Trying to setup a site to site VPN between PFsense and Mikrotik. From behind the PFsense (192.168.10.0/24)I can ping devices behind the Mikrotik (10.0.0.0/24), but not the other way around. Not sure if this is an issue on the Mikrotik or PFsense, but was hoping someone could see whats going on here or at least say that the Mikrotik config looks good. If it makes any difference, I have the Mikrotik only plugged in with the eth2 interface to the home internet router. From the Mikrotik interface I can ping it's site of the wireguard tunnel, 192.168.32.2, but not the other side of 192.168.32.1
Code:
/interface bridgeadd admin-mac=**ELIDED** auto-mac=no comment=defconf name=bridgeLocal \ port-cost-mode=short/interface wireguardadd listen-port=13231 mtu=1420 name=wireguard1/interface wireless security-profilesset [ find default=yes ] supplicant-identity=MikroTik/ip hotspot profileset [ find default=yes ] html-directory=hotspot/portset 0 name=serial0/interface bridge portadd bridge=bridgeLocal comment=defconf interface=ether1 internal-path-cost=10 \ path-cost=10add bridge=bridgeLocal comment=defconf interface=ether2 internal-path-cost=10 \ path-cost=10add bridge=bridgeLocal comment=defconf interface=ether3 internal-path-cost=10 \ path-cost=10add bridge=bridgeLocal comment=defconf interface=ether4 internal-path-cost=10 \ path-cost=10add bridge=bridgeLocal comment=defconf interface=ether5 internal-path-cost=10 \ path-cost=10/interface wireguard peersadd allowed-address=192.168.32.1/30,192.168.10.0/24 comment=HQ \ endpoint-address=**ELIDED** endpoint-port=**ELIDED** interface=wireguard1 \ persistent-keepalive=25s public-key="**ELIDED**"/ip addressadd address=192.168.32.2/30 interface=wireguard1 network=192.168.32.0/ip dhcp-clientadd comment=defconf interface=bridgeLocal/ip firewall filteradd action=accept chain=forward dst-address=192.168.10.0/24 src-address=\ 10.0.0.0/24add action=accept chain=forward dst-address=10.0.0.0/24 src-address=\ 192.168.10.0/24/ip routeadd disabled=no dst-address=192.168.10.0/24 gateway=wireguard1 routing-table=\ main suppress-hw-offload=no/system clockset time-zone-name=America/New_York/system noteset show-at-login=noStatistics: Posted by theconqueror — Fri Feb 02, 2024 9:25 pm