Page 1 of 1

WireGuard connection site-to-site configuration

Posted: Mon Jun 24, 2024 6:18 pm
by serambca
RedLocal-Wireguard.png
Good afternoon,
I am having troubles to use WireGuard protocol to connect two sites between them.
I installed and configured Wireguard in each site and I can do ping to remote gateway.

For example:
Site A:
- Ping from Mikrotik to 10.99.255.2 - OK
- Ping from LAN to 10.0.2.0/24 - KO

Site B:
- Ping from Mikrotik to 10.99.255.1 - OK
- Ping from LAN to 10.0.1.0/24 - KO

I added Wireguard routes to other gateway but I can't access to subnet remotely.

Site A:

/ip/route/print
Flags: D - DYNAMIC; A - ACTIVE; c - CONNECT, s - STATIC, d - DHCP
Columns: DST-ADDRESS, GATEWAY, DISTANCE
# DST-ADDRESS GATEWAY DISTANCE
DAd 0.0.0.0/0 192.168.200.1 3
DAc 10.0.1.0/24 Bridge_LAN 0
;;; Ruta acceder a la subred de SVM desde tunel WireGuard
0 As 10.0.2.0/24 10.99.255.2 1
DAc 10.99.255.2/32 WireGuard-FYA 0
1 As 192.168.10.0/24 10.99.255.2 1
DAc 192.168.200.0/24 ether1 0

Site B:
/ip/route/print
Flags: D - DYNAMIC; I - INACTIVE, A - ACTIVE; c - CONNECT, s - STATIC, d - DHCP; H - HW-OFFLOADED
Columns: DST-ADDRESS, GATEWAY, DISTANCE
# DST-ADDRESS GATEWAY DISTANCE
DAd 0.0.0.0/0 192.168.10.1 3
;;; Ruta acceder a la subred de SVM desde tunel WireGuard
0 As 10.0.1.0/24 WireGuard-SVM 1
;;; Ruta para acceder a la subred de FYA desde tunel L2TP
1 IsH 10.0.1.0/24 10.98.255.1 2
DAc 10.0.2.0/24 Bridge_LAN 0
DAc 10.99.255.1/32 WireGuard-SVM 0
DAc 192.168.10.0/24 ether1 0
2 As 192.168.200.0/24 10.99.255.1 1

In Allowed address in Wireguard SITE A:
0.0.0.0/0

In Allowed address in Wireguard SITE B:
10.99.255.2/32

I can't found the issue. I think the problem probably is about NAT or Firewall. Could you please help me?
Best regards,

Re: WireGuard connection site-to-site configuration

Posted: Tue Jun 25, 2024 12:24 am
by anav
BoTH configs
/export file=anynameyouwish (minus router serial number, any public WANIP information, keys etc.)