Hi all,
I am trying to set up a WireGuard site-to-site VPN; however, I am having trouble correctly configuring static routes. I have done this before with L2TP/IPsec without any issues, but for some reason, a similar setup with WireGuard isn't working.
Here’s the setup:
Site A: Has a static public IP address.
Site B: Mikrotik is behind double NAT. It has a DHCP client configured on Ether1, and my goal is to push all traffic through the WireGuard tunnel so that all devices connected to Mikrotik at Site B use the public IP address of Site A.
The tunnel is up. From Site A, I can ping any device on the LAN at Site B, and vice versa.
The problem comes up when I try to configure a route with:
dst 0.0.0.0/0 gateway 172.16.0.1 distance=1.
As soon as I activate this route, the tunnel goes down, and I am no longer able to ping the other end of the tunnel.
I am attaching a network diagram.
Routes at SITE B
# DST-ADDRESS GATEWAY DISTANCE
D d 0.0.0.0/0 192.168.0.1 2
0 As 0.0.0.0/0 172.16.0.1 1 ------- ONCE ACTIVATED THE TUNNEL GOES DOWN
DAc 172.16.0.0/30 wireguard1 0
DAc 192.168.0.0/24 ether1 0
1 As 192.168.1.0/24 172.16.0.1 1
DAc 192.168.88.0/24 bridge 0
Routes at Site A
# DST-ADDRESS GATEWAY DISTANCE
;;; VPN-POLAND FOR IP .116 AND .5
DAd 0.0.0.0/0 <PUBLIC IP> 1
DAc <PUBLIC IP>/22 ether1 0
DAc 172.16.0.0/30 wireguard1 0
DAc 192.168.1.0/24 bridge 0
2 As 192.168.88.0/24 172.16.0.2 1
I am trying to set up a WireGuard site-to-site VPN; however, I am having trouble correctly configuring static routes. I have done this before with L2TP/IPsec without any issues, but for some reason, a similar setup with WireGuard isn't working.
Here’s the setup:
Site A: Has a static public IP address.
Site B: Mikrotik is behind double NAT. It has a DHCP client configured on Ether1, and my goal is to push all traffic through the WireGuard tunnel so that all devices connected to Mikrotik at Site B use the public IP address of Site A.
The tunnel is up. From Site A, I can ping any device on the LAN at Site B, and vice versa.
The problem comes up when I try to configure a route with:
dst 0.0.0.0/0 gateway 172.16.0.1 distance=1.
As soon as I activate this route, the tunnel goes down, and I am no longer able to ping the other end of the tunnel.
I am attaching a network diagram.
Routes at SITE B
# DST-ADDRESS GATEWAY DISTANCE
D d 0.0.0.0/0 192.168.0.1 2
0 As 0.0.0.0/0 172.16.0.1 1 ------- ONCE ACTIVATED THE TUNNEL GOES DOWN
DAc 172.16.0.0/30 wireguard1 0
DAc 192.168.0.0/24 ether1 0
1 As 192.168.1.0/24 172.16.0.1 1
DAc 192.168.88.0/24 bridge 0
Routes at Site A
# DST-ADDRESS GATEWAY DISTANCE
;;; VPN-POLAND FOR IP .116 AND .5
DAd 0.0.0.0/0 <PUBLIC IP> 1
DAc <PUBLIC IP>/22 ether1 0
DAc 172.16.0.0/30 wireguard1 0
DAc 192.168.1.0/24 bridge 0
2 As 192.168.88.0/24 172.16.0.2 1
Statistics: Posted by korpaczov — Fri Dec 27, 2024 6:33 pm