Hello,
I am currently trying to switch my OpenVPN clients to WireGuard clients.
The connection itself works in both directions. However, what no longer works is NTP and DNS in the CAM-LAN.
The following configuration is a client configuration. The client serves as a gateway for other devices in remote locations.
It would be advantageous to be able to use the client (10.32.169.254) as a NTP and DNS server as well, but I am currently facing challenges in achieving that.
Is it because of VRF? I found this post but I don't think it'll help: viewtopic.php?t=181846#p1045108
I hope someone can provide me with a helpful tip.
I am currently trying to switch my OpenVPN clients to WireGuard clients.
The connection itself works in both directions. However, what no longer works is NTP and DNS in the CAM-LAN.
The following configuration is a client configuration. The client serves as a gateway for other devices in remote locations.
It would be advantageous to be able to use the client (10.32.169.254) as a NTP and DNS server as well, but I am currently facing challenges in achieving that.
Is it because of VRF? I found this post but I don't think it'll help: viewtopic.php?t=181846#p1045108
I hope someone can provide me with a helpful tip.
Code:
# 2024-01-03 15:12:25 by RouterOS 7.14beta4# model = RB750Gr3/interface bridge add name=CAM-LAN port-cost-mode=short/interface ethernet set [ find default-name=ether2 ] name=cam2/interface ethernet set [ find default-name=ether3 ] name=cam3/interface ethernet set [ find default-name=ether4 ] name=cam4/interface ethernet set [ find default-name=ether5 ] name=cam5/interface ethernet set [ find default-name=ether1 ] name=wan1/interface wireguard add listen-port=13231 mtu=1420 name=wg0-hub01/interface wireguard add listen-port=13232 mtu=1420 name=wg1-rhub01/ip vrf add interfaces=CAM-LAN,wg0-hub01 name=CAM/port set 0 name=serial0/interface bridge port add bridge=CAM-LAN ingress-filtering=no interface=cam2 internal-path-cost=10 path-cost=10/interface bridge port add bridge=CAM-LAN ingress-filtering=no interface=cam3 internal-path-cost=10 path-cost=10/interface bridge port add bridge=CAM-LAN ingress-filtering=no interface=cam4 internal-path-cost=10 path-cost=10/interface bridge port add bridge=CAM-LAN ingress-filtering=no interface=cam5 internal-path-cost=10 path-cost=10/ip firewall connection tracking set udp-timeout=10s/ipv6 settings set disable-ipv6=yes/interface wireguard peers add allowed-address=0.0.0.0/0 client-address=10.16.32.169/24 endpoint-address=wg.example.org endpoint-port=13231 interface=wg0-hub01 persistent-keepalive=5m preshared-key="ps169" public-key="pkhub01"/interface wireguard peers add allowed-address=0.0.0.0/0 client-address=10.64.32.169/24 endpoint-address=wg.example.org endpoint-port=13232 interface=wg1-rhub01 persistent-keepalive=5m preshared-key="ps169" public-key="pkhub01"/ip address add address=10.32.169.254/24 interface=CAM-LAN network=10.32.169.0/ip address add address=10.16.32.169 interface=wg0-hub01 network=10.16.32.0/ip address add address=10.64.32.169/24 interface=wg1-rhub01 network=10.64.32.0/ip dhcp-client add interface=wan1/ip dns set allow-remote-requests=yes servers=10.16.63.254,8.8.8.8,1.1.1.1,9.9.9.9/ip firewall filter add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp/ip firewall filter add action=accept chain=input dst-port=53 protocol=udp/ip firewall filter add action=accept chain=forward dst-port=53 protocol=udp/ip firewall filter add action=accept chain=input dst-port=53 protocol=tcp/ip firewall filter add action=accept chain=forward dst-port=53 protocol=tcp/ip firewall filter add action=accept chain=input dst-port=123 protocol=udp/ip firewall filter add action=accept chain=forward dst-port=123 protocol=udp/ip firewall filter add action=accept chain=input dst-port=123 protocol=tcp/ip firewall filter add action=accept chain=forward dst-port=123 protocol=tcp/ip firewall filter add action=accept chain=input comment="defconf: accept established,related" connection-state=established,related/ip firewall filter add action=drop chain=input comment="defconf: drop all from WAN" in-interface=wan1/ip firewall filter add action=accept chain=forward comment="defconf: accept established,related" connection-state=established,related/ip firewall filter add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid/ip firewall filter add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface=wan1/ip firewall nat add action=masquerade chain=srcnat comment="NAT on WAN Interface" out-interface=wan1/ip firewall nat add action=masquerade chain=srcnat comment="NAT on management tunnel" out-interface=wg1-rhub01/ip route add disabled=no dst-address=10.95.254.254/32 gateway=wg1-rhub01 routing-table=main suppress-hw-offload=no/ip route add disabled=no dst-address=172.31.254.254/32 gateway=wg1-rhub01 routing-table=main suppress-hw-offload=no/ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=wg0-hub01@CAM pref-src="" routing-table=CAM scope=30 suppress-hw-offload=no target-scope=10/ip service set telnet disabled=yes/ip service set ftp disabled=yes/ip service set www disabled=yes/ip service set ssh port=2332/ip service set www-ssl disabled=no/routing rule add action=lookup disabled=no interface=CAM-LAN table=CAM/system clock set time-zone-name=Europe/Vienna/system identity set name=vpn-client169/system note set show-at-login=no/system ntp client set enabled=yes/system ntp server set enabled=yes manycast=yes/system ntp client servers add address=10.16.63.254/system ntp client servers add address=pool.ntp.org/tool sniffer set filter-ip-protocol=udp filter-port=dnsStatistics: Posted by karlkalk — Wed Jan 03, 2024 4:48 pm