Only the client peers ON THEIR Devices, require keep alive settings.
You have some weird selections.....
1. Remove this dstnat rule, it is not required for standard wireguard usage.
/ip firewall nat
add action=dst-nat chain=dstnat dst-port=13231 in-interface=vlan-internet \
protocol=udp to-ports=13231
2. For peers, only really need the actual config parts, but I guess wireguard these days injects some client settings for some reason.,
add allowed-address=10.255.255.3/24 interface=wireguard1 name=peer1 public-key="xxx"
add allowed-address=10.255.255.5/24 interface=wireguard1 name=peer2 public-key="yyy"
3. Purpose of these DNS addresses, what are they??
/ip dns
set allow-remote-requests=yes servers=62.58.48.20,37.143.84.228 ??
4. Reason for static DNS settings?
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan type=A
add address=192.168.88.51 name=server type=A
You have some weird selections.....
1. Remove this dstnat rule, it is not required for standard wireguard usage.
/ip firewall nat
add action=dst-nat chain=dstnat dst-port=13231 in-interface=vlan-internet \
protocol=udp to-ports=13231
2. For peers, only really need the actual config parts, but I guess wireguard these days injects some client settings for some reason.,
add allowed-address=10.255.255.3/24 interface=wireguard1 name=peer1 public-key="xxx"
add allowed-address=10.255.255.5/24 interface=wireguard1 name=peer2 public-key="yyy"
3. Purpose of these DNS addresses, what are they??
/ip dns
set allow-remote-requests=yes servers=62.58.48.20,37.143.84.228 ??
4. Reason for static DNS settings?
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan type=A
add address=192.168.88.51 name=server type=A
Statistics: Posted by anav — Sun Jan 26, 2025 5:31 pm