I used CCR2116-12G-4S+ router,having problem in setup wireguard with PCC loadbalance 6 wan pppoe
I can connect in my WireGuard inside my network through wifi but in my android mobile data carrier, I can't connect returning that handshake error.
I tried many ways, even reset config but no luck
please help me troubleshoot
here my config
Code: Select all
/interface pppoe-client
add add-default-route=yes disabled=no interface=WAN1 \
name=WAN1e user=u1
add add-default-route=yes interface=WAN2 name=WAN2e \
user=u2
add add-default-route=yes disabled=no interface=WAN3 \
name=WAN3e user=u3
add add-default-route=yes disabled=no interface=WAN4 \
name=WAN4e user=u4
add add-default-route=yes disabled=no interface=WAN5 \
name=WAN5e user=u5
add add-default-route=yes disabled=no interface=WAN6 \
name=WAN6e user=u6
/interface wireguard
add listen-port=13231 mtu=1412 name=LANWG
/interface list
add name=VLL
add name=WAN
/routing table
add fib name=toWAN4
add fib name=toWAN1
add fib name=toWAN2
add fib name=toWAN3
add fib name=toWAN5
add fib name=toWAN6
/interface wireguard peers
add allowed-address=172.16.112.11/32 interface=LANWG \
public-key="LP//7H4dp85JIGuU/HU+eUuIrHpoQ/CTRJrf5kd483s="
add allowed-address=172.16.112.12/32 interface=LANWG \
public-key="OyJ754rsXl86bIq+YOVaCxMwnN4EH2/u/Ce5XzJNiR0="
add allowed-address=172.16.112.14/32 interface=LANWG \
public-key="LiZWtSFNoSXSdfetWV7INq/KK0z+QS8VTQclKnPy8QE="
add allowed-address=172.16.112.15/32 interface=LANWG public-key=\
"LNpSI1vlMn0JMf3dYn/VtsCXHwUho+1DLhnQre/9YGI="
/ip address-list
add address=0.0.0.0/8 comment="This Network" list=BOGONS
add address=10.0.0.0/8 comment="Private-Use Networks" list=BOGONS
add address=100.64.0.0/10 comment="Shared Address Space. RFC 6598" list=\
BOGONS
add address=127.0.0.0/8 comment=Loopback list=BOGONS
add address=169.254.0.0/16 comment="Link Local" list=BOGONS
add address=172.16.0.0/12 comment="Private-Use Networks" list=BOGONS
add address=192.0.0.0/24 comment="IETF Protocol Assignments" list=BOGONS
add address=192.0.2.0/24 comment=TEST-NET-1 list=BOGONS
add address=192.168.0.0/16 comment="Private-Use Networks" list=BOGONS
add address=198.18.0.0/15 comment=\
"Network Interconnect Device Benchmark Testing" list=BOGONS
add address=198.51.100.0/24 comment=TEST-NET-2 list=BOGONS
add address=203.0.113.0/24 comment=TEST-NET-3 list=BOGONS
add address=224.0.0.0/4 comment=Multicast list=BOGONS
add address=192.88.99.0/24 comment="6to4 Relay Anycast" list=BOGONS
add address=240.0.0.0/4 comment="Reserved for Future Use" list=BOGONS
add address=255.255.255.255 comment="Limited Broadcast" list=BOGONS
/ip firewall filter
add action=accept chain=input comment=Wireguard dst-port=13231 log=yes \
protocol=udp
add action=accept chain=forward connection-nat-state=dstnat disabled=yes
add action=drop chain=forward comment="drop local subnet connect together" \
disabled=yes dst-address-list=*insidelist src-address-list=*insidelist
/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface=WAN6e new-connection-mark=WAN6_conn passthrough=no
add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface=WAN1e new-connection-mark=WAN1_conn passthrough=no
add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface=WAN4e new-connection-mark=WAN4_conn passthrough=no
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=\
yes in-interface=WAN2e new-connection-mark=WAN4_conn passthrough=no
add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface=WAN5e new-connection-mark=WAN5_conn passthrough=no
add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface=WAN3e new-connection-mark=WAN3_conn passthrough=no
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-list=!BOGONS dst-address-type=!local in-interface=WAN1e \
new-connection-mark=WAN1_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=\
yes dst-address-list=!BOGONS dst-address-type=!local in-interface=WAN2e \
new-connection-mark=WAN2_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-list=!BOGONS dst-address-type=!local in-interface=WAN3e \
new-connection-mark=WAN3_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-list=!BOGONS dst-address-type=!local in-interface=WAN4e \
new-connection-mark=WAN4_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-list=!BOGONS dst-address-type=!local in-interface=WAN5e \
new-connection-mark=WAN5_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-list=!BOGONS dst-address-type=!local in-interface=WAN6e \
new-connection-mark=WAN6_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-list=!BOGONS dst-address-type=!local new-connection-mark=\
WAN1_conn passthrough=yes per-connection-classifier=\
both-addresses-and-ports:6/0
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-list=!BOGONS dst-address-type=!local new-connection-mark=\
WAN5_conn passthrough=yes per-connection-classifier=\
both-addresses-and-ports:6/1
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-list=!BOGONS dst-address-type=!local new-connection-mark=\
WAN3_conn passthrough=yes per-connection-classifier=\
both-addresses-and-ports:6/2
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-list=!BOGONS dst-address-type=!local new-connection-mark=\
WAN4_conn passthrough=yes per-connection-classifier=\
both-addresses-and-ports:6/3
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-list=!BOGONS dst-address-type=!local new-connection-mark=\
WAN5_conn passthrough=yes per-connection-classifier=\
both-addresses-and-ports:6/4
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-list=!BOGONS dst-address-type=!local new-connection-mark=\
WAN6_conn passthrough=yes per-connection-classifier=\
both-addresses-and-ports:6/5
add action=mark-routing chain=prerouting connection-mark=WAN1_conn \
dst-address-type=!local in-interface-list=!WAN new-routing-mark=toWAN1 \
passthrough=no
add action=mark-routing chain=prerouting connection-mark=WAN2_conn \
dst-address-type=!local in-interface-list=!WAN new-routing-mark=toWAN5 \
passthrough=no
add action=mark-routing chain=prerouting connection-mark=WAN3_conn \
dst-address-type=!local in-interface-list=!WAN new-routing-mark=toWAN3 \
passthrough=no
add action=mark-routing chain=prerouting connection-mark=WAN4_conn \
dst-address-type=!local in-interface-list=!WAN new-routing-mark=toWAN4 \
passthrough=no
add action=mark-routing chain=prerouting connection-mark=WAN5_conn \
dst-address-type=!local in-interface-list=!WAN new-routing-mark=toWAN5 \
passthrough=no
add action=mark-routing chain=prerouting connection-mark=WAN6_conn \
dst-address-type=!local in-interface-list=!WAN new-routing-mark=toWAN6 \
passthrough=no
add action=mark-routing chain=output connection-mark=WAN1_conn \
dst-address-type=!local new-routing-mark=toWAN1 passthrough=no
add action=mark-routing chain=output connection-mark=WAN2_conn \
dst-address-type=!local new-routing-mark=toWAN2 passthrough=no
add action=mark-routing chain=output connection-mark=WAN3_conn \
dst-address-type=!local new-routing-mark=toWAN3 passthrough=no
add action=mark-routing chain=output connection-mark=WAN4_conn \
dst-address-type=!local new-routing-mark=toWAN4 passthrough=no
add action=mark-routing chain=output connection-mark=WAN5_conn \
dst-address-type=!local new-routing-mark=toWAN5 passthrough=no
add action=mark-routing chain=output connection-mark=WAN6_conn \
dst-address-type=!local new-routing-mark=toWAN6 passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat out-interface=WAN6e
add action=masquerade chain=srcnat out-interface=WAN1e
add action=masquerade chain=srcnat out-interface=WAN4e
add action=masquerade chain=srcnat disabled=yes out-interface=WAN2e
add action=masquerade chain=srcnat out-interface=WAN5e
add action=masquerade chain=srcnat out-interface=WAN3e
add action=masquerade chain=srcnat out-interface=LANWG
add action=masquerade chain=srcnat dst-address-list=*outside src-address-list=*inside
/ip route
add disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=WAN1e pref-src="" \
routing-table=toWAN1 scope=30 suppress-hw-offload=no target-scope=10
add disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=WAN2e pref-src="" \
routing-table=toWAN2 scope=30 suppress-hw-offload=no target-scope=10
add disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=WAN3e pref-src="" \
routing-table=toWAN3 scope=30 suppress-hw-offload=no target-scope=10
add disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=WAN4e pref-src="" \
routing-table=toWAN4 scope=30 suppress-hw-offload=no target-scope=10
add disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=WAN5e pref-src="" \
routing-table=toWAN5 scope=30 suppress-hw-offload=no target-scope=10
add disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=WAN6e pref-src="" \
routing-table=toWAN6 scope=30 suppress-hw-offload=no target-scope=10
add disabled=yes distance=3 dst-address=0.0.0.0/0 gateway=WAN6e pref-src="" \
routing-table=toWAN6 scope=30 suppress-hw-offload=no target-scope=10
add disabled=yes distance=2 dst-address=0.0.0.0/0 gateway=WAN1e pref-src="" \
routing-table=toWAN1 scope=30 suppress-hw-offload=no target-scope=10
add disabled=yes distance=4 dst-address=0.0.0.0/0 gateway=WAN4e pref-src="" \
routing-table=toWAN4 scope=30 suppress-hw-offload=no target-scope=10
add disabled=yes distance=6 dst-address=0.0.0.0/0 gateway=WAN2e pref-src="" \
routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=WAN5e pref-src="" \
routing-table=toWAN5 scope=30 suppress-hw-offload=no target-scope=10
add disabled=yes distance=5 dst-address=0.0.0.0/0 gateway=WAN3e pref-src="" \
routing-table=toWAN3 scope=30 suppress-hw-offload=no target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=WAN1e pref-src="" \
routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add disabled=yes distance=2 dst-address=0.0.0.0/0 gateway=WAN2e pref-src="" \
routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add disabled=no distance=3 dst-address=0.0.0.0/0 gateway=WAN3e pref-src="" \
routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add disabled=no distance=4 dst-address=0.0.0.0/0 gateway=WAN4e pref-src="" \
routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add disabled=no distance=5 dst-address=0.0.0.0/0 gateway=WAN5e pref-src="" \
routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add disabled=no distance=6 dst-address=0.0.0.0/0 gateway=WAN6e pref-src="" \
routing-table=main scope=30 suppress-hw-offload=no target-scope=10