u/domvir

Hey, I'm trying to set up a wireguard tunnel to connect to my home network from the outside. Here are the commands I used:

/interface wireguard
    add listen-port=24814 mtu=1420 name=Wg_Home
/interface wireguard peers
    add allowed-address=192.168.110.3/32 client-address=192.168.110.3/32 \
    client-allowed-address=0.0.0.0/0 client-dns=9.9.9.9 client-endpoint=\
    x.x.x.x:24814 interface=Wg_Home name=Phone \
    public-key="xxx="

I create the wireguard profile using the QR code and paste the phone's public key to peer options. The connection doesn't work and I believe it is because of the firewall or NAT:

/ip firewall filter
    add action=accept chain=input comment="Accept wireguard home connections " \
    dst-port=24814 in-interface-list=WAN protocol=udp
/ip firewall nat
    add action=dst-nat chain=dstnat dst-port=24814 in-interface-list=WAN \
    protocol=udp to-addresses=192.168.110.2 to-ports=24814

I have the wireguard firewall rule above the default WAN drop rule but it's not getting any matches when I try connecting. The NAT rule however gets a match everytime I try to connect. I'm not sure what is the problem here, if I should provide more information please tell me what. Thanks a lot

Wireguard interface IP=192.168.110.2

Hey, few days ago I've updated the motherboard BIOS to F17a and decided to set an administrator password.

After setting up the administrator (not user) password in the BIOS and rebooting it asked for the password straight on boot, which is how USER password works but not administrator. I've tried resetting and setting the administrator and user password a few more times but both work the same, asking me for a password on boot and not when entering BIOS.

I'm not sure if this is specifically a F17a BIOS issue as I haven't tried setting the password on the old version (F10 if I remember correctly) so this may just be this motherboard issue. I don't want to test out with other versions as I'm afraid of a surge and the board not getting bricked.

Has anybody else experienced this and maybe found a fix? Should I forward this to Gigabyte? Thanks a lot.

Hey, I'm setting up my hAP ax s and right now I'm on the WiFi configuration part. It is my first time doing such configuration, so I want to get a few tips from more experienced users so I don't fuck something up.

1. Should I keep the default WiFi interfaces clean (as in no SSID, password etc.) and make each WiFi interface separately and assign them to the default interfaces or can I make the default fe. my home/trusted WiFi and assign others to it (like guest or IoT)? Are there any performance/security issues if doing the second?

2. Should I assign the VLAN ID in the datapath options or assign the WiFi interface to the bridge and assign it's VLAN there?

3. Should I try to use capsman as a beginner and only using the hAP or ignore it for now?

4. Not specifically a MikroTik question I think, but if I configure my home WiFi interface's band to 5GHz ax (and 2.4GHz respectively) will devices that don't support ax (for example those which only support up to ac) be able to connect or do I also need to configure interfaces for ac and lower if needed?

Hello, I'm learning RouterOS and configuring a simple ROAS setup with a hAP ax s and CRS328. I'm looking for a way to disable routing entirely on the CRS as I want all traffic going between networks to go through the hAP, but I can't seem to find to find a way to do that, no help in ROS docs either (or I can't find it). I know that in Cisco IOS the command "no ip routing" would achieve what I want, so I'm looking for something similar in ROS. Thanks a lot.

Considering switching to Bazzite from EndeavourOS as I want a more stable desktop for now. Everything looks great but I'm wondering if it'll be possible to use Cisco PT in Bazzite , as it is not available on flathub. Not a huge issue, as I'll be dual-booting windows on another disk, but just wish to know beforehand. Thanks a lot!