Hello,
I've run into a wall trying to set up my Mikrotik router so that it acts as a Wireguard server that routes traffic to my LAN.
What I want to achieve:
- I have an android phone with Wireguard, I want to be connected to a WG tunnel at all times
- One peer of this tunnel is an AirVPN server, through which I want to route all public traffic
- Second peer is my Mikrotik router, through which I want to route traffic into my LAN
I want this connection to be active whether I am accessing from outside, or from my LAN (that is, some hairpin NAT will be also required)
I have successfully set up the Wireguard so that I can initiate the tunnel (the handshake occurs OK), however I cannot even ping the wireguard interface of the router from the client, let alone route traffic through it.
The wireguard interface has 192.168.3.1/24 address.
My client config looks like this:
As to why I want this crazy setup: I am self-hosting stuff on my home server, and want to access some of it from my phone at optimal speeds, without exposing it to the internet.
Previously I used Tailscale, however now I want to use an actual VPN on my phone and sadly even GrapheneOS does not support running two VPNs at the same time on one user profile.
What configuration do I have wrong/am I missing in order to achieve the stated?
Thanks for any help
Config attached
I've run into a wall trying to set up my Mikrotik router so that it acts as a Wireguard server that routes traffic to my LAN.
What I want to achieve:
- I have an android phone with Wireguard, I want to be connected to a WG tunnel at all times
- One peer of this tunnel is an AirVPN server, through which I want to route all public traffic
- Second peer is my Mikrotik router, through which I want to route traffic into my LAN
I want this connection to be active whether I am accessing from outside, or from my LAN (that is, some hairpin NAT will be also required)
I have successfully set up the Wireguard so that I can initiate the tunnel (the handshake occurs OK), however I cannot even ping the wireguard interface of the router from the client, let alone route traffic through it.
The wireguard interface has 192.168.3.1/24 address.
My client config looks like this:
Code:
[Interface]PrivateKey = InterfacePrivateKeyAddress = 10.142.68.243/32[Peer]PublicKey = AirVPNServerPublicKeyPresharedKey = PresharedKeyAllowedIPs = 0.0.0.0/1,128.0.0.0/2,224.0.0.0/3,208.0.0.0/4,200.0.0.0/5,196.0.0.0/6,194.0.0.0/7,193.0.0.0/8,192.0.0.0/9,192.192.0.0/10,192.128.0.0/11,192.176.0.0/12,192.160.0.0/13,192.172.0.0/14,192.170.0.0/15,192.169.0.0/16,192.168.128.0/17,192.168.64.0/18,192.168.32.0/19,192.168.16.0/20,192.168.8.0/21,192.168.4.0/22Endpoint = airvpnendpointPersistentKeepalive = 15[Peer]PublicKey = MikrotikRouterPublicKeyAllowedIPs = 192.168.0.0/22Endpoint = 192.168.3.1:13231PersistentKeepalive = 15Previously I used Tailscale, however now I want to use an actual VPN on my phone and sadly even GrapheneOS does not support running two VPNs at the same time on one user profile.
What configuration do I have wrong/am I missing in order to achieve the stated?
Thanks for any help
Config attached
Statistics: Posted by mzelenak — Sun Mar 30, 2025 7:30 pm