.i did what you say but mikrotik cannot resolved blocked site by ISP for example facebook.com. other site like google.com resolved by mikrotik.
Me too.I am actually surprised it works at all with this configuration, as the configuration contains no default route the Mikrotik itself could use without additional settings - the only default route is in routing table WG and nothing tells Mikrotik or clients to use that table.
Or maybe I have just misunderstood you? In any case, you need mangle rules assigning a routing-mark, and/or routing rules, to use any other routing table than the one called main (the default one, which you don't need to select explicitly). And you need NAT rules if you want traffic from your LAN clients heading towards the outside of your network to ever get responded, no matter how many routing tables you use.for test i removed all mangle and nat rules
i've tried many DoH but all of them block Iran IPs.You can use DoH directly in IP>DNS, don't forget to download the certs and inject that into the router for security.
Cert:
https://curl.se/ca/cacert.pem
It is enough if you post the complete export of the current configuration and only obfuscate all information that could identify you. The forum is here not only to provide a targeted advice (for which a complete configuration is mandatory) but also to educate, so you can learn a lot not only about Mikrotik but also about networking in general in the process of solving this issue.@sindy
i think it's not possible for me to do this configuration because i don't know a lot about Mikrotk.
Are you sure that it isn't your RouterOS not accept the responses from certificate issues?i've tried many DoH but all of them block Iran IPs.You can use DoH directly in IP>DNS, don't forget to download the certs and inject that into the router for security.
Cert:
https://curl.se/ca/cacert.pem
@own3r Pleiades is in Iran?, or are you saying living in Iran you feel like an alien, or are you saying you feel emasculated being the only son among seven sisters??@farhadb
If you didn't notice we share the same region, I know what is going on exactly.
Some Google services blocked queries from Iran. This is true. On the other hand, it doesn't mean you can't use any other public DOH providers or perhaps run your own.
You could use CF as I do regardless of my DNS over the WG tunnel. or even OpenDNS by Cisco.
Note - If you do either of these methods some local DNS queries won't resolve, mostly governmental domains. You should identify these websites and exclude them via your VPN route policies.
No worries, if my attempt at humour was off the mark, just keep in mind it was meant as humour. Of course I am interested in where people are from, wouldnt be here sharing ideas otherwise.@anav
I would happily discuss my place of origin with you face to face. But, that is for another time. I don't think my response here would be amusing to other readers.
i flushed DNS before ping facebook.com but result no changed.What does /ip/dns/cache/print where name~"facebook" show in the TTL column?
Maybe the whole thing is that you have to do /ip/dns/cache/flush before running the ping?
Sorry, my mistake - the three routes to the DNS servers' addresses in my point 2. above must be without the routing-mark=wg-fib.i flushed DNS before ping facebook.com but result no changed.
For this kind of discussion, see viewtopic.php?p=902082#p902082 .I really want to that but no country give me a Visa.
Thanks a lot Sindy.Sorry, my mistake - the three routes to the DNS servers' addresses in my point 2. above must be without the routing-mark=wg-fib.i flushed DNS before ping facebook.com but result no changed.
No idea what I was thinking about, maybe I have copy-pasted too much when copying the gateway name.
Don't forget to flush the DNS again before testing.
For this kind of discussion, see viewtopic.php?p=902082#p902082 .I really want to that but no country give me a Visa.
Yes, I quite understand the desire to NOT live in a place where a few old men keep power over everyone else (under the guise of religion especially) by force and use the army on its own people.I think the solution is immigrate from IRAN.
I really want to that but no country give me a Visa.
I agree. I hope as soon as possible i can leave this country and feel some freedom.Yes, I quite understand the desire to NOT live in a place where a few old men keep power over everyone else (under the guise of religion especially) by force and use the army on its own people.I think the solution is immigrate from IRAN.
I really want to that but no country give me a Visa.
The next clue for a decent location is a place where women are treated as equally as possible, (we are not yet there anywhere, but some are better than others) ........... are allowed to be educated, and have access to birth control and abortions....... ;-P
There is a proverb in Persian "هر جا بری آسمون همین رنگه" (Wherever you go, the sky is the same color).I agree. I hope I can leave this country as soon as possible and feel some freedom.
Publius Ovidius NasoThere is a proverb in Persian "هر جا بری آسمون همین رنگه" (Wherever you go, the sky is the same color).
Yes, in fact I did.@mozerd
Did you copy-paste your post? Perhaps a more relevant proverb in English is 'All roads lead to Rome".
No you have it wrong, what is sad after 315 years of evolution is this.......It is so sad that after 315,000 years of evolution, ending life is considered a logical answer to a problem such as population.