I have configured two Wireguard VPNs, one for my phone and one for my laptop which are both working fine (surfing from home network, reaching server/services) except that I get a connection timeout error when trying to connect to Winbox from my laptop (can't try with the phone).
Everything I found about this issue was that people where missing accept rules but i have those so could you please tell me if there's something wrong with them?
My complete firewall:
Everything I found about this issue was that people where missing accept rules but i have those so could you please tell me if there's something wrong with them?
My complete firewall:
Code:
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untrackedadd action=drop chain=input comment="defconf: drop invalid" connection-state=invalidadd action=accept chain=input comment="defconf: accept ICMP" protocol=icmpadd action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1add action=accept chain=input comment="VPN-WG-MyPhone access" dst-port=10131 protocol=udpadd action=accept chain=input comment="VPN-WG-MyPhone access" dst-address=192.168.131.1 in-interface=VPN-WG-MyPhoneadd action=accept chain=input comment="VPN-WG-MyLaptop access" dst-port=10132 protocol=udpadd action=accept chain=input comment="VPN-WG-MyLaptop access" dst-address=192.168.132.1 in-interface=VPN-WG-MyLaptopadd action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface=!Bridge-LANadd action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsecadd action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsecadd action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yesadd action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" connection-state=invalidadd action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface=Bridge-WANStatistics: Posted by Archibald — Thu Mar 27, 2025 10:48 pm