Hello all,
I need help to configure my vpn WireGuard. My vpn is connected but I can't connect to my internal tools at remote. I have configured the NAT and the firewall. My public IP is dynamic. Below my addresses:
VPN WireGuard network: 192.168.65.0/32
remote laptop: 192.168.65.2/32
Serveur DNS: 8.8.8.8
Router OS: RouterBoard 7.8
Thanks.
WireGuard Config Issue
You do not have the required permissions to view the files attached to this post.
Re: WireGuard Config Issue
Let say the router LAN is 192.168.10.0/24
FIXING Allowed IPs. ( IP autorises )
a. wireguard address should be in the format: 192.168.65.0/24
b. LAN address of the remote subnet on the router also needs to be included: 192.168.10.0/24
c. If your goal is to provide internet access for remote users through the Mikrotik router than only a single address entry is required: 0.0.0.0/0
b. add keep-alive settings: persistent-keep-alive=35s ( anywhere between 25-45s is fine, actual time not critical )
FIXING Allowed IPs. ( IP autorises )
a. wireguard address should be in the format: 192.168.65.0/24
b. LAN address of the remote subnet on the router also needs to be included: 192.168.10.0/24
c. If your goal is to provide internet access for remote users through the Mikrotik router than only a single address entry is required: 0.0.0.0/0
b. add keep-alive settings: persistent-keep-alive=35s ( anywhere between 25-45s is fine, actual time not critical )
Re: WireGuard Config Issue
Thanks for your response but I'm confused for about where I must config IP autorises. Below my differents questions
FIXING Allowed IPs. ( IP autorises )
a. wireguard address should be in the format: 192.168.65.0/24
b. LAN address of the remote subnet on the router also needs to be included: 192.168.10.0/24 ( Where ? On the router or WireGuard tunnel?)
c. If your goal is to provide internet access for remote users through the Mikrotik router than only a single address entry is required: 0.0.0.0/0 ( Yes it is, but where I should be config this address ?)
This is my new config:
FIXING Allowed IPs. ( IP autorises )
a. wireguard address should be in the format: 192.168.65.0/24
b. LAN address of the remote subnet on the router also needs to be included: 192.168.10.0/24 ( Where ? On the router or WireGuard tunnel?)
c. If your goal is to provide internet access for remote users through the Mikrotik router than only a single address entry is required: 0.0.0.0/0 ( Yes it is, but where I should be config this address ?)
This is my new config:
You do not have the required permissions to view the files attached to this post.
Re: WireGuard Config Issue
I dont know what the problem is??
I didnt say to change the Wireguard IP address of your device?
I clearly stated
FIXING ALLOWED IPS ( IP autorises )
a. for wireguard address of the remote site/server for handshake put in 192.168.5.0/24 and also any remote subnet if applicable like 192.168.10.0/24.
I also stated that if the intent was to go out the internet of the server router then only need 0.0.0.0/0
The rest of your device config was FINE!
address: 192.168.65.2/32 is correct for example.
Your settings are now ALL WRONG and backwards.
Only modify homologue whatever that is.............. not interface wireguard
I didnt say to change the Wireguard IP address of your device?
I clearly stated
FIXING ALLOWED IPS ( IP autorises )
a. for wireguard address of the remote site/server for handshake put in 192.168.5.0/24 and also any remote subnet if applicable like 192.168.10.0/24.
I also stated that if the intent was to go out the internet of the server router then only need 0.0.0.0/0
The rest of your device config was FINE!
address: 192.168.65.2/32 is correct for example.
Your settings are now ALL WRONG and backwards.
Only modify homologue whatever that is.............. not interface wireguard