I have working wireguard interface, but I dont know how to redirect local interaces/bridges to it without any leaks.
Code:
/interface bridgeadd admin-mac=A6:E0:94: auto-mac=no frame-types=admit-only-vlan-tagged \ name=bridge1 pvid=99 vlan-filtering=yesadd name=msqt/interface wireguardadd listen-port=15000 mtu=1420 name=wg1/interface vethadd address=172.19.0.2/24 gateway=172.19.0.1 gateway6="" name=veth2/interface vlanadd comment=VLAN10-WIFI-IOT interface=bridge1 name=bridge1.10 vlan-id=10add comment=VLAN200-WIFI-GUEST interface=bridge1 name=bridge1.200 vlan-id=200/interface wifiadd configuration.mode=ap .ssid="WIFI IOT" disabled=no mac-address=\ 4A:A9:8A master-interface=wifi2 name=WIFI-IOT \ security.authentication-types=wpa2-psk .dh-groups=21 .disable-pmkid=yes \ .group-encryption=ccmp .management-protection=requiredadd configuration.mode=ap .ssid=kGuest datapath.client-isolation=yes disabled=\ no mac-address=4A:A9: master-interface=wifi2 name=kGuest \ security.authentication-types=wpa2-psk,wpa3-psk .dh-groups=21 \ .disable-pmkid=yes .group-encryption=ccmp .management-protection=required/interface listadd name=WAN/ip pooladd name=dhcp_pool1 ranges=10.1.0.200-10.1.0.254add name=dhcp_pool6 ranges=10.10.0.200-10.10.0.254add name=dhcp_pool7 ranges=172.16.0.200-172.16.0.254add name=dhcp_pool8 ranges=10.2.0.200-10.2.0.254/ip dhcp-serveradd address-pool=dhcp_pool1 interface=ether4 lease-time=1h name=dhcp1add address-pool=dhcp_pool6 comment="VLAN10 / WIFI IOT" interface=bridge1.10 \ lease-time=1h name=dhcp2add address-pool=dhcp_pool7 interface=bridge1.200 lease-time=1h name=dhcp3add address-pool=dhcp_pool8 interface=ether3 lease-time=1h name=dhcp4/interface bridge portadd bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \ interface=WIFI-IOT pvid=10add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \ interface=kGuest pvid=200add bridge=msqt interface=veth2/ip neighbor discovery-settingsset discover-interface-list=!dynamic/interface bridge vlanadd bridge=bridge1 tagged=bridge1 vlan-ids=10add bridge=bridge1 tagged=bridge1 vlan-ids=200/interface list memberadd interface=ether1 list=WAN/interface wireguard peersadd allowed-address=10.7.0.0/28,192.168.88.1/24 endpoint-address=HIDDEN \ endpoint-port=15000 interface=wg1 persistent-keepalive=50s private-key=\ /ip addressadd address=10.1.0.1/24 interface=ether4 network=10.1.0.0add address=10.10.0.1/24 comment="VLAN10/ WIFI IOT" interface=bridge1.10 \ network=10.10.0.0add address=172.16.0.1/24 comment="VLAN 200/ GUEST WIFI" interface=bridge1.200 \ network=172.16.0.0add address=172.19.0.1/24 interface=msqt network=172.19.0.0add address=10.7.0.2/28 interface=wg1 network=10.7.0.0add address=10.2.0.1/24 interface=ether3 network=10.2.0.0/ip dhcp-clientadd interface=ether1 use-peer-dns=no/ip dhcp-server leaseadd address=10.1.0.10 client-id=1 mac-address=\ D8:5E:D3 server=dhcp1/ip dhcp-server networkadd address=10.1.0.0/24 gateway=10.1.0.1add address=10.2.0.0/24 gateway=10.2.0.1add address=10.10.0.0/24 gateway=10.10.0.1add address=172.16.0.0/24 gateway=172.16.0.1/ip dnsset allow-remote-requests=yes use-doh-server=https://1.1.1.1/dns-query/ip firewall address-listadd address=sdfsdfsdfsdf.sn.mynetname.net list=whitelist/ip firewall filteradd action=accept chain=forward comment=Established/Related connection-state=\ established,related,untrackedadd action=accept chain=input comment=Established/Related connection-state=\ established,related,untrackedadd action=drop chain=forward comment="invalid WAN" connection-state=invalid \ in-interface-list=WANadd action=drop chain=input comment="invalid WAN" connection-state=invalid \ in-interface-list=WANadd action=drop chain=forward in-interface=bridge1.200 out-interface-list=!WANadd action=accept chain=input comment="WAN icmp" in-interface-list=WAN \ packet-size=0-128 protocol=icmp src-address-list=whitelistadd action=drop chain=input in-interface-list=WANadd action=drop chain=forward connection-nat-state=!dstnat connection-state=new \ in-interface-list=WAN/ip firewall natadd action=masquerade chain=srcnat/ip routeadd disabled=no dst-address=192.168.88.0/24 gateway=wg1 routing-table=main \ suppress-hw-offload=noStatistics: Posted by netguy13 — Thu Dec 28, 2023 12:19 am