Community discussions

MikroTik App
 
aliengen
just joined
Topic Author
Posts: 1
Joined: Wed Mar 29, 2023 2:59 pm

Wireguard Mikrotik's S2S redirect all traffic

Wed Mar 29, 2023 3:13 pm

Hello,
I have a small problem and I'm unable to solve it on my own.
I have 3 Mikrotik devices and I want to configure them in the following way using wireguard (right now I'm using GRE tunnel and it works just fine):
MT #1 should send all it's traffic to MT #2 (to change IP address of devices connected to MT #1). At the same time MT #1 should also be connected to MT #3 in order to access it's LAN (for remote workers to access machines via RDP). MT#2 and MT#3 are not directly connect to each other.
As of now I created Wireguard interfaces and peers. Connecting MT#1 to MT#3 in order to access machines via RDP is not a problem at all. But when I'm trying to connect MT #1 to MT#2 in order to change IP addresses of connected devices everything goes south. I didn't even manage to make MT #1 to MT #3 work (without connecting to MT #2).
If anyone could help me resolve this problem I'll be very grateful.

I'm new to this forum and this is my first post. If there is anything I missed or wrote wrong, please forgive me. I'll be happy to provide any information.

Thank you again!
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Wireguard Mikrotik's S2S redirect all traffic

Wed Mar 29, 2023 7:12 pm

In general --> viewtopic.php?t=182373
New Poster --> viewtopic.php?p=908118
Basically a diagram speaks volumes
Config of all three devices required
/export file=anynameyouwish ( minus router serial number and any publicWANIP information )

However, you should also from the first link read PARA F
What we need to know is if the device (M1) that needs to go out INTERNET (presume on M2) but also go to subnets on M3, is the server for handshake.
If so, what you ask will not be possible on a single wg interface.
Reason being is allowed IPs for peers
if M1 to PEER M2 allowed IPs is 0.0.0.0/0 then the router will never choose
M1 to Peer M3 for subnets as the router will already have selected M1.

Now you can work around by in ORDER put M3 as the first peer in the router config
and then all requests to go to M3 subnets will go to the M3 peer
everything else will be picked up by M2 peer

Not necessarily recommended and by the way you have not noted any traffic requirements yet between M2 and M3

Who is online

Users browsing this forum: UkRainUa and 51 guests