Korhul Tux's lil' helper
Joined: 09 May 2005 Posts: 75 Location: Czech Republic
|
Posted: Wed Apr 14, 2021 10:59 am Post subject: Site-to-site over wireguard [SOLVED] |
|
|
EDIT - SOLVED, it was misconfigured wireguard on mikrotik router, forgot to add 192.168.10.0/24 to allowed address in peers configuration.
Hi!
I have tried to setup connection between two physical sites using wireguard and I want to allow communication between computers in these LANs to communicate between each other. This works only partialy.
This is diagram of my network
Code: |
LOCAL SITE 1 INTERNET
|
192.168.10.1 --- |
| -----------------------
| | PUBLIC IP (wan) | Gentoo Router
192.168.10.2 --- 192.168.10.0/24 -| 192.168.10.253 (lan)| providing DHCP/DNS
| | 10.88.128.1 (wg0) | via DNSMASQ
| -----------------------
192.168.10.3 --- |
|
LOCAL SITE 2 WIREGUARD VPN (network 10.88.128.0/24)
|
192.168.0.1 --- |
| ---------------------------
| | 10.88.128.4 (wg0) | MIKROTIK ROUTER
192.168.0.2 --- 192.168.0.0/24 -- | 192.168.0.253 (bridge) |
| | EXTERNAL IP (ether1) |
| --------------------------
192.168.0.3 --- |
|
INTERNET |
The problem is I can ping from 192.168.10.0/24 to 192.168.0.0/24 but not from 192.168.0.0/24 to 192.168.10.0/24.
Code: |
192.168.0.1 ~ $ ping 192.168.10.33
PING 192.168.10.33 (192.168.10.33) 56(84) bytes of data.
From 192.168.0.253 icmp_seq=1 Destination Host Unreachable
From 192.168.0.253 icmp_seq=2 Destination Host Unreachable
192.168.0.1 ~ $ traceroute 192.168.10.33
traceroute to 192.168.10.33 (192.168.10.33), 30 hops max, 60 byte packets
1 192.168.0.253 (192.168.0.253) 0.430 ms 0.407 ms 0.491 ms
2 192.168.0.253 (192.168.0.253) 0.410 ms !H 0.525 ms !H 0.409 ms !H
|
To verify host 192.168.10.33 is up:
Code: |
192.168.10.253 # ping 192.168.10.33
PING 192.168.10.33 (192.168.10.33) 56(84) bytes of data.
64 bytes from 192.168.10.33: icmp_seq=1 ttl=64 time=0.873 ms
64 bytes from 192.168.10.33: icmp_seq=2 ttl=64 time=0.796 ms
|
Vice versa works
Code: |
192.168.10.33 > ping 192.168.0.1
SEQ HOST SIZE TTL TIME STATUS
0 192.168.0.1 56 62 8ms
1 192.168.0.1 56 62 7ms
sent=2 received=2 packet-loss=0% min-rtt=7ms avg-rtt=7ms max-rtt=8ms
|
I am not sure, if this is problem with routing or firewall issue. But I suspect that Destination Host Unreachable is probably some issue with routing.
Code: |
192.168.10.253 # ip route
default via PUBLICIP dev wan metric 4
10.88.128.0/24 dev wg0 proto kernel scope link src 10.88.128.1
10.88.128.4 dev wg0 scope link
PUBLICNETWORK/26 dev wan proto kernel scope link src PUBLICIP
127.0.0.0/8 via 127.0.0.1 dev lo
192.168.0.0/24 via 10.88.128.4 dev wg0
192.168.10.0/24 dev lan proto kernel scope link src 192.168.10.253 |
Code: |
192.168.0.253 > /ip/route print
Flags: D - DYNAMIC; A - ACTIVE; c - CONNECT, s - STATIC, y - COPY
Columns: DST-ADDRESS, GATEWAY, DISTANCE
# DST-ADDRESS GATEWAY D
0 As 0.0.0.0/0 ISP_INTERNAL_IP 1
DAc 10.88.128.0/24 wg0 0
1 As 10.88.128.1 wg0 1
DAc 192.168.0.0/24 bridge 0
2 As 192.168.10.0/24 wg0 1
DAc ISP_NETWORK/22 ether1 0 |
Sidenote: mikrotik si configured to bridge ether2 (lan) and wireless (lan) interface together. Interface ether1 is WAN with ISP_INTERNAL_IP.
Thanks in advance for your help. |
|