1 - I have an HAP AC2 (7.1.1) behind a RB2011 (6.49) and wanted to use the access point to establish a Wireguard tunnel towards a RB1100AHx2 (7.1.1).
Otherwise they all need to be configured on the default WireGuard group that OPNsense creates. It's working smoothly so far but I witnessed two things, that may not be related to Mikrotik/RouterOS rather to Wireguard's code. Second, it automatically adds an IPv4 outbound NAT rule, which will allow the tunnel to access IPv4 IPs outside of the local network (if that is desired), without needing to manually add a ruleįinally, it allows separation of the firewall rules of each WireGuard instance (each wgX device). Otherwise you will need to define your own alias or at least manually specify the subnet(s)
However, it is useful to implement, for several reasons:įirst, it generates an alias for the tunnel subnet(s) that can be used in firewall rules. This step is not strictly necessary in any circumstances for a road warrior setup.
0 kommentar(er)
