Hi,
I'm having issue with a mikrotik router running OpenWrt, it should works as a WireGuard server only and it's inside the same lan/subnenet behind a FortiGate firewall, but I'm unable to access the tunnel using the static public IP and I see no traffic on the wireguard interface nor firewall rule.
I've already configured the FortiGate firewall but maybe I have an issue with the WireGuard or firewall settings?
Here are them:
config interface 'lan'
option device 'br-lan'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '192.168.113.4'
option gateway '192.168.113.1'
config interface 'vpn'
option proto 'wireguard'
option private_key 'x'
option listen_port '51820'
list addresses '10.4.0.1/32'
config wireguard_vpn
option description 'Giulio iPhone'
option public_key 'x'
option private_key 'x'
option route_allowed_ips '1'
option endpoint_host '194.x.x.x'
option endpoint_port '51820'
list allowed_ips '10.4.0.2/32'
On the FortiGate firewall (I know this is off topic, is just to show all the settings) I configured a new Virtual IP
SYSFW60F (WireGuard) # show
config firewall vip
edit "WireGuard"
set uuid f03ef9d2-b285-51ed-108d-f7e3e193c54a
set extip 194.x.x.x
set mappedip "192.168.113.4"
set extintf "wan1"
set portforward enable
set protocol udp
set extport 51820
set mappedport 51820
next
end
And a rule
SYSFW60F (2) # show
config firewall policy
edit 2
set name "WireGuard"
set uuid e023f12c-b1ce-51ed-67ea-7da8d93cead2
set srcintf "wan1"
set dstintf "internal"
set action accept
set srcaddr "all"
set dstaddr "WireGuard"
set schedule "always"
set service "ALL"
set logtraffic all
set nat enable
next
end
If someone have an idea I'd thank you.