I have been trying to connect to wireguard all morning through my public (dynamic) IP! After scouring the forum for similar problems, I tried different fixes, with no results.
When I changed my client's endpoint address to the local IP of my router, I got in! Tried again with the public IP (and the DDNS for that matter) but nothing. I even tried the server on different ports (with the accompanying firewall rules) and nothing.
Any ideas?
This is my config so far!
Code: Select all
# jan/12/2023 19:09:58 by RouterOS 7.7rc5
# software id = 9NWZ-PV3H
#
# model = RB3011UiAS
# serial number = ----------
/interface bridge
add name="Docker Bridge"
add name="LAN Bridge"
add name="WAN Bridge"
/interface ethernet
set [ find default-name=ether2 ] name=ether2-Ubiquiti_AP
set [ find default-name=ether3 ] name=ether3-SMPC
set [ find default-name=ether4 ] name=ether4-Server
set [ find default-name=ether7 ] name=ether7-Paradox
set [ find default-name=ether8 ] name=ether8-Brother_printer
set [ find default-name=ether9 ] name=ether9-WAN_Cosmote
set [ find default-name=ether10 ] name=ether10-WAN_Hotspot poe-out=off
/interface veth
add address=172.17.0.2/24 gateway=172.17.0.1 name=veth1-Adguard
/interface wireguard
add listen-port=13231 mtu=1420 name=wireguard1 private-key="oNUl.................6zwOB2M="
/container mounts
add dst=/opt/adguardhome/work name=adguard_workdir src=/SanDisk_Thumb/workdir
add dst=/opt/adguardhome/conf name=adguard_confdir src=/SanDisk_Thumb/confdir
/disk
set SanDisk_Thumb parent=usb1 partition-offset=512 partition-size="30 751 999 488" slot=SanDisk_Thumb
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool ranges=192.168.100.100-192.168.100.254
/ip dhcp-server
add address-pool=dhcp_pool authoritative=after-2sec-delay interface="LAN Bridge" lease-time=1d name=dhcp-lan
/port
set 0 name=serial0
/routing bgp template
set default disabled=no output.network=bgp-networks
/container
add interface=veth1-Adguard mounts=adguard_workdir,adguard_confdir root-dir=SanDisk_Thumb/pull workdir=/opt/adguardhome/work
/container config
set registry-url=https://registry-1.docker.io tmpdir=SanDisk_Thumb/pull
/interface bridge port
add bridge="LAN Bridge" ingress-filtering=no interface=ether1
add bridge="LAN Bridge" ingress-filtering=no interface=ether2-Ubiquiti_AP
add bridge="LAN Bridge" ingress-filtering=no interface=ether3-SMPC
add bridge="LAN Bridge" ingress-filtering=no interface=ether4-Server
add bridge="LAN Bridge" ingress-filtering=no interface=ether5
add bridge="LAN Bridge" ingress-filtering=no interface=ether6
add bridge="LAN Bridge" ingress-filtering=no interface=ether7-Paradox
add bridge="LAN Bridge" ingress-filtering=no interface=ether8-Brother_printer
add bridge="WAN Bridge" ingress-filtering=no interface=ether9-WAN_Cosmote
add bridge="WAN Bridge" ingress-filtering=no interface=ether10-WAN_Hotspot
add bridge="Docker Bridge" interface=veth1-Adguard
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface detect-internet
set detect-interface-list=all
/interface wireguard peers
add allowed-address=192.168.50.40/32 interface=wireguard1 public-key="2qCsK4rPM0MTkeE30snSVJHPm+WchnLHD4d/BTdU3lg="
/ip address
add address=192.168.100.1/24 interface="LAN Bridge" network=192.168.100.0
add address=10.0.0.2/24 interface="WAN Bridge" network=10.0.0.0
add address=192.168.1.2/24 interface="WAN Bridge" network=192.168.1.0
add address=172.17.0.1/24 interface="Docker Bridge" network=172.17.0.0
add address=192.168.50.1/24 interface=wireguard1 network=192.168.50.0
/ip cloud
set ddns-enabled=yes ddns-update-interval=1m
/ip dhcp-server lease
add address=192.168.100.9 client-id=1:f0:2f:74:21:e1:a3 mac-address=F0:2F:74:21:E1:A3 server=dhcp-lan
/ip dhcp-server network
add address=192.168.100.0/24 dns-server=192.168.100.1 gateway=192.168.100.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=172.17.0.2
/ip firewall filter
add action=drop chain=input comment="Drop Invalid" connection-state=invalid
add action=accept chain=input comment="Allow Wireguard traffic" src-address=192.168.50.0/24
add action=accept chain=input comment="Allow Wireguard" dst-port=13231 log=yes log-prefix="Wireguard Handshake - " protocol=udp
add action=accept chain=input comment="Allow WinBox" dst-port=8291 in-interface="LAN Bridge" protocol=tcp
add action=accept chain=input comment="Allow API" dst-port=8728 in-interface="LAN Bridge" protocol=tcp
add action=accept chain=input comment="Allow Pings" in-interface="LAN Bridge" protocol=icmp
add action=accept chain=input comment="Allow Established and Related" connection-state=established,related
add action=drop chain=input comment="Drop ALL" in-interface="WAN Bridge"
add action=drop chain=forward comment="Drop Invalid" connection-state=invalid
/ip firewall nat
add action=masquerade chain=srcnat comment="Hairpin for Lan" dst-address=192.168.100.0/24 src-address=192.168.100.0/24
add action=masquerade chain=srcnat comment="Masq for Lan" out-interface="WAN Bridge"
add action=masquerade chain=srcnat comment="Masq for docker" out-interface="WAN Bridge" src-address=172.17.0.0/24
add action=dst-nat chain=dstnat comment="Adguard Web Interface" dst-address=192.168.100.1 dst-port=888 in-interface="LAN Bridge" \
log-prefix=docker protocol=tcp to-addresses=172.17.0.2 to-ports=80
add action=dst-nat chain=dstnat comment="Server SSH" dst-port=32000 log=yes log-prefix=SSH_CONN_SERVER protocol=tcp to-addresses=\
192.168.100.100 to-ports=22
add action=dst-nat chain=dstnat comment="Desktop SSH" disabled=yes dst-port=32001 log=yes log-prefix=SSH_CONN_DESKTOP protocol=tcp \
to-addresses=192.168.100.9 to-ports=22
add action=dst-nat chain=dstnat comment="HTTPS from WAN" dst-port=443 in-interface="WAN Bridge" log=yes log-prefix=HTTPS_WAN protocol=\
tcp to-addresses=192.168.100.100 to-ports=443
add action=dst-nat chain=dstnat comment=Plex dst-port=32400 protocol=tcp to-addresses=192.168.100.100 to-ports=32400
add action=dst-nat chain=dstnat comment=Plex dst-port=32400 protocol=udp to-addresses=192.168.100.100 to-ports=32400
add action=dst-nat chain=dstnat comment=Gitea dst-port=32223 protocol=tcp to-addresses=192.168.100.100 to-ports=2223
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip route
add comment="5G hotspot GW" disabled=yes distance=10 dst-address=0.0.0.0/0 gateway=10.0.0.1
add disabled=no dst-address=0.0.0.0/0 gateway=192.168.1.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=192.168.100.0/24
set ssh address=192.168.100.0/24
set api disabled=yes
set api-ssl disabled=yes