Community discussions

MikroTik App
 
ckyrias
just joined
Topic Author
Posts: 2
Joined: Wed May 27, 2020 10:33 pm

OSPFv2 over Wireguard

Tue Oct 18, 2022 7:51 pm

Hi,
i'm new to OSPF. I'm trying to connect 3 Routers over WG( more later). I'm simulating this scenario on eve. I've setup the wireguard peers succesfully.
I've enabled the OSPF and have established connections with neighbours. R1 is the wireguard server. Topology:

Image

i have different wg interfaces and ports for each peer. all in the same subnet 90.90.12.0/24
i have added 224.0.0.0/24 in the WG peers.


i have communication between R1-R2 and R1-R3 with the current configs but not between R2-R3. Any input would be appreciated.


R1 Configuration
/interface bridge
add arp=proxy-arp name=Loopback
add arp=proxy-arp name=bridgeLAN
/interface wireguard
add listen-port=13231 mtu=1420 name=wg2
add listen-port=13233 mtu=1420 name=wg3
add disabled=yes listen-port=13235 mtu=1420 name=wg5
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=192.168.10.2-192.168.10.254
/ip dhcp-server
add address-pool=dhcp_pool0 interface=bridgeLAN name=dhcp1
/port
set 0 name=serial0
/routing id
add disabled=no id=9.9.9.1 name=9.9.9.1 select-dynamic-id=""
/routing ospf instance
add disabled=no name=ospf-instance-1 originate-default=always router-id=9.9.9.1
/routing ospf area
add disabled=no instance=ospf-instance-1 name=ospf-area-1
/interface bridge port
add bridge=bridgeLAN interface=ether2
add bridge=bridgeLAN interface=ether3
add bridge=bridgeLAN interface=ether4
/interface wireguard peers
add allowed-address=90.90.12.102/32,192.168.20.0/24,224.0.0.0/24 comment="to R2" endpoint-address=\
    192.168.40.130 endpoint-port=13231 interface=wg2 persistent-keepalive=25s public-key=\
    "oLLt0FWruEEAFp5PPmp8KiU+EkHfPGkaI4nZMaplPDs="
add allowed-address=90.90.12.103/32,192.168.30.0/24,224.0.0.0/24 comment="to R3" endpoint-address=\
    192.168.40.131 endpoint-port=13233 interface=wg3 persistent-keepalive=25s public-key=\
    "bv0L8Km40xd4FpOkKLpVRsa95GMIbJ1zKqH1IqusWiQ="
add allowed-address=90.90.12.105/32,192.168.50.0/24,224.0.0.0/24 comment="to R5" disabled=yes \
    endpoint-address=192.168.40.133 endpoint-port=13235 interface=wg5 persistent-keepalive=25s public-key=\
    "FlW3QsOYA0h9QLcU5RsmL60Nd+LiSegSlcJ+gHwVoCw="
/ip address
add address=192.168.10.1/24 interface=bridgeLAN network=192.168.10.0
add address=90.90.12.2/24 interface=wg2 network=90.90.12.0
add address=90.90.12.3/24 interface=wg3 network=90.90.12.0
add address=9.9.9.1 interface=Loopback network=9.9.9.1
add address=90.90.12.5/24 interface=wg5 network=90.90.12.0
/ip dhcp-client
add interface=ether1
/ip dhcp-server network
add address=192.168.10.0/24 gateway=192.168.10.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
/routing ospf interface-template
add area=ospf-area-1 auth-key="" disabled=no interfaces=wg2,wg3 type=ptmp-broadcast
add area=ospf-area-1 disabled=no interfaces=bridgeLAN type=ptp
/system identity
set name=R1

R2 Configuration
/interface bridge
add arp=proxy-arp name=Loopback
add arp=proxy-arp name=bridgeLAN
/interface wireguard
add listen-port=13231 mtu=1420 name=wgR2
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=192.168.20.2-192.168.20.254
/ip dhcp-server
add address-pool=dhcp_pool0 interface=bridgeLAN name=dhcp1
/port
set 0 name=serial0
/routing id
add disabled=no id=9.9.9.2 name=9.9.9.2 select-dynamic-id=""
/routing ospf instance
add disabled=no name=ospf-instance-1 originate-default=always router-id=9.9.9.2
/routing ospf area
add disabled=no instance=ospf-instance-1 name=ospf-area-1
/interface bridge port
add bridge=bridgeLAN interface=ether2
add bridge=bridgeLAN interface=ether3
add bridge=bridgeLAN interface=ether4
/interface wireguard peers
add allowed-address=90.90.12.2/32,192.168.10.0/24,224.0.0.0/24 comment="to R1" \
    endpoint-address=192.168.40.129 endpoint-port=13231 interface=wgR2 \
    persistent-keepalive=25s public-key=\
    "F0wVnvFHBfwaQfmWphkZQeBYthX7cCh4AsuG0IOde1M="
/ip address
add address=192.168.20.1/24 interface=bridgeLAN network=192.168.20.0
add address=90.90.12.102/24 interface=wgR2 network=90.90.12.0
add address=9.9.9.2 interface=Loopback network=9.9.9.2
/ip dhcp-client
add interface=ether1
/ip dhcp-server network
add address=192.168.20.0/24 gateway=192.168.20.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
/routing ospf interface-template
add area=ospf-area-1 disabled=no interfaces=wgR2 type=ptmp-broadcast
add area=ospf-area-1 disabled=no interfaces=bridgeLAN type=ptp
/system identity
set name=R2
R3 is the same with R2 on with 192.168.30.0/24 subnet.
 
joshhboss
Member Candidate
Member Candidate
Posts: 273
Joined: Thu Aug 01, 2019 2:13 pm

Re: OSPFv2 over Wireguard

Sat Feb 18, 2023 9:03 pm

Did you ever get this going? I always had a problem with this setup using the spoke routers with the /24.. I ended up using separate /30 tunnels. setting the address as /32 for the wg interface wont allow it to work.. On Pfsense and Edge Routers its not a problem and It works fine..

Who is online

Users browsing this forum: loloski and 17 guests