Hello, i have i mikrotik at home with a LTE connection.
Works all ok, but now i would route all traffic from specific device to wireguard.
so i have a VPS on cloud provider, install docker and start wireguard (linuxserver/wireguard)
test it on my smartphone and works very well...
so i try to install wireguard on mikrotik (as client) and create a rule to redirect al traffic on tunnel
here a exportwireguard server have ip 10.13.13.1
so i can ping from mikrotik and i can ping from my smartphone
strange is when i try to browsing on internet from my smartphone , but i can't...
some webpage works (like wikipedia) but is very slowly... other timeout...
of course other devices works fine.
if i try to traceroute from my smartphone i see correct routing to tunnel and to destination.
also ping from my smartphone to 8.8.8.8 - 1.1.1.1 - www.google.com - ecc... all works...
ping works, web browsing no...
so i search in forum and found a mangle rulesbut again from smartphone i can ping/traceroute all internet, but i can't web browsing...
i think is my LTE isp to block wireguard tunnel, but i can understand how ping/traceroute work fine...
someone could help me?
thank you
Works all ok, but now i would route all traffic from specific device to wireguard.
so i have a VPS on cloud provider, install docker and start wireguard (linuxserver/wireguard)
test it on my smartphone and works very well...
so i try to install wireguard on mikrotik (as client) and create a rule to redirect al traffic on tunnel
here a export
Code:
/interface wireguardadd comment="WG VM16 DOCKER" listen-port=13234 mtu=1420 name=wireguard-vm16-docker/interface wireguard peersadd allowed-address=0.0.0.0/0 comment="WG VM16 DOCKER" endpoint-address=212.x.y.z endpoint-port=59638 \ interface=wireguard-vm16-docker persistent-keepalive=25s preshared-key=\ "xxxxxxx" public-key=\ "xxxxxxx"/ip addressadd address=10.13.13.2/24 comment="WG VM16 DOCKER" interface=wireguard-vm16-docker network=10.13.13.0/ip firewall natadd action=masquerade chain=srcnat comment="MASQUERADE TO WG VM16 DOCKER" ipsec-policy=out,none out-interface=\ wireguard-vm16-docker/routing tableadd comment="WG VM16 DOCKER" disabled=no fib name=_wg_vm16_docker/routing ruleadd action=lookup-only-in-table comment="MY SMARTPHONE TO WG VM16 DOCKER" disabled=yes dst-address=0.0.0.0/0 \ src-address=10.2.1.197/32 table=_wg_vm16_docker/ip routeadd comment=route-lte disabled=no distance=10 dst-address=0.0.0.0/0 gateway=10.78.252.46 pref-src="" \ routing-table=main scope=30 suppress-hw-offload=no target-scope=10 vrf-interface=vlan_300_LTEadd comment="ROUTE VM16 DOCKER" disabled=no distance=20 dst-address=0.0.0.0/0 gateway=\ wireguard-vm16-docker pref-src="" routing-table=_wg_vm16_docker scope=30 suppress-hw-offload=no \ target-scope=10so i can ping from mikrotik and i can ping from my smartphone
strange is when i try to browsing on internet from my smartphone , but i can't...
some webpage works (like wikipedia) but is very slowly... other timeout...
of course other devices works fine.
if i try to traceroute from my smartphone i see correct routing to tunnel and to destination.
also ping from my smartphone to 8.8.8.8 - 1.1.1.1 - www.google.com - ecc... all works...
ping works, web browsing no...
so i search in forum and found a mangle rules
Code:
/ip firewall mangleadd action=change-mss chain=forward comment="Clamp MSS to PMTU for Outgoing packets" disabled=no new-mss=\ clamp-to-pmtu passthrough=yes protocol=tcp tcp-flags=syni think is my LTE isp to block wireguard tunnel, but i can understand how ping/traceroute work fine...
someone could help me?
thank you
Statistics: Posted by aleab — Fri Jan 05, 2024 9:23 pm