Community discussions

MikroTik App
 
daviddoji
just joined
Topic Author
Posts: 6
Joined: Tue Sep 27, 2022 2:45 pm

no traffic under Wireguard interface

Tue Sep 27, 2022 3:09 pm

Hi all, newbie here :)

Following the YT video https://www.youtube.com/watch?v=vn9ky7p5ESM from the MK channel about how to configure Wireguard, I'm trying to set it up in my hAP ac².
Relevant parts from the configuration on the router (please do ask if anything else is needed. I can paste the whole export if needed):
/interface wireguard
add listen-port=13231 mtu=1420 name=wireguard1

/interface wireguard peers
add endpoint-address="192.168.100.2" interface=wireguard1 public-key="Pfmi3/wQ5pWjIkEG6KsFZkedeMqqpZxf0NSkcAssMGw="

/ip address
add address=192.168.88.1/24 comment=defconf interface=ether2 network=192.168.88.0
add address=192.168.80.1/24 disabled=yes interface=bridge-guest network=192.168.80.0
add address=192.168.100.1/24 comment=Wireguard interface=wireguard1 network=192.168.100.0

/ip firewall filter
add action=accept chain=input comment="allow wireguard traffic" src-address=192.168.100.0/24
add action=accept chain=input comment="Wireguard rule" dst-port=13231 protocol=udp
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yes
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
When I add the configuration to my android phone, it looks like this:
Image

If I switch on the VPN, there is barely no traffic, so obviously there is something wrong with my configuration :(

Any help would be really appreciated.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19101
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: no traffic under Wireguard interface

Thu Sep 29, 2022 5:49 pm

One resource - viewtopic.php?t=182340

however the clear error is that you need ALLOWED IP on MT peer as the 192.168.100.2 not endpoint address

Who is online

Users browsing this forum: Bing [Bot], jfox, menyarito, tesme33 and 36 guests