FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

11973 questions

14253 answers

22460 comments

35596 members

0 votes
247 views 1 comments
by
Hello i'm trying to connect my RUTX11 with Wireguard to Mikrotik. This is working fine so far.

But i want to use broadcast OSPF, so i want a GRE Tunnel over the wireguard connection.

But i don't get this to work.

How can i set the wireguard as Tunnel Source for the GRE Tunnel? Because it doesn't get displayed there as usable source and i think this could be my problem.

I have this configuration from Mikrotik <-> Mikrotik and there it is working without issues.

Or has someone a better idea how to get OSPF working with  Mikrotik <- wireguard -> RUTX11?

Thanks!

1 Answer

0 votes
by

Hello,

I've managed to setup a GRE over WireGuard tunnel without any issues - it is possible to do so both via WebUI and CLI. If all that's needed is to enter the tunnel source interface then you may do so by navigating to Services > VPN > GRE > [Edit GRE interface]. Once there, select tunnel source field, click on "Custom" field to enter WireGuard interface name. Once done, hit enter to apply the interface name and make sure to Save & Apply the configuration.

If you'd like to do this using CLI (SSH), you may run the following commands in a single line. Make sure to change the name of your GRE interface as well as your WireGuard interface. This command will enter the WireGuard interface name inside the GRE section, commit the changes and then reload affected configuration files (/etc/config/network):

uci set network.<GRE_Inteface_name>.tunlink='<WireGuard_interface_name>' ; uci commit ; reload_config

 An example of final configuration on Teltonika device, inside the /etc/config/network file should be something similar to this (your interface names and things such as IPs, listen ports, allowed subnets/hosts will most likely differ):

config interface 'wgx'

        option proto 'wireguard'

        option public_key 'pubkey'

        option private_key 'privkey'

        option disabled '0'

        option listen_port '51820'

        list addresses '192.168.100.2/32'

config wireguard_wgx 'wgpeerX'

        option endpoint_port '51820'

        option persistent_keepalive '30'

        option endpoint_host 'peer_ip_addr'

        option route_allowed_ips '1'

        option public_key 'peer_pubkey'

        list allowed_ips '172.20.30.0/30'

        list allowed_ips '192.168.100.1/32'

config interface 'grex'

        option proto 'gre'

        option keep_alive '0'

        option peeraddr '192.168.100.1'

        option mtu '1360'

        option ttl '64'

        option disabled '0'

        option tunlink 'wgx'

config interface 'grex_static'

        option ipaddr '172.20.30.2'

        option proto 'static'

        option ifname '@grex'

        option netmask '255.255.255.252'

Best regards,

Tomas

Best answer
by
Thanks Tomas!

Was to dumb to use the Custom Field and enter there the WG Interface name.

Works now!