Hello and thanks for the wonderful community. i am new to the mikrotik community and networking on this scale in general. I am having a massivly hard time getting a wireguard set up to work after combing the internet and this forum on how to accomplish accessing my home network remotely. and possibly my config can be looked through and optimized as well.please be kind cause this router already makes me feel stupid most days.
Code:
# 2024-05-05 02:24:17 by RouterOS 7.14.3# software id = 7PN0-5HC0## model = RB951Ui-2HnD# serial number = /interface bridgeadd admin-mac=auto-mac=no comment=defconf name=bridge/interface wireguardadd listen-port=13231 mtu=1420 name=wireguard1/interface listadd comment=defconf name=WANadd comment=defconf name=LAN/interface wireless security-profilesset [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \ supplicant-identity=MikroTikadd authentication-types=wpa2-psk mode=dynamic-keys name=nomad \ supplicant-identity=MikroTikadd authentication-types=wpa2-psk mode=dynamic-keys name=NomadIoT \ supplicant-identity=MikroTikadd authentication-types=wpa2-psk mode=dynamic-keys name=nomadguest \ supplicant-identity=MikroTik/interface wirelessset [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no distance=indoors \ installation=indoor mode=ap-bridge security-profile=nomad ssid=Nomad \ wireless-protocol=802.11add disabled=no hide-ssid=yes mac-address=4E:5E:0C:B4:D9:F0 master-interface=\ wlan1 name=wlan3 security-profile=NomadIoT ssid="Nomad IoT" \ wds-default-bridge=bridge wps-mode=disabledadd disabled=no mac-address=4E:5E:0C:B4:D9:F1 master-interface=wlan1 name=\ wlan4 security-profile=nomadguest ssid="Nomad Guest" wds-default-bridge=\ bridge wps-mode=disabled/iot lora serversadd address=eu.mikrotik.thethings.industries name=TTN-EU protocol=UDPadd address=us.mikrotik.thethings.industries name=TTN-US protocol=UDPadd address=eu1.cloud.thethings.industries name="TTS Cloud (eu1)" protocol=\ UDPadd address=nam1.cloud.thethings.industries name="TTS Cloud (nam1)" protocol=\ UDPadd address=au1.cloud.thethings.industries name="TTS Cloud (au1)" protocol=\ UDPadd address=eu1.cloud.thethings.network name="TTN V3 (eu1)" protocol=UDPadd address=nam1.cloud.thethings.network name="TTN V3 (nam1)" protocol=UDPadd address=au1.cloud.thethings.network name="TTN V3 (au1)" protocol=UDP/ip pooladd name=default-dhcp ranges=192.168.88.10-192.168.88.254/ip dhcp-serveradd address-pool=default-dhcp interface=bridge name=defconf/interface bridge portadd bridge=bridge comment=defconf interface=ether2add bridge=bridge comment=defconf interface=ether3add bridge=bridge comment=defconf interface=ether4add bridge=bridge interface=ether1add bridge=bridge interface=*9add bridge=bridge interface=wlan3add bridge=bridge interface=wlan4add bridge=bridge interface=wlan1/ip neighbor discovery-settingsset discover-interface-list=LAN/ipv6 settingsset disable-ipv6=yes/interface detect-internetset detect-interface-list=all internet-interface-list=all lan-interface-list=\ all wan-interface-list=all/interface list memberadd comment=defconf interface=bridge list=LANadd interface=ether5 list=WANadd interface=wireguard1 list=LAN/interface wireguard peersadd allowed-address=192.168.100.2/32 interface=wireguard1 public-key=\/ip addressadd address=192.168.88.1/24 comment=defconf interface=bridge network=\ 192.168.88.0add address=192.168.100.1/24 interface=wireguard1 network=192.168.100.0/ip dhcp-clientadd interface=ether5/ip dhcp-server networkadd address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=\ 192.168.88.1/ip dnsset allow-remote-requests=yes servers=1.1.1.1/ip dns staticadd address=192.168.88.1 comment=defconf name=router.lan/ip firewall filteradd action=accept chain=input comment="allow wireguard traffic" src-address=\ 192.168.100.0/24add action=accept chain=input comment="allow Wireguard" dst-port=13231 \ protocol=udpadd action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalidadd action=accept chain=input comment="defconf: accept ICMP" protocol=icmpadd action=accept chain=input comment=\ "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1add action=drop chain=input comment="defconf: drop all not coming from LAN" \ in-interface-list=!LANadd action=accept chain=forward comment="defconf: accept in ipsec policy" \ ipsec-policy=in,ipsecadd action=accept chain=forward comment="defconf: accept out ipsec policy" \ ipsec-policy=out,ipsecadd action=fasttrack-connection chain=forward comment="defconf: fasttrack" \ connection-state=established,related hw-offload=yesadd action=accept chain=forward comment=\ "defconf: accept established,related, untracked" connection-state=\ established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalidadd action=drop chain=forward comment=\ "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \ connection-state=new in-interface-list=WANadd action=accept chain=forward comment=internet in-interface-list=LAN \ out-interface-list=WANadd action=accept chain=forward comment="wg to lan" dst-address=\ 192.168.88.0/24 in-interface=wireguard1add action=drop chain=forward comment="port forwarding" connection-nat-state=\ dstnatadd action=drop chain=forward comment="drop all else"/ip firewall natadd action=masquerade chain=srcnat comment="defconf: masquerade" \ ipsec-policy=out,none out-interface-list=WAN/ip sshset always-allow-password-login=yes/ipv6 firewall address-listadd address=::/128 comment="defconf: unspecified address" list=bad_ipv6add address=::1/128 comment="defconf: lo" list=bad_ipv6add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6add address=100::/64 comment="defconf: discard only " list=bad_ipv6add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6/ipv6 firewall filteradd action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalidadd action=accept chain=input comment="defconf: accept ICMPv6" protocol=\ icmpv6add action=accept chain=input comment="defconf: accept UDP traceroute" \ dst-port=33434-33534 protocol=udpadd action=accept chain=input comment=\ "defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\ udp src-address=fe80::/10add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \ protocol=udpadd action=accept chain=input comment="defconf: accept ipsec AH" protocol=\ ipsec-ahadd action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\ ipsec-espadd action=accept chain=input comment=\ "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsecadd action=drop chain=input comment=\ "defconf: drop everything else not coming from LAN" in-interface-list=\ !LANadd action=accept chain=forward comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalidadd action=drop chain=forward comment=\ "defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6add action=drop chain=forward comment=\ "defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \ hop-limit=equal:1 protocol=icmpv6add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\ icmpv6add action=accept chain=forward comment="defconf: accept HIP" protocol=139add action=accept chain=forward comment="defconf: accept IKE" dst-port=\ 500,4500 protocol=udpadd action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\ ipsec-ahadd action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\ ipsec-espadd action=accept chain=forward comment=\ "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsecadd action=drop chain=forward comment=\ "defconf: drop everything else not coming from LAN" in-interface-list=\ !LAN/system clockset time-zone-name=America/Chicago/system gpsset set-system-time=yes/system noteset show-at-login=no/system routerboard settingsset auto-upgrade=yes/tool mac-serverset allowed-interface-list=LAN/tool mac-server mac-winboxset allowed-interface-list=LANStatistics: Posted by Sampsonfarms0 — Sun May 05, 2024 10:34 am