I am capable of port forwarding (-though i am not sure whether it works correctly-) in the ISP router (RB750Gr3 is getting a private IP in ether1) and i can use PPPoE Passthrough technique to get a public IP address from my ISP in the RB750Gr3 router. I have worked both scenarios but none seems to work. In the client side i am getting "Handshake did not complete after 5 Seconds" and i am definetely sure i have made the correct settings for the connection to the WireGuard VPN server.
On the WAN Status of my ISP Router i have MAP-E IPv4 Address which i dont know exactly whether is the cause of the problem. I am not behind CG-NAT (i have asked my ISP to do that) as i can see the same public IP on the internet as shown in my ISP router web interface. Can anyone help me? Am i missing something?
Thanks in advance,
Below my router's configuration:
Code: Select all
# 2024-02-13 16:56:56 by RouterOS 7.13.2
# software id = EHX9-PR2U
#
# model = RB750Gr3
# serial number = CC210FE1D973
/interface bridge
add fast-forward=no name=bridgeLocal
/interface pppoe-client
add interface=ether1 name=pppoe-Ote use-peer-dns=yes user=abcde@otenet.gr
/interface wireguard
add listen-port=31231 mtu=1420 name=wireguard1
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip pool
add name=dhcp_pool0 ranges=192.168.1.2-192.168.1.254
/ip dhcp-server
add address-pool=dhcp_pool0 interface=bridgeLocal name=dhcp1
/port
set 0 name=serial0
/interface bridge port
add bridge=bridgeLocal interface=ether2
add bridge=bridgeLocal interface=ether3
add bridge=bridgeLocal interface=ether4
add bridge=bridgeLocal interface=ether5
/interface wireguard peers
add allowed-address=192.168.10.0/24,192.168.1.0/24,0.0.0.0/0 client-address=\
192.168.10.2/32 client-dns=192.168.10.1 interface=wireguard1 \
persistent-keepalive=30s private-key=\
"private_key_here" public-key=\
"public_key_here"
/ip address
add address=192.168.1.1/24 interface=bridgeLocal network=192.168.1.0
add address=192.168.2.254/24 disabled=yes interface=ether1 network=\
192.168.2.0
add address=192.168.10.1/24 interface=wireguard1 network=192.168.10.0
/ip cloud
set ddns-enabled=yes ddns-update-interval=1m
/ip dhcp-client
add interface=ether1
/ip dhcp-server lease
add address=192.168.1.10 client-id=1:0:1a:4d:4e:48:e3 mac-address=\
00:1A:4D:4E:48:E3 server=dhcp1
/ip dhcp-server network
add address=192.168.1.0/24 gateway=192.168.1.1
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,8.8.4.4
/ip firewall address-list
add address=cloud.mikrotik.com list=mikrotik
add address=cloud1.mikrotik.com list=mikrotik
add address=cloud2.mikrotik.com list=mikrotik
/ip firewall filter
add action=drop chain=input dst-port=53 in-interface=ether1 protocol=udp \
src-address-list=!mikrotik
add action=drop chain=input dst-port=53 in-interface=ether1 protocol=tcp \
src-address-list=!mikrotik
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
add action=masquerade chain=srcnat disabled=yes out-interface=pppoe-Ote
/ip firewall service-port
set ftp disabled=yes
set sip disabled=yes
set pptp disabled=yes
/ip route
add disabled=no distance=2 dst-address=0.0.0.0/0 gateway=192.168.2.1 \
pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
target-scope=10
add disabled=yes distance=1 dst-address=192.168.1.0/24 gateway=192.168.10.2 \
pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
target-scope=10
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ipv6 firewall nat
add action=masquerade chain=srcnat disabled=yes out-interface=pppoe-Ote
/system clock
set time-zone-name=Europe/Athens
/system logging
add topics=wireguard,!packet
/system note
set show-at-login=no
/system routerboard settings
set auto-upgrade=yes
/system scheduler
add interval=2m name=schedule1 on-event="/system script run wireguard-recon" \
policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=2024-01-23 start-time=16:57:39
/system script
add dont-require-permissions=no name=wireguard-recon owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\
foreach Peer in=[ /interface/wireguard/peers/find ] do={ /interface/wiregu\
ard/peers/set \$Peer endpoint-address=[ get \$Peer endpoint-address ]; }"