Community discussions

MikroTik App
 
MilkyMad
just joined
Topic Author
Posts: 1
Joined: Tue Jan 31, 2023 2:55 pm

WireGuard + Roadwarrior + IPsec subnets access

Tue Jan 31, 2023 4:01 pm

Hello there!
Need help in access to subnet behind IPsec tunnel for RoadWarrior
I have the hEX (MT-1) with 7.7 ROS as wireguard server, Roadwarrior on Win11 (RoWa), another hEX with 6.49 ROS (MT-2).
Between MTs there is IPsec tunnel, so there is full access 192.168.25.0/24 to 192.168.0.0/24 and vice versa.
As RoWa with split-tunneling I can connect to the network behind MT-1 (192.168.25.0/24) without any futher routing (WG IP for MT-1 is 10.10.33.1).
But can't access to 192.168.0.0/24. What should I do next and what i did wrong?

Routes that did not work for me (in MT-1):
dst 192.168.0.0/24 gw 10.10.33.1 (invalid)
dst 192.168.0.0/24 gw 10.10.33.3 (active, no result)
dst 10.0.0.0/24 gw 10.10.33.1 (invalid) (dst is a IP for MT-2 IPsec)
dst 10.0.0.0/24 gw 10.10.33.3 (active, no result)
Adding NAT rule at place-before/0 as src-nat accept between WG and remote LAN - nothing as result, but I can see traffic when trying to reach printer in 192.168.0.40

RoWa settings:
[Interface]
PrivateKey = *
Address = 10.10.33.3/32
DNS = 8.8.8.8
[Peer]
PublicKey = *
AllowedIPs = 192.168.25.0/24, 192.168.0.0/24
Endpoint = *:*
PersistentKeepalive = 10

Who is online

Users browsing this forum: Google [Bot], johnson73, StephenDig and 89 guests