• Maksim Rodin [2025-01-13 17:45]:
Hello.
I recently got a wireguard config from my friend, he wanted to test his
wg endpoint setup on a mikrotik router:
---
[Interface]
PrivateKey = ***
Address = 172.16.2.201/32
DNS = 172.16.1.11
[Peer]
PublicKey = ***
AllowedIPs = 172.16.1.0/24
Endpoint = some_ip:62391
PersistentKeepalive = 25
---
Address and AllowedIPs sections seemed a bit weird to me but my friend
confirmed these parameters were correct and he was using a similar config
on a Windows machine with only a different Address parameter:
Address = 172.16.2.2/32
Nevertheless after I got the config in a text form
I made a /etc/hostname.wg1 from its content like this:
---
wgkey ***
wgpeer *** wgendpoint some_ip 62391 wgaip 172.16.1.0/24
inet 172.16.2.201/32
up
!route add -inet 172.16.1.0/24 -static -iface 172.16.2.201
---
I did "sh netstart wg1" and my friend confirmed that I was connected to
his mikrotik router but I was not able to access any resources in the
172.16.1.0/24 network.
Could there be any tricks on mikrotik router that allow to translate my queries
from 172.16.2.201/32 network access resources in 172.16.1.0/24?
How can it be that such a config works on Windows but cannot work on
OpenBSD?
wireguard on windows would add entries to your routing table (i think
there's an option for that), on openbsd you have to arrange for your
routing yourself. you may try running this command:
route add -inet 172.16.1.0/24 -static -iface 172.16.2.201
to persist the configuration, add the line provided above to the
hostname.wg1.
I use OpenBSD 7.6 amd64 stable.
