Hello, I am trying to setup WireGuard so i can establish VPN connection have access to my local LAN resources and also have internet via VPN for the connected clients. Scenario is that my Mikrotik RB750Gr3 is acting as the main router for my LAN, ether1 is my WAN interface which is connected to the ISP router that is supposed to provide internet to the RB750Gr3 router.
I am capable of port forwarding (-though i am not sure whether it works correctly-) in the ISP router (RB750Gr3 is getting a private IP in ether1) and i can use PPPoE Passthrough technique to get a public IP address from my ISP in the RB750Gr3 router. I have worked both scenarios but none seems to work. In the client side i am getting "Handshake did not complete after 5 Seconds" and i am definetely sure i have made the correct settings for the connection to the WireGuard VPN server.
On the WAN Status of my ISP Router i have MAP-E IPv4 Address which i dont know exactly whether is the cause of the problem. I am not behind CG-NAT (i have asked my ISP to do that) as i can see the same public IP on the internet as shown in my ISP router web interface. Can anyone help me? Am i missing something?
Thanks in advance,
Below my router's configuration:
I am capable of port forwarding (-though i am not sure whether it works correctly-) in the ISP router (RB750Gr3 is getting a private IP in ether1) and i can use PPPoE Passthrough technique to get a public IP address from my ISP in the RB750Gr3 router. I have worked both scenarios but none seems to work. In the client side i am getting "Handshake did not complete after 5 Seconds" and i am definetely sure i have made the correct settings for the connection to the WireGuard VPN server.
On the WAN Status of my ISP Router i have MAP-E IPv4 Address which i dont know exactly whether is the cause of the problem. I am not behind CG-NAT (i have asked my ISP to do that) as i can see the same public IP on the internet as shown in my ISP router web interface. Can anyone help me? Am i missing something?
Thanks in advance,
Below my router's configuration:
Code:
# 2024-02-13 16:56:56 by RouterOS 7.13.2# software id = EHX9-PR2U## model = RB750Gr3# serial number = CC210FE1D973/interface bridgeadd fast-forward=no name=bridgeLocal/interface pppoe-clientadd interface=ether1 name=pppoe-Ote use-peer-dns=yes user=abcde@otenet.gr/interface wireguardadd listen-port=31231 mtu=1420 name=wireguard1/interface wireless security-profilesset [ find default=yes ] supplicant-identity=MikroTik/ip hotspot profileset [ find default=yes ] html-directory=hotspot/ip pooladd name=dhcp_pool0 ranges=192.168.1.2-192.168.1.254/ip dhcp-serveradd address-pool=dhcp_pool0 interface=bridgeLocal name=dhcp1/portset 0 name=serial0/interface bridge portadd bridge=bridgeLocal interface=ether2add bridge=bridgeLocal interface=ether3add bridge=bridgeLocal interface=ether4add bridge=bridgeLocal interface=ether5/interface wireguard peersadd allowed-address=192.168.10.0/24,192.168.1.0/24,0.0.0.0/0 client-address=\ 192.168.10.2/32 client-dns=192.168.10.1 interface=wireguard1 \ persistent-keepalive=30s private-key=\ "private_key_here" public-key=\ "public_key_here"/ip addressadd address=192.168.1.1/24 interface=bridgeLocal network=192.168.1.0add address=192.168.2.254/24 disabled=yes interface=ether1 network=\ 192.168.2.0add address=192.168.10.1/24 interface=wireguard1 network=192.168.10.0/ip cloudset ddns-enabled=yes ddns-update-interval=1m/ip dhcp-clientadd interface=ether1/ip dhcp-server leaseadd address=192.168.1.10 client-id=1:0:1a:4d:4e:48:e3 mac-address=\ 00:1A:4D:4E:48:E3 server=dhcp1/ip dhcp-server networkadd address=192.168.1.0/24 gateway=192.168.1.1/ip dnsset allow-remote-requests=yes servers=1.1.1.1,8.8.4.4/ip firewall address-listadd address=cloud.mikrotik.com list=mikrotikadd address=cloud1.mikrotik.com list=mikrotikadd address=cloud2.mikrotik.com list=mikrotik/ip firewall filteradd action=drop chain=input dst-port=53 in-interface=ether1 protocol=udp \ src-address-list=!mikrotikadd action=drop chain=input dst-port=53 in-interface=ether1 protocol=tcp \ src-address-list=!mikrotik/ip firewall natadd action=masquerade chain=srcnat out-interface=ether1add action=masquerade chain=srcnat disabled=yes out-interface=pppoe-Ote/ip firewall service-portset ftp disabled=yesset sip disabled=yesset pptp disabled=yes/ip routeadd disabled=no distance=2 dst-address=0.0.0.0/0 gateway=192.168.2.1 \ pref-src="" routing-table=main scope=30 suppress-hw-offload=no \ target-scope=10add disabled=yes distance=1 dst-address=192.168.1.0/24 gateway=192.168.10.2 \ pref-src="" routing-table=main scope=30 suppress-hw-offload=no \ target-scope=10/ip serviceset telnet disabled=yesset ftp disabled=yesset www disabled=yesset ssh disabled=yesset api disabled=yesset api-ssl disabled=yes/ipv6 firewall natadd action=masquerade chain=srcnat disabled=yes out-interface=pppoe-Ote/system clockset time-zone-name=Europe/Athens/system loggingadd topics=wireguard,!packet/system noteset show-at-login=no/system routerboard settingsset auto-upgrade=yes/system scheduleradd interval=2m name=schedule1 on-event="/system script run wireguard-recon" \ policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-date=2024-01-23 start-time=16:57:39/system scriptadd dont-require-permissions=no name=wireguard-recon owner=admin policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\ foreach Peer in=[ /interface/wireguard/peers/find ] do={ /interface/wiregu\ ard/peers/set \$Peer endpoint-address=[ get \$Peer endpoint-address ]; }"Statistics: Posted by bokarinho — Wed Feb 14, 2024 8:34 am