Hi,
I've got a pretty basic setup. LTE Chateau 5g connected to the internet by LTE. I'm trying to get a wireguard connection going as occasionally I have difficulties due to shared IPs, NAT issues and Captcha stuff. I'm trying a VPN with a dedicated IP service to see if that makes any difference. It works fine on each client (eg run in Windows etc) but I can't get it to work on my router for everything. It just breaks my internet connection entirely.
I've followed the guide on the VPNs website (specifically for Microtik which is decent of them) without success. I've also tried asking chatgpt to write me some commands to get it going which seems to basically do the same thing anyway without success. I'm sure there is one little bit I'm missing and wondered if someone could point me right.
Attached is my routeros config... Any ideas?
I've got a pretty basic setup. LTE Chateau 5g connected to the internet by LTE. I'm trying to get a wireguard connection going as occasionally I have difficulties due to shared IPs, NAT issues and Captcha stuff. I'm trying a VPN with a dedicated IP service to see if that makes any difference. It works fine on each client (eg run in Windows etc) but I can't get it to work on my router for everything. It just breaks my internet connection entirely.
I've followed the guide on the VPNs website (specifically for Microtik which is decent of them) without success. I've also tried asking chatgpt to write me some commands to get it going which seems to basically do the same thing anyway without success. I'm sure there is one little bit I'm missing and wondered if someone could point me right.
Attached is my routeros config... Any ideas?
Code:
# 2025-03-12 23:15:02 by RouterOS 7.18.1# software id = N9GY-0Q8J## model = D53G-5HacD2HnD# serial number = ******/interface bridgeadd admin-mac=********** auto-mac=no comment=defconf name=bridge/interface wirelessset [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \ distance=indoors frequency=auto mode=ap-bridge ssid=********* \ wireless-protocol=802.11set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\ 20/40/80mhz-XXXX distance=indoors frequency=auto mode=ap-bridge ssid=\ ********B wireless-protocol=802.11/interface lteset [ find default-name=lte1 ] allow-roaming=no band="" nr-band=""/interface wireguardadd listen-port=51820 mtu=1420 name=wg0/interface listadd comment=defconf name=WANadd comment=defconf name=LAN/interface wireless security-profilesset [ find default=yes ] supplicant-identity=MikroTik/ip pooladd name=default-dhcp ranges=192.168.88.10-192.168.88.254add name=dhcp_pool ranges=192.168.1.101-192.168.1.199/ip dhcp-serveradd address-pool=dhcp_pool interface=bridge name=defconf/queue typeadd fq-codel-ecn=no kind=fq-codel name=fq-codel-ethernet-default/queue interfaceset ether1 queue=fq-codel-ethernet-defaultset ether2 queue=fq-codel-ethernet-defaultset ether3 queue=fq-codel-ethernet-defaultset ether4 queue=fq-codel-ethernet-defaultset ether5 queue=fq-codel-ethernet-default/disk settingsset auto-media-interface=bridge auto-media-sharing=yes auto-smb-sharing=yes/interface bridge portadd bridge=bridge comment=defconf interface=ether1add bridge=bridge comment=defconf interface=ether2add bridge=bridge comment=defconf interface=ether3add bridge=bridge comment=defconf interface=ether4add bridge=bridge comment=defconf interface=ether5add bridge=bridge comment=defconf interface=wlan1add bridge=bridge comment=defconf interface=wlan2/ip neighbor discovery-settingsset discover-interface-list=LAN/interface list memberadd comment=defconf interface=bridge list=LANadd comment=defconf interface=lte1 list=WAN/interface wireguard peersadd allowed-address=0.0.0.0/0,::/0 client-endpoint=******* \ client-keepalive=25s client-listen-port=59851 interface=wg0 name=peer1 \ persistent-keepalive=25s preshared-key=\ "*******=" public-key=\ "*********"/ip addressadd address=192.168.88.1/24 comment=defconf interface=bridge network=\ 192.168.88.0add address=192.168.1.1/24 interface=bridge network=192.168.1.0add address=10.48.48.102/23 interface=wg0 network=10.48.48.0/ip dhcp-server networkadd address=192.168.1.0/24 comment=defconf dns-server=\ 1.1.1.1,1.2.1.2,8.8.8.8,8.4.8.4 gateway=192.168.1.1/ip dnsset allow-remote-requests=yes servers=10.10.10.1,10.10.11.1/ip dns staticadd address=192.168.88.1 comment=defconf name=router.lan type=A/ip firewall filteradd action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalidadd action=accept chain=input comment="defconf: accept ICMP" protocol=icmpadd action=accept chain=input comment=\ "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1add action=drop chain=input comment="defconf: drop all not coming from LAN" \ in-interface-list=!LANadd action=accept chain=forward comment="defconf: accept in ipsec policy" \ ipsec-policy=in,ipsecadd action=accept chain=forward comment="defconf: accept out ipsec policy" \ ipsec-policy=out,ipsecadd action=fasttrack-connection chain=forward comment="defconf: fasttrack" \ connection-state=established,related hw-offload=yesadd action=accept chain=forward comment=\ "defconf: accept established,related, untracked" connection-state=\ established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalidadd action=drop chain=forward comment=\ "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \ connection-state=new in-interface-list=WAN/ip firewall natadd action=masquerade chain=srcnat comment="defconf: masquerade" \ ipsec-policy=out,none out-interface-list=WANadd action=masquerade chain=srcnat out-interface=wg0/ip routeadd dst-address=0.0.0.0/0 gateway=wg0/ipv6 firewall address-listadd address=::/128 comment="defconf: unspecified address" list=bad_ipv6add address=::1/128 comment="defconf: lo" list=bad_ipv6add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6add address=100::/64 comment="defconf: discard only " list=bad_ipv6add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6/ipv6 firewall filteradd action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalidadd action=accept chain=input comment="defconf: accept ICMPv6" protocol=\ icmpv6add action=accept chain=input comment="defconf: accept UDP traceroute" \ dst-port=33434-33534 protocol=udpadd action=accept chain=input comment=\ "defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\ udp src-address=fe80::/10add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \ protocol=udpadd action=accept chain=input comment="defconf: accept ipsec AH" protocol=\ ipsec-ahadd action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\ ipsec-espadd action=accept chain=input comment=\ "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsecadd action=drop chain=input comment=\ "defconf: drop everything else not coming from LAN" in-interface-list=\ !LANadd action=fasttrack-connection chain=forward comment="defconf: fasttrack6" \ connection-state=established,relatedadd action=accept chain=forward comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalidadd action=drop chain=forward comment=\ "defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6add action=drop chain=forward comment=\ "defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \ hop-limit=equal:1 protocol=icmpv6add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\ icmpv6add action=accept chain=forward comment="defconf: accept HIP" protocol=139add action=accept chain=forward comment="defconf: accept IKE" dst-port=\ 500,4500 protocol=udpadd action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\ ipsec-ahadd action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\ ipsec-espadd action=accept chain=forward comment=\ "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsecadd action=drop chain=forward comment=\ "defconf: drop everything else not coming from LAN" in-interface-list=\ !LAN/system noteset show-at-login=no/system routerboard mode-buttonset enabled=yes on-event=dark-mode/system scriptadd comment=defconf dont-require-permissions=no name=dark-mode owner=*sys \ policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ source="\r\ \n :if ([system leds settings get all-leds-off] = \"never\") do={\r\ \n /system leds settings set all-leds-off=immediate \r\ \n } else={\r\ \n /system leds settings set all-leds-off=never \r\ \n }\r\ \n "/tool mac-serverset allowed-interface-list=LAN/tool mac-server mac-winboxset allowed-interface-list=LANStatistics: Posted by milesharrison — Thu Mar 13, 2025 1:18 am