routing all trafic passthrough wireguard via wifi station (2024)

Hello
Ever, thank you to help me

This is my network

Laptop -> Wireguard1 -> Gateway1 -> internet -> Wan ———Gateway2—————-Lan—> Wifi Station ——————> Gateway4G -> PUBLIC IP1
-----------------------------Wireguard2——————————> Wireguard2
----------------------------------------------------------------------Wireguard3———————> WIREGUARD3 PUBLIC IP2
Laptop —via Wireguard1————————That I Want——————————————— > WIREGUARD3 PUBLIC IP2

I Would like to connect with my laptop on Gateway1 with Wireguard1 and I want that my public ip is Wireguard3

Actually its ok for this
Laptop -> Wireguard1 -> Gateway1 -> internet -> Gateway2 -> Wifi Station -> Gateway4G -> PUBLIC IP1
----------------------------------------------------------Wireguard2———————————> Wireguard2
Laptop —via Wireguard1—————————————————-————————————> PUBLIC IP1

So when I try to use PUBLIC IP2 , Wireguard3 connect since Wan Gateway2 and not via PUBLIC IP1

To resume I want redirect all trafic on Wireguard3 via Gateway2 (Wifi Station) and not Gateway2(Wan)

I try to use Vrf

Gateway2 is mAntBox

# 2024-05-05 18:10:36 by RouterOS 7.14.3# software id = 5BPS-L66T## model = RBD22UGS# serial number = XXXXXXXX/interface bridgeadd admin-mac=2C:C8:XXXXXA auto-mac=no comment=defconf name=Bridgeadd name=Bridge_Wifi/interface wireguardadd listen-port=51003 mtu=1420 name=Wireguard_1add listen-port=13231 mtu=1420 name=Wireguard_3add listen-port=51000 mtu=1420 name=Wireguard_Admin/interface wireless security-profilesset [ find default=yes ] supplicant-identity=MikroTikadd authentication-types=wpa-psk,wpa2-psk group-ciphers=tkip,aes-ccm mode=dynamic-keys name=Key supplicant-identity=MikroTik unicast-ciphers=tkip,aes-ccm/interface wirelessset [ find default-name=wlan1 ] band=2ghz-b/g/n country=france disabled=no frequency=2462 installation=outdoor name=Wifi_2G security-profile=Key ssid=Mobi1_2Gset [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX country=france frequency=auto installation=outdoor name=Wifi_5G security-profile=Key ssid=""/ip hotspot profileset [ find default=yes ] html-directory=hotspot/ip vrfadd interfaces=Wireguard_3 name=Vrf_3add interfaces=Bridge_Wifi,Wireguard_1 name=Vrf_Bridge_Wifi/portset 0 name=serial0set 1 name=serial1/interface bridge portadd bridge=Bridge comment=defconf interface=ether1add bridge=Bridge comment=defconf interface=sfp1add bridge=Bridge_Wifi comment=defconf interface=Wifi_2Gadd bridge=Bridge_Wifi comment=defconf interface=Wifi_5G/interface wireguard peersadd allowed-address=10.1.1.2/32 endpoint-address=adm.XXXX endpoint-port=51000 interface=Wireguard_Admin persistent-keepalive=25s public-key=«XXXXXXXXX»add allowed-address=0.0.0.0/0 endpoint-address=client1.XXXX endpoint-port=51003 interface=Wireguard_1 persistent-keepalive=25s public-key=«XXXXXXXXX»add allowed-address=0.0.0.0/0 endpoint-address=31.XXXXX endpoint-port=51820 interface=Wireguard_3 persistent-keepalive=25s public-key="XXXXXXXXXXX"/ip addressadd address=10.1.1.4/29 interface=Wireguard_Admin network=10.1.1.0add address=10.1.1.30/29 interface=Wireguard_1 network=10.1.1.24add address=10.XXXX.227 interface=Wireguard_3 network=10.XXXX.227/ip dhcp-clientadd comment=defconf interface=Bridgeadd interface=Bridge_Wifi/ip firewall filteradd action=accept chain=input dst-address=10.1.1.4 in-interface=Wireguard_Admin src-address=10.1.1.2add action=accept chain=forwardadd action=accept chain=output/ip firewall mangleadd action=mark-routing chain=prerouting in-interface=Wireguard_1 new-routing-mark=Vrf_Bridge_Wifi passthrough=yes src-address=10.1.1.26add action=mark-routing chain=prerouting in-interface=Wireguard_3 new-routing-mark=Vrf_3 passthrough=yes/ip firewall natadd action=masquerade chain=srcnat out-interface=Bridge_Wifiadd action=masquerade chain=srcnat out-interface=Wireguard_3/ip routeadd disabled=no dst-address=0.0.0.0/0 gateway=Wireguard_3@Vrf_3 routing-table=Vrf_3 suppress-hw-offload=no/system noteset show-at-login=no

Thanks a lot

Sorry very confusing..... Can you draw a network diagram please.......

Not sure which ones still valid......

Step1 - NETWORK DIAGRAM Provide a network diagram of your setup with enough detail so that the subnets (vlans), devices and their relationships are clearly established. If able, on the same, or perhaps separate diagram indicate the purpose of each port on your device. The network diagram provides the framework for the book which will help guide us towards a successful configuration.

NETWORK DIAGRAM APPS:
https://nulab.com/cacoo/
https://online.visual-paradigm.com/diag ... -software/
https://www.lucidchart.com/pages/
https://drawio-app.com/product/
https://www.diagrams.net/ (its older sibling soon to be discontinued https://drawio-app.com/product/)
( Other links for diagrams.net - https://www.youtube.com/watch?v=P3ieXjI7ZSk & https://www.youtube.com/watch?v=mpF1i9sfEJ0 )
https://sourceforge.net/projects/dia-installer/
https://www.yworks.com/products/yed (and icons for yed --> https://github.com/danger89/yEd_cisco_network_icons )
https://www.libreoffice.org/discover/draw/

http://kilievich.com/fpinger/ - has a simple drawing program but not its main intent.

This is a small diagram
I would like to route all traffic to internet via wireguard 1 nexthop wireguard3
mantbox is router mode
laptop is connect to mantbox via wireguard1 and passthrough GW1 and GW2
so after i want that is passthrough wireguard3 to access on internet
to finaly WAN Ip is VPN

Okay lets break this down so it makes sense.
You want to establish a wireguard connection from your LAPTOP to the MT MANTBOX.

Does the mantbox have a public IP address associated with it, or is it connected to an ISP Router with a public IP and you can forward ports to the MANTBOX??

Then you want to connect the MANTBOX via third party VPN, to wireguard so that you can then push your laptop traffic out the internet of the third party VPN.

++++++++++++++++++++++++++++++++++++++

What I dont get is why you are showing a WG2 ????? What am I missing.

Still not enough detail,

Please detail the relationship between every device in your diagram.
Right now it looks like the laptop is directly connected to GWY1, which is directly connected to GWY2 Which is directly connected to the MANTBOX, which is directly connected toa wifi AP router which is directly connected to A VPN box, which is directly connected to the internet.

So it begs the questions I ask, I have no clue what your network looks like.
So your saying the lapt is connected to WHAT? Where does it get its internet from presently.

What is the mant box connected to - Where does it get internet presently.