Community discussions

MikroTik App
 
poolip
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 51
Joined: Fri Jan 30, 2015 8:25 pm

Mikrotik Wireguard

Thu Oct 06, 2022 9:58 am

Hi guys
I want to know dose mikrotik wireguard need public static ip in both side?
i have public static ip in one site but another side not have static ip
I use my smart phone for one side
tunnel has revive but not send
 
holvoetn
Forum Guru
Forum Guru
Posts: 5405
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Mikrotik Wireguard

Thu Oct 06, 2022 11:28 am

Nope.
1 side public accessible IP is enough (doesn't even have to be static).

See here:
viewtopic.php?t=182340

If still unclear, give a bit more detail on your setup (diagram) and post config of your Mikrotik device (minus serial number, public IP info and secret keys) and your phone.
 
poolip
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 51
Joined: Fri Jan 30, 2015 8:25 pm

Re: Mikrotik Wireguard

Tue Oct 11, 2022 12:03 pm

Flags: X - disabled; R - running
0 R name="wireguard1" mtu=1420 listen-port=24520
private-key="KNcCDU9C4T6psjjUCF7NWUDi9hknw33chc0Q07C0bFF="
public-key="3T1kdtIsnksUBiHOtMJyFBrHxfInvPCaFT+HUJxqZWo="

peer config :
0 wireguard1 qEd6f6QjGwKgOyWXh1vdw5X9PmrCKUDESbvU6Pot3j0= 24520 ::/0
 
holvoetn
Forum Guru
Forum Guru
Posts: 5405
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Mikrotik Wireguard

Tue Oct 11, 2022 1:20 pm

Full config please:
terminal: /export show-sensitive file=<anynameyouwish>
Then post between [code] quotes.

And REMOVE those Private/public keys from previous post please.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19106
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Mikrotik Wireguard

Tue Oct 11, 2022 2:09 pm

Yes need complete configs from client and server devices.

For mikrotik devices
/export ( minus serial #, and any public IP information and keys LOL)

For non-MT devices,
any public IP info and keys.
 
poolip
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 51
Joined: Fri Jan 30, 2015 8:25 pm

Re: Mikrotik Wireguard

Mon Oct 17, 2022 11:14 am

R1:
/interface wireless
set [ find default-name=wlan1 ] ssid=MikroTik
/interface wireguard
add listen-port=13231 mtu=1412 name=Wi-01
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface wireguard peers
add allowed-address=0.0.0.0/0 interface=Wi-01 public-key=\
"cx/jdfHbcM/UF322qMdVvdpCf7chdo25FLDCypT+LTI="
/ip address
add address=192.168.1.2/24 interface=ether1 network=192.168.1.0
add address=10.0.0.2/24 interface=Wi-01 network=10.0.0.0
/ip firewall filter
add action=accept chain=input dst-port=13231 protocol=udp
/system routerboard settings
set cpu-frequency=300MHz

R2:
/interface wireless
set [ find default-name=wlan1 ] ssid=MikroTik
/interface wireguard
add listen-port=13231 mtu=1412 name=Wi1
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface wireguard peers
add allowed-address=0.0.0.0/0 interface=Wi1 public-key=\
"sb9G+/9/BpTKHBfX32Ri2WQ6XhXhl0QaaAGTq7uWgSA="
/ip address
add address=192.168.1.1/24 interface=ether1 network=192.168.1.0
add address=10.0.0.1/24 interface=Wi1 network=10.0.0.0
/ip firewall filter
add action=accept chain=forward dst-port=13231 protocol=udp
 
holvoetn
Forum Guru
Forum Guru
Posts: 5405
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Mikrotik Wireguard

Mon Oct 17, 2022 11:27 am

Twice it has been asked to post complete config.
Not partial.
 
poolip
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 51
Joined: Fri Jan 30, 2015 8:25 pm

Re: Mikrotik Wireguard

Mon Oct 17, 2022 12:30 pm

this is al config
export file
 
holvoetn
Forum Guru
Forum Guru
Posts: 5405
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Mikrotik Wireguard

Mon Oct 17, 2022 1:23 pm

Impossible.

Where is your bridge ?
Where are ethernet interfaces ?
And a dozen of other settings which should at least be there with a default setup ...
It should at least start with something like:

# aug/01/2022 14:41:36 by RouterOS 7.4
# software id = LB29-6B5U
#
# model = RBD53iG-5HacD2HnD
# serial number = <serial obfuscated>

Don't tell me you started from an EMPTY config (NOTHING in it) and only added the lines above ?
 
User avatar
jvanhambelgium
Forum Veteran
Forum Veteran
Posts: 985
Joined: Thu Jul 14, 2016 9:29 pm
Location: Belgium

Re: Mikrotik Wireguard

Mon Oct 17, 2022 1:41 pm

Don't tell me you started from an EMPTY config (NOTHING in it) and only added the lines above ?
:shock: :lol: 8)
 
User avatar
Doberman
newbie
Posts: 38
Joined: Sat Mar 03, 2018 10:17 pm

Re: Mikrotik Wireguard

Mon Oct 17, 2022 1:42 pm

Impossible.

Where is your bridge ?
Where are ethernet interfaces ?
And a dozen of other settings which should at least be there with a default setup ...
It should at least start with something like:

# aug/01/2022 14:41:36 by RouterOS 7.4
# software id = LB29-6B5U
#
# model = RBD53iG-5HacD2HnD
# serial number = <serial obfuscated>

Don't tell me you started from an EMPTY config (NOTHING in it) and only added the lines above ?
You've already found the answer.
If he did so it is quite clear why it does not work.
:D
 
poolip
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 51
Joined: Fri Jan 30, 2015 8:25 pm

Re: Mikrotik Wireguard

Mon Oct 17, 2022 2:03 pm

yes both router config from empty.this is 2 new router rb751 and rb951 with ros version 7.5

# jan/02/1970 03:58:49 by RouterOS 7.5
# software id = 0WJ4-WSVX
#
# model = 751G-2HnD
# serial number = 2F7A023AFD45
/interface ethernet
set [ find default-name=ether1 ] name="Eth 01 - WAN"
/interface wireless
set [ find default-name=wlan1 ] ssid=MikroTik
/interface wireguard
add listen-port=13231 mtu=1412 name=Wireguard
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface wireguard peers
add allowed-address=0.0.0.0/0 interface=Wireguard public-key=\
"cx/jdfHbcM/UF322qMdVvdpCf7chdo25FLDCypT+LTI="
/ip address
add address=192.168.1.2/24 interface="Eth 01 - WAN" network=192.168.1.0
add address=10.0.0.2/24 interface=Wireguard network=10.0.0.0
/ip firewall filter
add action=accept chain=input dst-port=13231 protocol=udp
/system routerboard settings
set cpu-frequency=300MHz


# jan/03/1970 03:52:14 by RouterOS 7.5
# software id = LHAV-RQDT
#
# model = RB951G-2HnD
# serial number = 96500B45E4B2
/interface ethernet
set [ find default-name=ether1 ] name="Eth 01 - WAN"
/interface wireless
set [ find default-name=wlan1 ] ssid=MikroTik
/interface wireguard
add listen-port=13231 mtu=1412 name=Wireguard1
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface wireguard peers
add allowed-address=0.0.0.0/0 interface=Wireguard1 public-key=\
"sb9G+/9/BpTKHBfX32Ri2WQ6XhXhl0QaaAGTq7uWgSA="
/ip address
add address=192.168.1.1/24 interface="Eth 01 - WAN" network=192.168.1.0
add address=10.0.0.1/24 interface=Wireguard1 network=10.0.0.0
/ip firewall filter
add action=accept chain=forward dst-port=13231 protocol=udp
 
holvoetn
Forum Guru
Forum Guru
Posts: 5405
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Mikrotik Wireguard

Mon Oct 17, 2022 2:34 pm

<Oh Boy ... >

Reset to default settings and start over applying wireguard config ON TOP of existing config.
Then report back if it works or not.
 
poolip
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 51
Joined: Fri Jan 30, 2015 8:25 pm

Re: Mikrotik Wireguard

Mon Oct 17, 2022 2:52 pm

both router reset with no default config
same problem still
 
holvoetn
Forum Guru
Forum Guru
Posts: 5405
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Mikrotik Wireguard

Mon Oct 17, 2022 3:19 pm

I did not say " no default config"

You need the default config.
 
poolip
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 51
Joined: Fri Jan 30, 2015 8:25 pm

Re: Mikrotik Wireguard

Mon Oct 17, 2022 4:05 pm

why i need default config?
i do basic config in my router.its not complex thing .wireguared tunnel run but when i ping each tunnel side its timeout
i think it didnot related to basic config at all.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19106
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Mikrotik Wireguard

Mon Oct 17, 2022 4:17 pm

You come here asking for help and then state, I dont want your help.

A config is made up of many parts working together.......
If you cannot understand that then you have lots to learn about MT configs before even looking at wireguard!
 
holvoetn
Forum Guru
Forum Guru
Posts: 5405
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Mikrotik Wireguard

Mon Oct 17, 2022 4:20 pm

(somebody beat me to it...)

If you are so certain, why do you come here for assistance ?
How do you think that tunnel is going to be setup and working if the basic networking part has not been configured ?

I'll put it otherwise, maybe that makes it more clear:
How do you think you can drive a normal car if no roads have been made available to drive on or if the car was not equipped with tires ?
You're not !

Read this part from the Mikrotik Help pages:
https://help.mikrotik.com/docs/display/ ... onexamples

I will highlight:
Two remote office routers are connected to the internet and office workstations are behind NAT. Each office has its own local subnet, 10.1.202.0/24 for Office1 and 10.1.101.0/24 for Office2.

This assumes (apart from wireguard) two WORKING configurations.
And then you add wireguard ...
Last edited by holvoetn on Mon Oct 17, 2022 4:24 pm, edited 1 time in total.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19106
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Mikrotik Wireguard

Mon Oct 17, 2022 4:23 pm

(the holy llama beat me to it...)

If you are so certain, why do you come here for assistance ?
How do you think that tunnel is going to be setup and working if the basic networking part has not been configured ?

I'll put it otherwise, maybe that makes it more clear:
How do you think you can drive a normal car if no roads have been made available to drive on or if the car was not equipped with tires ?
You're not !
Fixed it for ya.........
 
holvoetn
Forum Guru
Forum Guru
Posts: 5405
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Mikrotik Wireguard

Mon Oct 17, 2022 4:25 pm

Made my reply a bit more clear.

And now I'm outta here ... this is beyond comprehension.
 
poolip
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 51
Joined: Fri Jan 30, 2015 8:25 pm

Re: Mikrotik Wireguard

Mon Oct 17, 2022 4:29 pm

guys im not basic user fortunately.
i have just 2 device all thing work .other tunnel work fine.but wireguard not
i do all thing in mikrotik example
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19106
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Mikrotik Wireguard

Mon Oct 17, 2022 4:31 pm

If you post the configs of both ends then I can assist, otherwise like holvoe, will move on to more cooperative others..........
(the real configs)
/export (minus the serial numbers and any publicWANIP info or keys)

Who is online

Users browsing this forum: Ahrefs [Bot], andreacar, f008600, fibracapi, Google [Bot], GoogleOther [Bot], mickeymouse690 and 75 guests