Dynamic Routing with Wireguard, Optimize your MikroTik network!

  Рет қаралды 21,884

The Network Berg

The Network Berg

Күн бұрын

Пікірлер: 58
@TheNetworkBerg
@TheNetworkBerg Жыл бұрын
Hey guys, just pinning some useful links that you can use to configure Dynamic Routing with Wireguard on MikroTik (Sorry for some pops in the audio, I only realized after recording that the filter was touching the mic and whenever I would hit the table it would make a very slight pop MikroTik WG: help.mikrotik.com/docs/display/ROS/WireGuard MikroTik BGP: help.mikrotik.com/docs/display/ROS/BGP MikroTik OSPF: help.mikrotik.com/docs/display/ROS/OSPF
@kresimirpecar4925
@kresimirpecar4925 Жыл бұрын
Always pleasure to see new video 😊
@trexx_media
@trexx_media Жыл бұрын
🎉🎉🎉🎉 awaiting for it, GURU JI
@zerpita2007
@zerpita2007 4 ай бұрын
buenas amigo gracias por el video ahora bien unas preguntas cuando usted crea el wireguard tiene comunicacion B-C Y A-C exacto no hay comunicacion entre A-B hasta que no configuras el BGP?
@drlegende
@drlegende 6 ай бұрын
This video was awesome and fun to follow. you should consider doing a similar one for pfsense although the concept is very similar. A+ to you.
@kidu2k3
@kidu2k3 11 ай бұрын
can i like this video twice? :) thx, nice tutorial
@DanelSwitalski
@DanelSwitalski Жыл бұрын
Hello, everything works, ibgp works - it will break now i will configure ospf as additional routers thanks for the material Regards Daniel
@RedesBinarias
@RedesBinarias 5 ай бұрын
Your video is awesome!. I configured BGP in a Mikrotik very fast. I only have a little problem. I would like to redirect "all traffic" from the other sites across my site. As you know, I need to mark traffic to send across Wireguard. I tried to enable default originate flag in always and in the remote site selected my routing table but not works. Could you please help me? Any idea? Thanks!!!
@imanikabeya3542
@imanikabeya3542 Жыл бұрын
Thanks for this beautiful work sir... God bless you so much, I'd like to ask how did you make this topology with that well designed internet ?
@TheNetworkBerg
@TheNetworkBerg Жыл бұрын
I use an emulator called EVE-NG, the cloud is really just a cloud PNG that hides a couple of routers behind it to act as the internet. But it looks nice ;D!
@imanikabeya3542
@imanikabeya3542 Жыл бұрын
Means you downloaded that cloud PNG and uploaded that in your EVE
@imanikabeya3542
@imanikabeya3542 Жыл бұрын
Yes I Know it's EVE but never seen that cloud in Eve tho 🤣😂
@TheNetworkBerg
@TheNetworkBerg Жыл бұрын
Ahhh yeah, this is another "Pro" feature, it allows you to upload images directly into your topology. Not worth the $$$ if you just want to do this, but it does make labs look a lot nicer.
@Carlos_Fanini
@Carlos_Fanini 8 ай бұрын
Awesome stuff. What software do you use for lab simulation?
@TheNetworkBerg
@TheNetworkBerg 8 ай бұрын
It's called EVE-NG a network emulator similar to GNS3
@Carlos_Fanini
@Carlos_Fanini 8 ай бұрын
@@TheNetworkBerg Thanks a lot.
@johanpingree8072
@johanpingree8072 8 ай бұрын
I watch your awesome video multiple times to ensure I did not miss a step. Wrote a procedures manual for my setup to have as a handy reference for the topology I have. I have all three routers talking to each other and each router can get to the others LAN. iBGP is working and reflecting the routes. I threw in a road warrior which can connect and see all the networks distributed via iBGP. HOWEVER, my LAN clients (on the hub router), for example my desktop, cannot ping the other LAN addresses across the routers, it can ping the tunnel addresses on both sides of the tunnel, but again, not past the tunnel endpoints. This leads me to believe it has something to do with iBGP. I have gone through the settings over a dozen times and still cannot figure out why my local network clients cannot see the other LANs. Can you offer up any pointers? Thanks!
@krzysztofbucko9882
@krzysztofbucko9882 3 ай бұрын
Hi I've got question about wireguard with DDNS build in option. When I've done config with DDNS and IPSEC connection between Mikrotik with DDNS and 3rd party router with static PUB IP everything is OK. When I'm trying to do the same thing but with wireguard it's not working and even hitting the firewall. Configuration is OK because when I use PUB IP with the same configuration is OK , so what's difference with DDNS IPSEC and DDNS Wireguard ?
@thefixitgal
@thefixitgal Жыл бұрын
That was pretty sweet! Using wiregaurd rather than Ipsec seems a more modern method. Also Ive noticed route flapping can occur if you share all routes over the tunnel. Would you be able to address how to mitigate this in a video please
@adrianocolombo
@adrianocolombo Жыл бұрын
I managed to do this; I can interconnect two cities using a common broadband link and even mirror a private IP block, making the network of both places appear as if it were the same network
@gianlucagiuman6132
@gianlucagiuman6132 4 ай бұрын
Wow !! There's the possibility to use bgp for road warrior ? How much increment the speed ? Theres a script of your tutorial ? Too much question ..... hehehehe Thanx for your great work :)
@RyuKimGaming
@RyuKimGaming 4 ай бұрын
Can you create another video with WG but with OSPF? For multiple remote sites
@mrrtee1343
@mrrtee1343 Жыл бұрын
Can you make video explain and example for each mangle chain rule and action rule? I want to understand each how it works
@CzAerox
@CzAerox 6 ай бұрын
I wonder what to do, if public wifi is blocking "WG" like blocking UDP or something like that. Even using open ports did not made my device to handshake :/ Mostly airport wifi´s. Btw, thanks for your tutorials!
@HeikoRehm
@HeikoRehm Жыл бұрын
I run that with OSPF since a while already. Same way - 0/0 on the WG Allowed nets. Plus a little Route-Filtering. Works neatly and so much more stable than it used to be when I had used SSTP.
@alimibrahem8120
@alimibrahem8120 Жыл бұрын
you are so elegant man..! i love your video ..⬆
@TheNetworkBerg
@TheNetworkBerg Жыл бұрын
Thank you so much 😀
@mondrehendricks383
@mondrehendricks383 3 ай бұрын
I have tried this but seem to be running into abit of a snag all is in order however when it seems like site c isnt routing site b traffic or pings to site a
@nikolashuminosky6987
@nikolashuminosky6987 Жыл бұрын
@The Network Berg - i don't understand why we need to ticke bgp on output-redistribute since we got RR running. I don't this that is the same case on v6
@TheNetworkBerg
@TheNetworkBerg Жыл бұрын
Hmmmmm I agree that this should just push through with using an RR, but for this WG setup I had to redist routes. Let me tweak around a bit and see if there is any answer. Will see if I can export the lab for more people to play around with the setup. I initially just used EBGP with default originates which worked awesomely but wanted to try and incorporate with IBGP as well
@kopyrta
@kopyrta Жыл бұрын
Hey. Could you please do a video where you show how to connect 3 locations with EoIP tunnels over IPsec (do not merge them in a hub) and run OSPF on loopback interfaces on each office router? Then configure iBGP from each loopback and make server's traffic exchange via iBGP with even prefix filtering from wherever point you want? I was told this is good approach to connect 3 offices. Or some other approach to rock solid connections between different locations. Many thanks in advance!
@Anavllama
@Anavllama Жыл бұрын
The BGP part was interesting. It seemed l like quite a bit of extra work, and you never noted any potential need for firewall rules. Assuming traffic is coming on the connected routes one would still need some forward chain rules etc. In other words, achieving the same functionality, connecting routers, within wireguard ( allowed IPs, firewall rules, routes if necessary ) on the surface seems actually easier to me. We can also force any subnet through wireguard to use the WAN of another router. Being only a home user, I probably wont need BGP etc, but I think the value must come in economies of scale ( the more complex the connections between routers ) where BGP would really shine. Can you point out some other advantages to the BGP method vice just straight wireguard. Thanks!
@DanelSwitalski
@DanelSwitalski Жыл бұрын
witam, świetny materiał, rozumiem że z ospf też będzie działać? pozdrawiam Daniel
@TheNetworkBerg
@TheNetworkBerg Жыл бұрын
Tak, to będzie działać również z OSPF, przepraszam, jeśli tłumaczenie jest błędne przy użyciu tłumacza google
@DanelSwitalski
@DanelSwitalski Жыл бұрын
@@TheNetworkBerg witam, tłumaczenie ok; dziękuję za odpowiedz; czy ten rodzaj tunelu jest bardziej wydajny niż ip-ip lub inne? uprzejmie proszę o odpowiedz pozdrawiam Daniel
@skillsinfo1
@skillsinfo1 Жыл бұрын
Dear which is that cheapest wireguard service provider monthly
@christp42
@christp42 Жыл бұрын
Hey NetworkBerg! One more great video! Thank you. I have a question regarding the site-to-site connections setup. So you used different ports and two separate IP addresses on the Wireguard interface on Site-C to connect from there as the initiator of the VPN tunnels to the other two sites. What if you did this the other way around; that is: 1) you kept the port number common across all sites; 2) you had only one Wireguard interface with only one IP address on all sites; including Site-C and 3) connect from Site-A and Site-B as the initiators of the VPN communication to the same Wireguard interface (same public key; same port) on Site-C (using of course for all sites Wireguard IP addresses a /29 subnet or any other mask that would permit at least three IP addresses on the same network). Would that work?
@TheNetworkBerg
@TheNetworkBerg Жыл бұрын
Hello, Cite-C is not the initiator both Site-A and Site-B are initiators as only they have an endpoint and endpoint port set. You can setup dynamic routing using a single interface at Site-C (Meaning a single port across the board) but this needs a lot of tuning especially if you want to introduce OSPF. You will also in this case have to manually tweak every peer every time you want to advertise a new network as you will have to specify allowed-from addresses as Site-C (The Hub) cannot have 0.0.0.0/0 as an allowed-address to both Site-A and Site-B over its peers. You will experience routing loops if you do create the allowed-from addresses correctly and your routers will start to fall over.
@skillsinfo1
@skillsinfo1 Жыл бұрын
Whhich vpn cheapest then mulvad as wireguard that support mikrotik
@hosseinmhr8665
@hosseinmhr8665 Ай бұрын
please make video about wireguard client to server setup on hapac3 to make wifi users connect ecactly without cut or any problem
@ali0ghanem
@ali0ghanem Жыл бұрын
Wow❤❤❤❤
@skillsinfo1
@skillsinfo1 Жыл бұрын
Is that method on mulvad
@safayethussain910
@safayethussain910 Жыл бұрын
Please enable OS7 prefix count option as soon as possible
@brantwinter
@brantwinter Ай бұрын
Where has the role igbp rr client gone in ROS7? There is no igbp rr client in Inbox on Mac
@brantwinter
@brantwinter Ай бұрын
/routing/bgp/connection> set local.role= ebgp ebgp-customer ebgp-peer ebgp-provider ebgp-rs ebgp-rs-client ibgp ibgp-rr
@TheNetworkBerg
@TheNetworkBerg Ай бұрын
They have removed client you can just use igbp it serves the same purpose.
@brantwinter
@brantwinter Ай бұрын
@@TheNetworkBergthanks. I did try that but the session didn’t come up. I’ll try again though.
@skillsinfo1
@skillsinfo1 Жыл бұрын
Bro my wireguard show tx error I am using mulvad I need your help
@darryndw
@darryndw 10 ай бұрын
Things have changed allot in wiregaurd setups in ver 7.13.1 we need an updated video
@yith_telecom
@yith_telecom 10 ай бұрын
I want to redirect all the remote sites traffic to a firewall below the main router. What should I configure in the main router?
@kostashellas
@kostashellas 16 күн бұрын
Behind fw and NAT it doesn't work as described, it's very tricky to make it work properly
@TheNetworkBerg
@TheNetworkBerg 15 күн бұрын
Yeah it does become more complex if both ends sit behind a NAT, which is why most use-cases recommend at least one side having a static/public address. If both ends are on dynamic connections you could request for some port forwarding to be done to get this working if you do not manage the router where the NAT is happening on. Alternatively you could also connect using something like ZeroTier or to create a "VPN concentrator" on a cloud provider like AWS/Azure/Linode/Oracle VPS where they will basically give you a public IP and you can form VPN connections from all your MIkroTiks.
@mikkio5371
@mikkio5371 Жыл бұрын
Can one alos run ospf via wireguard
@TheNetworkBerg
@TheNetworkBerg Жыл бұрын
Yes, if you use a single interface you will have to define static neighbors and using ptp type, else you can follow the exact same steps in this video, I could make another video featuring OSPF if that would make things easier?
@mikkio5371
@mikkio5371 Жыл бұрын
@@TheNetworkBerg thanks alot 🙏🙏 for the response . Would give it a try
@JimmieB
@JimmieB Жыл бұрын
Yes please run an OSPF over Wireguard vid. I can't get it to work. Added static neighbours with the WG interface and a PTP template but stuck in INIT on one end and nothing at the other end. Probably missing something. Great videos.@@TheNetworkBerg
@JimmieB
@JimmieB Жыл бұрын
doh! Matter fixed it. Was firewall issue. Allowed ospf (89) input and bingo all good.
Mastering VLAN Configuration on MikroTik, Step-by-Step Guide
34:56
The Network Berg
Рет қаралды 120 М.
Ultimate MikroTik Wireguard Site-to-Site Guide
28:29
The Network Berg
Рет қаралды 70 М.
VIP ACCESS
00:47
Natan por Aí
Рет қаралды 30 МЛН
MikroTik FINALLY Supports BFD in v7!!! (BGP & OSPF Setup)
32:03
The Network Berg
Рет қаралды 13 М.
Wireguard Road Warrior Setup, Ft. MikroTik
18:19
The Network Berg
Рет қаралды 32 М.
MikroTik MP-BGP L3VPN with Route Reflectors (Full Lab)
57:31
The Network Berg
Рет қаралды 13 М.
MikroTik|| RouterOS v7 || BGP Part 01
31:22
Netgate BD
Рет қаралды 5 М.
How to protect and restrict VLAN traffic on MikroTik.
19:54
The Network Berg
Рет қаралды 27 М.
Providing MPLS services to customers on MikroTik ROSv7 | FULL LAB
40:39
The Network Berg
Рет қаралды 29 М.
Unveiling the Best VPN for MikroTik Routers
16:22
The Network Berg
Рет қаралды 38 М.
Discover Mullvad: MikroTik's Game-Changing Anonymous VPN
19:48
The Network Berg
Рет қаралды 18 М.