Hello everyone!
I followed this video https://www.youtube.com/watch?v=vn9ky7p5ESM to configure my MT and my android smartphone and it's working fine on android.
After i created a new peer for my laptop (windows 11).
MT is on defconf plus the rules from the video.
Windows client configured like this:
[Interface]
PrivateKey = ...=
Address = 10.10.99.4/32
DNS = 9.9.9.9
[Peer]
PublicKey = ...=
AllowedIPs = 0.0.0.0/0
Endpoint = xxxxxxxxxxxx.sn.mynetname.net:13231
When i'm activating the wireguard interface on my windows it says it's active and the interface sends some data but recieved is 0 and i can't ping anything.
For testing purposes i had turned off the windows firewall and the network's firewall.
Any ideas where to start to troubleshoot this?
Re: Wireguard is working with android client but not with windows
My car does not start, I have not made any changes to how it comes out of the factory, except the tires.
I'm sending you a picture of the tires on Whats App, can you tell me why it's not starting?
I'm sending you a picture of the tires on Whats App, can you tell me why it's not starting?
Re: Wireguard is working with android client but not with windows
/export your config (minus serial number and any public WANIP info).
Assuming your MT has a reachable public WANIP.
Assuming your MT has a reachable public WANIP.
Re: Wireguard is working with android client but not with windows
Wireguard will ALWAYS send.
If received stays on 0, it's not working.
Since it works on your android client, the majority of the setup should be correct so probably a small config problem.
As indicated, export of your config please.
If received stays on 0, it's not working.
Since it works on your android client, the majority of the setup should be correct so probably a small config problem.
As indicated, export of your config please.
Re: Wireguard is working with android client but not with windows
update: i tried with a windows 10 laptop (with no success) but i tried also with an iphone and it's working fine like the android.
Anyway here is my config:
you are right, my bad! i will post my config at the end of this post!My car does not start...
Yes it has a public IP! Config is on the way!/export your config (minus serial number and any public WANIP info).
Assuming your MT has a reachable public WANIP.
That's why im confused because all the videos and posts that i watched for wireguard with mikrotik-server and windows-client shows the same configs.Wireguard will ALWAYS send. If received stays on 0, it's not working.
Since it works on your android client, the majority of the setup should be correct so probably a small config problem.
As indicated, export of your config please.
Anyway here is my config:
Code: Select all
# oct/19/2022 12:07:54 by RouterOS 7.5
# software id = KUEL-42ZL
#
# model = 2011UiAS-2HnD
# serial number = XxXxXxXxXxXxX
/interface bridge
add admin-mac=XX:XX:XX:XX:XX:XX auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether1 ] comment=Internet-Vodafone
set [ find default-name=ether2 ] comment=Synology#1
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
country=greece disabled=no distance=indoors frequency=auto installation=\
indoor mode=ap-bridge ssid=Koukis-Home wireless-protocol=802.11
/interface wireguard
add listen-port=13231 mtu=1420 name=wireguard1
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 name=pppoe-out1 \
use-peer-dns=yes user=guest@adsl.gr
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk group-ciphers=\
tkip,aes-ccm mode=dynamic-keys supplicant-identity=MikroTik \
unicast-ciphers=tkip,aes-ccm
/ip kid-control
add fri=0s-1d mon=0s-1d name=system-dummy sat=0s-1d sun=0s-1d thu=0s-1d tue=\
0s-1d tur-fri=0s-1d tur-mon=0s-1d tur-sat=0s-1d tur-sun=0s-1d tur-thu=\
0s-1d tur-tue=0s-1d tur-wed=0s-1d wed=0s-1d
/ip pool
add name=dhcp ranges=10.10.10.100-10.10.10.199
/ip dhcp-server
add address-pool=dhcp interface=bridge name=defconf
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge comment=defconf ingress-filtering=no interface=ether2
add bridge=bridge comment=defconf ingress-filtering=no interface=ether3
add bridge=bridge comment=defconf ingress-filtering=no interface=ether4
add bridge=bridge comment=defconf ingress-filtering=no interface=ether5
add bridge=bridge comment=defconf ingress-filtering=no interface=ether6
add bridge=bridge comment=defconf ingress-filtering=no interface=ether7
add bridge=bridge comment=defconf ingress-filtering=no interface=ether8
add bridge=bridge comment=defconf ingress-filtering=no interface=ether9
add bridge=bridge comment=defconf ingress-filtering=no interface=ether10
add bridge=bridge comment=defconf ingress-filtering=no interface=sfp1
add bridge=bridge comment=defconf ingress-filtering=no interface=wlan1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface detect-internet
set detect-interface-list=all
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=pppoe-out1 list=WAN
/interface ovpn-server server
set auth=sha1,md5
/interface wireguard peers
add allowed-address=10.10.99.2/32 comment="Sony Xperia 5" interface=\
wireguard1 persistent-keepalive=25s public-key=\
"XxXxX...="
add allowed-address=10.10.99.3/32 comment=iPhone-Tassos interface=wireguard1 \
persistent-keepalive=25s public-key=\
"XxXxX..."
add allowed-address=10.10.99.4/32 comment=Asus-Laptop endpoint-address="" \
interface=wireguard1 persistent-keepalive=25s public-key=\
"XxXxX...="
/ip address
add address=10.10.10.1/24 comment=defconf interface=bridge network=10.10.10.0
add address=10.10.99.1/24 interface=wireguard1 network=10.10.99.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment=defconf disabled=yes interface=ether1
/ip dhcp-server lease
add address=10.10.10.30 client-id=1:0:11:32:5d:ad:93 comment=Synology#1 \
mac-address=XX:XX:XX:XX:XX:XX server=defconf
add address=10.10.10.2 client-id=1:56:fd:3e:e9:eb:4 comment="Sony Xperia 5" \
mac-address=XX:XX:XX:XX:XX:XX server=defconf
/ip dhcp-server network
add address=10.10.10.0/24 comment=defconf dns-server=9.9.9.9,1.1.1.1 gateway=\
10.10.10.1 netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=10.10.10.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=Wireguard1 dst-port=13231 protocol=udp
add action=accept chain=input src-address=10.10.99.0/24
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid disabled=yes
add action=drop chain=input comment="defconf: drop ICMP" disabled=yes \
protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
disabled=yes in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat comment=Plex dst-port=32400 protocol=tcp \
to-addresses=10.10.10.30 to-ports=32400
add action=dst-nat chain=dstnat comment=Torrents-Synology dst-port=16881 \
protocol=tcp to-addresses=10.10.10.30 to-ports=16881
/lcd interface pages
set 0 interfaces="sfp1,ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8\
,ether9,ether10"
/system clock
set time-zone-name=Europe/Athens
/system identity
set name=MikroTik-Router
/system package update
set channel=development
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Re: Wireguard is working with android client but not with windows [SOLVED]
Please confirm (since not shown):
Public key of windows client peer on laptop = public key shown on Mikrotik INTERFACE
Public key of Mikrotik peer for this Windows client = Public key shown on top of peer window in windows
Each peer you have defined on Mikrotik side has a unique public key ?
Public key of windows client peer on laptop = public key shown on Mikrotik INTERFACE
Public key of Mikrotik peer for this Windows client = Public key shown on top of peer window in windows
Each peer you have defined on Mikrotik side has a unique public key ?
Re: Wireguard is working with android client but not with windows
Yes, yes and correctPlease confirm (since not shown):
Public key of windows client peer on laptop = public key shown on Mikrotik INTERFACE
Public key of Mikrotik peer for this Windows client = Public key shown on top of peer window in windows
Each peer you have defined on Mikrotik side has a unique public key ?
You do not have the required permissions to view the files attached to this post.
Re: Wireguard is working with android client but not with windows
Conclusion, there is still something blocking the windows laptop seeing as the android and iphone clients work just fine.
Re: Wireguard is working with android client but not with windows
I agree but what can it be?Conclusion, there is still something blocking the windows laptop seeing as the android and iphone clients work just fine.
Testing done from all devices behind same firewall without any fancy rule. (I had it closed also for testing purposes)
Android and iphone working fine. Two laptops (mine win11 and other win10) can't connect.
I tried to replicate everything with 443 port instead 13231 but i had the same issues as before.
Can my problem be related to routes of my windows machine?
I don;t know if this is helpful but when i'm activating the tunnel i loose connection to internet and when i'm deactivating internet is comng back.
Re: Wireguard is working with android client but not with windows
Happy times!! Everything is fixed!!
Probably i had wrong publickeys for the windows machines inside the MT wireguard peers.
Thank you all for your time!!
Probably i had wrong publickeys for the windows machines inside the MT wireguard peers.
Thank you all for your time!!