Community discussions

MikroTik App
 
renes
just joined
Topic Author
Posts: 3
Joined: Wed Sep 09, 2009 8:41 pm

WG-BGP

Mon Jan 02, 2023 9:26 am

does anyone know if it is correct and if it is possible to pass bgp through wireguard to two remote mikrotiks. could i have any example so i can try it ?
 
User avatar
sirbryan
Member
Member
Posts: 303
Joined: Fri May 29, 2020 6:40 pm
Location: Utah
Contact:

Re: WG-BGP

Tue Jan 03, 2023 2:25 pm

Yes it's possible. It's no different than running BGP over any other point-to-point link between two routers.

First, get the routers pinging each other via Wireguard. Then configure BGP using the Wireguard IP addresses.

Both kinds of examples are available on MikroTik's help pages, as well as throughout the forum.
 
elico
Member Candidate
Member Candidate
Posts: 143
Joined: Mon Nov 07, 2016 3:23 am

Re: WG-BGP

Mon Jun 26, 2023 11:06 pm

I had the devices ping each other over wireguard on 7.9 but now on 7.10 I can't do that.
Is there any know issue with that?

## EDIT

OK SO I found out what was the problem in my config on RouterOS.
I tried to understand what's wrong and eventually looked at:
https://markeclaudio.github.io/mikrotik ... generator/

which generated for me a set of configurations.
For example:
/interface wireguard
add listen-port=13231 mtu=1420 name=wg0 private-key="GDVFiBwfUaZWwWmNK3fiqfBs8ipOrgHJ0XCysM07AHE="

/ip firewall filter
add action=accept chain=input comment="Allow Wireguard from All" dst-port=13231 protocol=udp

/ip address
add address=172.22.0.1/24 comment="Wireguard Interface" interface=wg0 network=172.22.0.0

/interface wireguard peers

add allowed-address=172.22.0.2/32 comment="Client_2" endpoint-address=172.22.0.2 interface=wg0 public-key="Tuai6kXV1a/q9ZY4OPHwb0p/WUkPpOQEePbc9XZj9kw="

add allowed-address=172.22.0.3/32 comment="Client_3" endpoint-address=172.22.0.3 interface=wg0 public-key="aWGPG3x+TnivOjyAg6HEmtL/c5NJ/ZcBl/fqnsdTbVI="

add allowed-address=172.22.0.4/32 comment="Client_4" endpoint-address=172.22.0.4 interface=wg0 public-key="4nlmTSs+Y7DJJq6TUXHCOkjJAG6R2B6bYb+n28aoTFA="`
And what I noticed that there is an endpoint-address defined per client.
Which... I have not used in my 7.9.2 and worked fine.
When I am adding the endpoint-address of the peer it works as expected and I can ping each end and also can use the endpoint address for routing and other things.

I remember that in 7.9.2 it worked so it's worth testing and add it to the change log and documentation.

Who is online

Users browsing this forum: Bing [Bot] and 49 guests