2x RB3011 ROS 7.5,
-The wireguard tunnel is up,
- From terminal in winbox and from either side, I can ping the remote router lan and devices on the bridge, like servers and whatnot. I can also ping both tunnel interfaces.
However:
From a lan device, I can ping both tunnel interfaces, but not the remote router or lan devices
It seems the router knows how to route properly, lan packets can find both ends of the tunnel, but lan devices can't route to devices on the remote lan?
Seems easy right...packets from the bridge, can't find their way to the tunnel...but I have the route in place that should make it work.....arg...frustrating....here is the relevant config
HQ Config
Code: Select all
/interface wireguard
add listen-port=13231 mtu=1420 name=WireguardHQ
/interface wireguard peers
add allowed-address=192.168.252.0/24,10.10.10.1/32 endpoint-address=\
104.220.147.143 endpoint-port=13232 interface=WireguardHQ \
persistent-keepalive=10s public-key=\
"mykey"
/ip address
add address=192.168.254.254/24 comment=defconf interface=bridge network=\
192.168.254.0
add address=12.30.127.98/27 comment="WAN " interface=Ether1-Outbound network=\
12.30.127.96
add address=172.16.20.1/24 interface=CCRead network=172.16.20.0
add address=10.10.10.2/24 interface=WireguardHQ network=10.10.10.0
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=12.30.127.97
add disabled=no dst-address=192.168.10.0/24 gateway=192.168.254.200
add disabled=no distance=1 dst-address=192.168.252.0/24 gateway=10.10.10.1 \
pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
target-scope=10
Code: Select all
/interface wireguard
add listen-port=13232 mtu=1420 name=WireguardRock
/interface wireguard peers
add allowed-address=192.168.254.0/24,10.10.10.2/32 endpoint-address=\
12.30.127.98 endpoint-port=13231 interface=WireguardRock \
persistent-keepalive=10s public-key=\
"mykey2"
/ip address
add address=192.168.252.1/24 comment=defconf interface=bridge network=\
192.168.252.0
add address=10.10.10.1/24 interface=WireguardRock network=10.10.10.0
/ip route
add disabled=no distance=1 dst-address=192.168.254.0/24 gateway=10.10.10.2 \
pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
target-scope=10
Now this I see this, it's odd that the remote office doesnt show the other routes....