Sziasztok! Az alábbi konfiggal egy ideig ment a vpn az otthoni lanom és az iphone-om között, akkor "ment el" valami, amikor próbáltam a pop os-t futtató laptopomon is belőni a wireguardot. Visszatettem egy backupot a routerre, amin korábban tutira jól ment a wg a router és a teló között, de sajnos nem oldódott meg ettől a helyzet. Itt a konfig, hátha valami sasszemű kiszúr benne valamit:
/ip firewall filter print
Flags: X - disabled, I - invalid; D - dynamic
0 D ;;; special dummy rule to show fasttrack counters
chain=forward action=passthrough
1 ;;; Wireguard
chain=input action=accept protocol=udp in-interface=pppoe-out1 dst-port=51820 log=no log-prefix=""
2 ;;; defconf: accept established,related,untracked
chain=input action=accept connection-state=established,related,untracked
3 ;;; defconf: drop invalid
chain=input action=drop connection-state=invalid
4 ;;; defconf: accept ICMP
chain=input action=accept protocol=icmp
5 ;;; defconf: accept to local loopback (for CAPsMAN)
chain=input action=accept dst-address=127.0.0.1
6 chain=input action=accept protocol=udp in-interface=wireguard1 dst-port=51820 log=no log-prefix=""
7 ;;; defconf: drop all not coming from LAN
chain=input action=drop in-interface-list=!LAN
8 ;;; defconf: accept in ipsec policy
chain=forward action=accept ipsec-policy=in,ipsec
9 ;;; defconf: accept out ipsec policy
chain=forward action=accept ipsec-policy=out,ipsec
10 ;;; defconf: fasttrack
chain=forward action=fasttrack-connection hw-offload=yes connection-state=established,related
11 ;;; defconf: accept established,related, untracked
chain=forward action=accept connection-state=established,related,untracked
12 ;;; defconf: drop invalid
chain=forward action=drop connection-state=invalid
13 ;;; defconf: drop all from WAN not DSTNATed
chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface-list=WAN
/ip firewall nat print
Flags: X - disabled, I - invalid; D - dynamic
0 ;;; Hairpin NAT
chain=srcnat action=masquerade src-address=192.168.88.0/24 dst-address=192.168.88.0/24 log=no log-prefix=""
1 ;;; Hairpin NAT for WireGuard
chain=srcnat action=masquerade src-address=10.10.10.0/24 dst-address=192.168.88.0/24
2 ;;; Home Assistant, Forwarding port 80 to HA ip
chain=dstnat action=dst-nat to-addresses=192.168.88.3 protocol=tcp in-interface=pppoe-out1 dst-port=80 log=no log-prefix=""
3 ;;; Home Assistant, Forwarding port 443 to HA ip
chain=dstnat action=dst-nat to-addresses=192.168.88.3 protocol=tcp in-interface=pppoe-out1 dst-port=443 log=no log-prefix=""
4 ;;; Home Assistant catch-all
chain=dstnat action=dst-nat to-addresses=192.168.88.3 dst-address-list=WAN log=no log-prefix=""
5 ;;; Home Assistant source NAT fix
chain=srcnat action=src-nat to-addresses=185.180.88.194 src-address-list=WAN log=no log-prefix=""
6 ;;; Masquarade from WireGuard
chain=srcnat action=masquerade src-address=10.10.10.0/24 out-interface-list=WAN log=no log-prefix=""
7 ;;; defconf: masquerade
chain=srcnat action=masquerade out-interface-list=WAN ipsec-policy=out,none
/interface wireguard print detail
Flags: X - disabled; R - running
0 R name="wireguard1" mtu=1412 listen-port=51820 private-key="=" public-key="="
/interface wireguard peers print detail
Flags: X - disabled; D - dynamic
0 interface=wireguard1 name="telefon" public-key="=" private-key="" endpoint-address="" endpoint-port=0 current-endpoint-address="" current-endpoint-port=0 allowed-address=10.10.10.2/32
preshared-key="" client-endpoint="" rx=0 tx=0
1 interface=wireguard1 name="laptop" public-key="=" private-key="" endpoint-address="" endpoint-port=0 current-endpoint-address="" current-endpoint-port=0 allowed-address=10.10.10.3/32
preshared-key="" client-endpoint="" rx=0 tx=0
/interface list member print
Columns: LIST, INTERFACE
# LIST INTERFACE
;;; defconf
0 LAN bridge
;;; defconf
1 WAN ether1
2 WAN pppoe-out1
3 LAN wireguard1
/tool sniffer quick port=51820
Columns: INTERFACE, TIME, NUM, DIR, SRC-MAC, DST-MAC, SRC-ADDRESS, DST-ADDRESS, PROTOCOL, SIZE, CPU
INTERFACE TIME NUM DIR SRC-MAC DST-MAC SRC-ADDRESS DST-ADDRESS PROTOCOL SIZE CPU
bridge 4.654 2 -> D4:01:C3:3D:8E:DB 02:4D:B7:CE:D2:3A 37.76.11.127:34758 192.168.88.3:51820 ip:udp 190 3
ether5 4.654 3 -> D4:01:C3:3D:8E:DB 02:4D:B7:CE:D2:3A 37.76.11.127:34758 192.168.88.3:51820 ip:udp 190 3
pppoe-out1 9.416 4 <- 37.76.11.127:34758 185.180.88.194:51820 ip:udp 176 3
bridge 9.416 5 -> D4:01:C3:3D:8E:DB 02:4D:B7:CE:D2:3A 37.76.11.127:34758 192.168.88.3:51820 ip:udp 190 3
ether5 9.416 6 -> D4:01:C3:3D:8E:DB 02:4D:B7:CE:D2:3A 37.76.11.127:34758 192.168.88.3:51820 ip:udp 190 3
pppoe-out1 14.628 7 <- 37.76.11.127:34758 185.180.88.194:51820 ip:udp 176 3
bridge 14.628 8 -> D4:01:C3:3D:8E:DB 02:4D:B7:CE:D2:3A 37.76.11.127:34758 192.168.88.3:51820 ip:udp 190 3
ether5 14.628 9 -> D4:01:C3:3D:8E:DB 02:4D:B7:CE:D2:3A 37.76.11.127:34758 192.168.88.3:51820 ip:udp 190 3
pppoe-out1 19.769 10 <- 37.76.11.127:34758 185.180.88.194:51820 ip:udp 176 3
bridge 19.769 11 -> D4:01:C3:3D:8E:DB 02:4D:B7:CE:D2:3A 37.76.11.127:34758 192.168.88.3:51820 ip:udp 190 3
ether5 19.769 12 -> D4:01:C3:3D:8E:DB 02:4D:B7:CE:D2:3A 37.76.11.127:34758 192.168.88.3:51820 ip:udp 190 3
pppoe-out1 24.882 13 <- 37.76.11.127:34758 185.180.88.194:51820 ip:udp 176 3
bridge 24.882 14 -> D4:01:C3:3D:8E:DB 02:4D:B7:CE:D2:3A 37.76.11.127:34758 192.168.88.3:51820 ip:udp 190 3
ether5 24.882 15 -> D4:01:C3:3D:8E:DB 02:4D:B7:CE:D2:3A 37.76.11.127:34758 192.168.88.3:51820 ip:udp 190 3
pppoe-out1 30.159 16 <- 37.76.11.127:34758 185.180.88.194:51820 ip:udp 176 3
bridge 30.159 17 -> D4:01:C3:3D:8E:DB 02:4D:B7:CE:D2:3A 37.76.11.127:34758 192.168.88.3:51820 ip:udp 190 3
ether5 30.159 18 -> D4:01:C3:3D:8E:DB 02:4D:B7:CE:D2:3A 37.76.11.127:34758 192.168.88.3:51820 ip:udp 190 3
pppoe-out1 35.336 19 <- 37.76.11.127:34758 185.180.88.194:51820 ip:udp 176 3
bridge 35.336 20 -> D4:01:C3:3D:8E:DB 02:4D:B7:CE:D2:3A 37.76.11.127:34758 192.168.88.3:51820 ip:udp 190 3
ether5 35.336 21 -> D4:01:C3:3D:8E:DB 02:4D:B7:CE:D2:3A 37.76.11.127:34758 192.168.88.3:51820 ip:udp 190 3
Ha kell még valami, akkor megnézem. Előre is köszönök minden segítséget. Ja és az olyan triviális körökön túl vagyok, mint hogy a kulcsok jók -e, portok egyeznek -e, engedélyezett ip-k, jók -e.
Márk