A long time ago, I set up a router running 6.x to forward all traffic from a specific internal IP to an OpenVPN connection.
When I upgraded everything (including router) I moved to the 7.x OS. There was an auto-upgrade of my config, including changing the routing that I was doing. I didn't pay that much attention because it still seemed to work.
The OpenVPN connection was replaced by Wireguard, which appears to be working ok.
My problem is that I don't think all my traffic is being directed over the wireguard link.
In paricular, uploading anything seems to take forever, and often fails. But a normal wireguard client connection from another system to the same remote server works fine.
I am missing something in this config, and I just can't see it....
Just the relevant bits:
====================================
/interface wireguard
add listen-port=13232 mtu=1420 name=wireguard2
/routing table
add fib name=VPN
/interface wireguard peers
add allowed-address=0.0.0.0/0 endpoint-address=3.11.140.NNN endpoint-port=\
51820 interface=wireguard2 persistent-keepalive=25s public-key=\
"mF7TFCjkSUrPVZ+/AteLLNvmLQzJXXXXXXXXXXXXXXXX="
add address=10.9.0.128 interface=wireguard2 network=10.9.0.0
/ip firewall mangle
add action=mark-routing chain=prerouting comment=\
";;; Tag packets for WireGuard link to UK" new-routing-mark=VPN \
passthrough=yes src-address=10.0.0.23
/ip firewall nat
add action=masquerade chain=srcnat comment="WG-UK VPN" out-interface=\
wireguard2
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=wireguard2 pref-src=\
"" routing-table=VPN scope=30 suppress-hw-offload=no target-scope=10
When I upgraded everything (including router) I moved to the 7.x OS. There was an auto-upgrade of my config, including changing the routing that I was doing. I didn't pay that much attention because it still seemed to work.
The OpenVPN connection was replaced by Wireguard, which appears to be working ok.
My problem is that I don't think all my traffic is being directed over the wireguard link.
In paricular, uploading anything seems to take forever, and often fails. But a normal wireguard client connection from another system to the same remote server works fine.
I am missing something in this config, and I just can't see it....
Just the relevant bits:
====================================
/interface wireguard
add listen-port=13232 mtu=1420 name=wireguard2
/routing table
add fib name=VPN
/interface wireguard peers
add allowed-address=0.0.0.0/0 endpoint-address=3.11.140.NNN endpoint-port=\
51820 interface=wireguard2 persistent-keepalive=25s public-key=\
"mF7TFCjkSUrPVZ+/AteLLNvmLQzJXXXXXXXXXXXXXXXX="
add address=10.9.0.128 interface=wireguard2 network=10.9.0.0
/ip firewall mangle
add action=mark-routing chain=prerouting comment=\
";;; Tag packets for WireGuard link to UK" new-routing-mark=VPN \
passthrough=yes src-address=10.0.0.23
/ip firewall nat
add action=masquerade chain=srcnat comment="WG-UK VPN" out-interface=\
wireguard2
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=wireguard2 pref-src=\
"" routing-table=VPN scope=30 suppress-hw-offload=no target-scope=10
Statistics: Posted by PhilipPeake — Wed Feb 14, 2024 12:45 am