FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
1,155 views 1 comments
by anonymous
Hello i'm trying to connect my RUTX11 with Wireguard to Mikrotik. This is working fine so far.

But i want to use broadcast OSPF, so i want a GRE Tunnel over the wireguard connection.

But i don't get this to work.

How can i set the wireguard as Tunnel Source for the GRE Tunnel? Because it doesn't get displayed there as usable source and i think this could be my problem.

I have this configuration from Mikrotik <-> Mikrotik and there it is working without issues.

Or has someone a better idea how to get OSPF working with  Mikrotik <- wireguard -> RUTX11?

Thanks!

1 Answer

0 votes
by anonymous

Hello,

I've managed to setup a GRE over WireGuard tunnel without any issues - it is possible to do so both via WebUI and CLI. If all that's needed is to enter the tunnel source interface then you may do so by navigating to Services > VPN > GRE > [Edit GRE interface]. Once there, select tunnel source field, click on "Custom" field to enter WireGuard interface name. Once done, hit enter to apply the interface name and make sure to Save & Apply the configuration.

If you'd like to do this using CLI (SSH), you may run the following commands in a single line. Make sure to change the name of your GRE interface as well as your WireGuard interface. This command will enter the WireGuard interface name inside the GRE section, commit the changes and then reload affected configuration files (/etc/config/network):

uci set network.<GRE_Inteface_name>.tunlink='<WireGuard_interface_name>' ; uci commit ; reload_config

 An example of final configuration on Teltonika device, inside the /etc/config/network file should be something similar to this (your interface names and things such as IPs, listen ports, allowed subnets/hosts will most likely differ):

config interface 'wgx'

        option proto 'wireguard'

        option public_key 'pubkey'

        option private_key 'privkey'

        option disabled '0'

        option listen_port '51820'

        list addresses '192.168.100.2/32'

config wireguard_wgx 'wgpeerX'

        option endpoint_port '51820'

        option persistent_keepalive '30'

        option endpoint_host 'peer_ip_addr'

        option route_allowed_ips '1'

        option public_key 'peer_pubkey'

        list allowed_ips '172.20.30.0/30'

        list allowed_ips '192.168.100.1/32'

config interface 'grex'

        option proto 'gre'

        option keep_alive '0'

        option peeraddr '192.168.100.1'

        option mtu '1360'

        option ttl '64'

        option disabled '0'

        option tunlink 'wgx'

config interface 'grex_static'

        option ipaddr '172.20.30.2'

        option proto 'static'

        option ifname '@grex'

        option netmask '255.255.255.252'

Best regards,

Tomas

Best answer
by anonymous
Thanks Tomas!

Was to dumb to use the Custom Field and enter there the WG Interface name.

Works now!