Community discussions

MikroTik App
 
zorrua
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 53
Joined: Sun Sep 17, 2017 4:32 pm

Wireguard p2p with DDNS

Sun Jul 03, 2022 11:02 am

Hello,

I have 3 Mikrotik routers with dinamyc public IP. I want to connect all of them with Wireguard, but I need to use the DDNS instead of IP.

Is it possible?

Best regards.
 
User avatar
own3r1138
Long time Member
Long time Member
Posts: 680
Joined: Sun Feb 14, 2021 12:33 am
Location: Pleiades
Contact:

Re: Wireguard p2p with DDNS

Sun Jul 03, 2022 11:28 am

Well, It might not be the best experience , but it's doable with DDNS.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18961
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Wireguard p2p with DDNS

Sun Jul 03, 2022 3:26 pm

Yes, what kind of connection were you looking for, a detailed plan leads to best results.
Be aware one side needs to connect (client) to the other (Server) and after that two way traffic can result.
Edit: if all Mt devices have accessible public IPs, then anyone could connect to the other, doesnt matter really.
do you have a set of requirements (users need to do what?)
Last edited by anav on Tue Aug 09, 2022 3:55 pm, edited 1 time in total.
 
holvoetn
Forum Guru
Forum Guru
Posts: 5327
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Wireguard p2p with DDNS

Sun Jul 03, 2022 3:27 pm

Ideally one needs to have a fixed IP or you need to be able to use another device with fixed IP as relay/hub for the rest.

But yes, can be done.
Makes it more important to take into account the "DNS not resolving at startup" behavior of Mikrotik's Wireguard implementation.
Easily solvable with a small script until they solve it in ROS (see earlier linked thread).
 
zorrua
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 53
Joined: Sun Sep 17, 2017 4:32 pm

Re: Wireguard p2p with DDNS

Mon Aug 08, 2022 4:46 pm

Hello,

Still there is no solution for this.

It will be available in next ROS releases?

Regards.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18961
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Wireguard p2p with DDNS

Mon Aug 08, 2022 5:16 pm

No, but you have not answered any questions.
Do you plan on ONE wireguard interface that all three devices reside on
All on same wireguard address schema

OR three pairs of separate wireguard interfaces

router1 to router2 (wireguard12) wireguard address A
router1 to router3 (wireguard13) wireguard address B
router2 to router3 (wireguard 23) wireguard address C

+++++++++++++++++++++++++++++++++++++++++++
The answers will come from your requirements already requested.
Note that if you have overlapping peers at any point (an any device) easily happens with multiple peers then you will need to create separate wireguard interfaces but if not, probably most efficient to keep it to one.
 
zorrua
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 53
Joined: Sun Sep 17, 2017 4:32 pm

Re: Wireguard p2p with DDNS

Tue Aug 09, 2022 3:45 pm

Hi,

I will configure this way:

router1 to router2 (wireguard12) wireguard address A
router1 to router3 (wireguard13) wireguard address B
router2 to router3 (wireguard 23) wireguard address C

Each router connect to all nodes.

Regards.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18961
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Wireguard p2p with DDNS

Tue Aug 09, 2022 3:56 pm

Should be possible.
Read this for guidance.
viewtopic.php?t=182340

Once you have your three configs done and are running into issues,
-post all three here and will have a look.
-include a network diagram as well.
-provide user requirements, what each user/device, groups of users/devices, admin should be able to do and not be able to do.

With the above information,, it wont take long to resolve any outstanding issues.
 
zorrua
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 53
Joined: Sun Sep 17, 2017 4:32 pm

Re: Wireguard p2p with DDNS

Wed Aug 10, 2022 11:04 pm

Thanks for your help.

But I can not configure the DDNS variable in the endpoint:

Image

The link looks really great!

Regards.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Wireguard p2p with DDNS

Wed Aug 10, 2022 11:20 pm

Congratulations, it looks like you found a bug in WebFig. It works in WinBox and CLI.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18961
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Wireguard p2p with DDNS

Thu Aug 11, 2022 3:24 am

Webfig, yuck.............
 
zorrua
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 53
Joined: Sun Sep 17, 2017 4:32 pm

Re: Wireguard p2p with DDNS

Fri Aug 12, 2022 2:16 pm

Hi,

How could I report the bug?

Kind regards.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11968
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Wireguard p2p with DDNS

Fri Aug 12, 2022 2:26 pm

 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18961
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Wireguard p2p with DDNS

Fri Aug 12, 2022 2:54 pm

zorrua, its terribly complicated and found only on the dark web, its a wonder anyone can find it......
/////////////////////
sup1.jpg
............................................................
sup2.jpg
The link for the instructions brings you here, if its not clear its a link.
https://wiki.mikrotik.com/wiki/Manual:S ... utput_File
the newer site.
https://help.mikrotik.com/docs/display/ROS/Supout.rif
You do not have the required permissions to view the files attached to this post.
 
zorrua
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 53
Joined: Sun Sep 17, 2017 4:32 pm

Re: Wireguard p2p with DDNS

Tue Sep 06, 2022 10:15 am

Hello,

I send a email to support@mikrotik.com, this is the reply: We look forward to fixing it on upcoming RouterOS versions, unfortunately, I cannot provide an ETA now.

Hope we have this working soon.

Kind regards.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18961
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Wireguard p2p with DDNS

Tue Sep 06, 2022 3:17 pm

Excellent work, yes it seems they dont spend much energy on ancillary methods of access be it webconfig or IOS updates.
Basically hiring more workers to do that work, in a reasonable time frame, would eat into the profits of the Latvian Millionaires that own the company and we cannot have that can we. :-)
Yes, I get the impression that the amazing working staff at Mikrotik have their hands (fiscal) tied behind their backs. They have much pride in their work but only can do so much with the resources available.

Who is online

Users browsing this forum: Google [Bot], Scoox and 63 guests