Community discussions

MikroTik App
 
lebaran
just joined
Topic Author
Posts: 17
Joined: Mon Feb 21, 2022 6:24 am

Connecting wireguard inside mikrotik router to wireguard on the vps

Mon Feb 28, 2022 3:44 pm

How to connecting wireguard wireguard inside mikrotik router to wireguard on the vps. The mikrotik router that I use only gets a private ip from the ISP. Detail is below:

ISP public (shared) ipv4 address: 182.xxx.127.128

Mikrotik
ether1
bridge wan (pppoe) private ip address: 10.165.210.205

Wireguard inside mikrotik
Interface: wireguard1
IP Address: 192.168.204.4
Listen port: 34567

Wireguard on VPS
Interface: wg0
Local address: 192.168.204.1/24
Listen Port: 23456
Endpoint: 103.yyy.107.108

Wireguard on this mikrotik router not handshaking to wireguard on VPS. On Windows, wireguard can connect even though it is behind NAT (double NAT, because the ISP I use only gives private ip) but the wireguard on mikrotik does not.
You do not have the required permissions to view the files attached to this post.
Last edited by lebaran on Tue Mar 01, 2022 3:07 am, edited 1 time in total.
 
User avatar
own3r1138
Long time Member
Long time Member
Posts: 565
Joined: Sun Feb 14, 2021 12:33 am
Location: Pleiades
Contact:

Re: Connecting wireguard inside mikrotik router to wireguard on the vps

Mon Feb 28, 2022 4:37 pm

Personally, My PPPoE has a dynamic public IP. But as this connection is outgoing then your PrivateIP from your ISP should not be a problem at one point your traffic will go out to the internet from 1 public IP address. so if my assumption is correct then your problem is config, not the private IP. as you successfully connected from windows behind double-NAT.
I would recommend you to check this post. It might help you to find where is the problem. My VPS is an x86 MT.
viewtopic.php?t=182072
 
404Network
Member Candidate
Member Candidate
Posts: 285
Joined: Wed Feb 16, 2022 2:04 pm

Re: Connecting wireguard inside mikrotik router to wireguard on the vps

Mon Feb 28, 2022 6:05 pm

Could you draw a diagram as its not clear to me what is where doing what?
If the MT is getting a private IP then it cannot be used as a SERVER for the initial connection UNLESS the ISP router can forward the listening port etc.
Then there is the issue if the MT is used for its internet access in which case one has to be able to (for return internet traffic) either create a static route from the ISP router to the MT,
OR, have the MT source-nat the traffic from the remote site heading out to the internet before it reaches the ISP router.
 
User avatar
Hominidae
Member Candidate
Member Candidate
Posts: 299
Joined: Thu Oct 19, 2017 12:50 am

Re: Connecting wireguard inside mikrotik router to wireguard on the vps

Tue Mar 01, 2022 1:28 am

How to connecting wireguard wireguard inside mikrotik router to wireguard on the vps. The mikrotik router that I use only gets a private ip from the ISP.
...once the tunnel is established, it is a bi-directional IP-Link.
Just establish the tunnel from local MT to VPS.
In local MT specify the VPS-peer as endpoint...
 
lebaran
just joined
Topic Author
Posts: 17
Joined: Mon Feb 21, 2022 6:24 am

Re: Connecting wireguard inside mikrotik router to wireguard on the vps

Tue Mar 01, 2022 3:20 am

Could you draw a diagram as its not clear to me what is where doing what?
If the MT is getting a private IP then it cannot be used as a SERVER for the initial connection UNLESS the ISP router can forward the listening port etc.
Then there is the issue if the MT is used for its internet access in which case one has to be able to (for return internet traffic) either create a static route from the ISP router to the MT,
OR, have the MT source-nat the traffic from the remote site heading out to the internet before it reaches the ISP router.
I've added the diagram. Wireguard peer on mikrotik router as "client" and wireguard on vps as "server". The goal is forwarding mikrotik services port (winbox, ssh, www) to vps, so I can remote it via the internet.
 
404Network
Member Candidate
Member Candidate
Posts: 285
Joined: Wed Feb 16, 2022 2:04 pm

Re: Connecting wireguard inside mikrotik router to wireguard on the vps

Tue Mar 01, 2022 3:22 am

......................
Last edited by 404Network on Sun Mar 13, 2022 5:01 am, edited 1 time in total.
 
lebaran
just joined
Topic Author
Posts: 17
Joined: Mon Feb 21, 2022 6:24 am

Re: Connecting wireguard inside mikrotik router to wireguard on the vps

Wed Mar 02, 2022 5:30 am

Finally the wireguard settings worked. I don't know why previously wireguard peer on mikrotik couldn't handshake with wireguard server on vps.

mikrotik-wireguard.png
You do not have the required permissions to view the files attached to this post.
 
User avatar
Hominidae
Member Candidate
Member Candidate
Posts: 299
Joined: Thu Oct 19, 2017 12:50 am

Re: Connecting wireguard inside mikrotik router to wireguard on the vps

Wed Mar 02, 2022 4:29 pm

glad, that it worked out...you should also set a persistant keepalive in the peers to a number much lower than your FW-conntrack settings.

But why not use a CHR on the VPS?...could possibly same some ressources and easier to configure....
 
User avatar
own3r1138
Long time Member
Long time Member
Posts: 565
Joined: Sun Feb 14, 2021 12:33 am
Location: Pleiades
Contact:

Re: Connecting wireguard inside mikrotik router to wireguard on the vps

Wed Mar 02, 2022 4:39 pm

Money I guess :d
 
User avatar
Hominidae
Member Candidate
Member Candidate
Posts: 299
Joined: Thu Oct 19, 2017 12:50 am

Re: Connecting wireguard inside mikrotik router to wireguard on the vps

Wed Mar 02, 2022 9:15 pm

maybe...a one-time licence, not a rented CHR on a VPS, is not what I call expensive. Actually I was able to save 1 buck a month by the ability to just use/migrate to a smaller VPS...just sayin'
 
saxicek
just joined
Posts: 3
Joined: Fri Jul 12, 2019 1:10 pm

Re: Connecting wireguard inside mikrotik router to wireguard on the vps

Sun Oct 09, 2022 9:21 am

@lebaran: I am facing similar problem - trying to establish WireGuard tunnel from my NATed home network to VPS server with public IP. I guess the problem is in firewall (or routing), because tunnel is never established. I noticed you use fwmark - would you be so kind to detail how you use it? Thank you!
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 14399
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Connecting wireguard inside mikrotik router to wireguard on the vps

Sun Oct 09, 2022 1:23 pm

saxik, post you your config on mikrotik and vps
 
saxicek
just joined
Posts: 3
Joined: Fri Jul 12, 2019 1:10 pm

Re: Connecting wireguard inside mikrotik router to wireguard on the vps

Tue Oct 11, 2022 2:28 pm

@anav, thanks for trying to help. I figured out that it was a firewall issue. I had to enable my WireGuard port on VPS, i.e.:
ufw allow 12345/udp
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 14399
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Connecting wireguard inside mikrotik router to wireguard on the vps

Tue Oct 11, 2022 2:35 pm

Awesome, glad its working for you!

Who is online

Users browsing this forum: nickgeo22, steve1 and 23 guests