0

RouterOS 7 router with two WAN ports, WAN2 and WAN3(I can access Winbox with both of these WAN IPs without any issues), and set up a Wireguard (WG) service. I can successfully connect to WG by the WAN3 IP, but not the WAN2 IP, here is my configuration:

/interface ethernet
set [ find default-name=ether3 ] comment="wan2" disable-running-check=no
set [ find default-name=ether4 ] comment="wan3" disable-running-check=no
/interface wireguard
add listen-port=13231 mtu=1420 name=wireguard1
/interface wireguard peers
add allowed-address=0.0.0.0/0 interface=wireguard1 public-key="7dUlL*****axiT0="

/ip address
add address=8.1.1.169/26 comment="wan2" interface=ether3 network=8.1.1.128
add address=9.1.1.149/25 comment="wan3" interface=ether4 network=9.1.1.128
add address=10.15.8.1/24 interface=wireguard1 network=10.15.8.0

/ip firewall nat
add action=masquerade chain=srcnat comment="wan2" out-interface=ether3
add action=masquerade chain=srcnat comment="wan3" out-interface=ether4

/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address=8.1.1.128/26 in-interface=ether3 new-connection-mark=wan2conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address=9.1.1.128/25 in-interface=ether4 new-connection-mark=wan3conn passthrough=yes
add action=mark-routing chain=output connection-mark=wan2conn new-routing-mark=vrf2 passthrough=no
add action=mark-routing chain=output connection-mark=wan3conn new-routing-mark=main passthrough=no

/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=8.1.1.129 pref-src="" routing-table=vrf2 scope=30 suppress-hw-offload=no target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=9.1.1.145 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10

Tried packet capturing, and the results like:

1  5.132   ether3             wgclientip:50923                         8.1.1.169:13231              udp           190    0
 2  5.132   ether4             9.1.1.149:13231                        wgclientip:50923               udp           134    0

Packet 2 should go through eth3, but through eth4 instead? Appreciate any help.

Improve this question
4
  • and what is the business related question in here? what kind of business environment runs that kind of software?
    – djdomi
    Sep 15 at 17:49
  • The question is, how can I connect to the WG server by the WAN2 IP, the client is Linux WG.
    – timy
    Sep 16 at 5:23
  • 1
    As previously stated, this is not related to supporting IT systems in a business environment and is off topic. However, if you say "Unable to connect to an IP address" and then do not specify what happens when you attempt to connect, and the routing tables, you aren't going to get very far with your router question anywhere.
    – Greg Askew
    Sep 16 at 8:41
  • If you look carefully, you won't say that this is not a business-related question, it's about accessing the company's router.
    – timy
    Sep 16 at 14:56

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .