Hỏi/ Thắc mắc Lỗi Wireguard trên mikrotik

htclub · lúc 20:01, Thứ ba

Có ai rành về Wireguard trên mikrotik không cho hỏi chút
Tôi đang dùng mikrotik RB1100AHx4 bản 7.16
đã cấu hình wireguard thành công kết nối VPN ok nhưng cứ khoảng 1-2 tuần thì bị tình trạng không kết nối được phải reset router lại thì kết nối đc và khoảng 1 tuần nữa thì không kết nối được kể cả reset router
Khôi phục bản sao lưu mới cấu hình wireguard thành cồng thì lại kết nối đc và vòng lặp lại tiếp tục
Không biết lỗi này fix ntn nhỉ

Bim Sponges · lúc 22:42, Thứ ba

Bạn chạy lệnh như hình (có thể phối hợp thêm hide-sensitive) trong MikroTik Terminal:

export file=config.rsc

Rồi quay lại WebFig > Files > tải config.rsc vừa tạo xuống rồi mở với notepad:

Sau đó dán lên comment để mình soi với, mình nghi là có gì đó xung đột hoặc cấu hình chưa đúng trong các thao tác của bạn, cấu hình mở lên thì nó sẽ như dưới:

htclub · lúc 20:09 Hôm qua

# 2024-12-20 07:36:14 by RouterOS 7.16.1
# software id = RDQR-2X3H
#
# model = RB1100x4

/interface bridge
add arp=proxy-arp name="VUNG LAN" port-cost-mode=short
/interface ethernet
set [ find default-name=ether1 ] comment=VIETTEL mac-address=\
DC:3C:5E:84:6E:B3
set [ find default-name=ether2 ] mac-address=DC:3C:5E:84:6E:B4
set [ find default-name=ether3 ] mac-address=DC:3C:5E:84:6E:B5
set [ find default-name=ether4 ] mac-address=DC:3C:5E:84:6E:B6
set [ find default-name=ether5 ] mac-address=DC:3C:5E:84:6E:B7
set [ find default-name=ether6 ] mac-address=DC:3C:5E:84:6E:B8
set [ find default-name=ether7 ] mac-address=DC:3C:5E:84:6E:B9
set [ find default-name=ether8 ] mac-address=DC:3C:5E:84:6E:BA
set [ find default-name=ether9 ] mac-address=DC:3C:5E:84:6E:BB
set [ find default-name=ether10 ] mac-address=DC:3C:5E:84:6E:BC
set [ find default-name=ether11 ] mac-address=DC:3C:5E:84:6E:BD
set [ find default-name=ether12 ] mac-address=DC:3C:5E:84:6E:BE
set [ find default-name=ether13 ] mac-address=DC:3C:5E:84:6E:BF
/interface pppoe-client
add add-default-route=yes default-route-distance=2 disabled=no interface=\
ether3 name=FPT user=Qnfdl-150210-861
add add-default-route=yes disabled=no interface=ether2 name=VNPT user=\
fthcp-benhvienfg
/interface wireguard
add listen-port=13231 mtu=1420 name=wireguard1
/interface vrrp
add arp=proxy-arp interface="VUNG LAN" name=vrrp1 priority=254 vrid=100
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/ip pool
add name=dhcp_pool0 ranges=10.0.170.1-10.0.190.255
add name=L2TP-Pool ranges=172.16.10.10-172.16.10.100
/ip dhcp-server
add address-pool=dhcp_pool0 interface="VUNG LAN" lease-time=10m name=dhcp0
/ip smb users
set [ find default=yes ] disabled=yes
/port
set 0 name=serial0
set 1 name=serial1
/ppp profile
add local-address=10.0.0.1 name=L2TP remote-address=dhcp_pool0
/routing bgp template
set default disabled=no output.network=bgp-networks
/routing ospf instance
add disabled=no name=default-v2
/routing ospf area
add disabled=yes instance=default-v2 name=backbone-v2
/routing table
add fib name="Ra WAN 2"
add fib name="Ra WAN 1"
add fib name="Ra WAN 3"
/interface bridge port
add bridge="VUNG LAN" ingress-filtering=no interface=ether4 \
internal-path-cost=10 path-cost=10
add bridge="VUNG LAN" ingress-filtering=no interface=ether5 \
internal-path-cost=10 path-cost=10
add bridge="VUNG LAN" ingress-filtering=no interface=ether6 \
internal-path-cost=10 path-cost=10
add bridge="VUNG LAN" ingress-filtering=no interface=ether7 \
internal-path-cost=10 path-cost=10
add bridge="VUNG LAN" ingress-filtering=no interface=ether8 \
internal-path-cost=10 path-cost=10
add bridge="VUNG LAN" ingress-filtering=no interface=ether9 \
internal-path-cost=10 path-cost=10
add bridge="VUNG LAN" ingress-filtering=no interface=ether10 \
internal-path-cost=10 path-cost=10
/ip firewall connection tracking
set udp-timeout=10s
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface detect-internet
set detect-interface-list=all
/interface l2tp-server server
set enabled=yes use-ipsec=yes
/interface ovpn-server server
set auth=sha1,md5
/interface wireguard peers
add allowed-address=172.16.0.2/32 interface=wireguard1 name=DMT public-key=\
"cxdV134XlCMCbI1DewpbmgNQsQHVgnkuK0w+tO0eWR8="
/ip address
add address=10.0.0.2 interface=vrrp1 network=10.0.0.2
add address=10.0.0.3/8 interface="VUNG LAN" network=10.0.0.0
add address=127.2.41.46/30 interface=ether1 network=127.2.41.44
add address=172.16.0.1/24 interface=wireguard1 network=172.16.0.0
/ip cloud
set ddns-enabled=yes ddns-update-interval=5m
/ip dhcp-server network
add address=10.0.0.0/8 gateway=10.0.0.2
/ip dns
set servers=8.8.8.8,1.1.1.1
/ip firewall address-list
add address=10.0.0.0/8 list=CBT
add address=10.10.1.222 list=KhongCBT
add address=egw.baohiemxahoi.gov.vn list=BHXHVN
add address=gdbhyt.baohiemxahoi.gov.vn list=BHXHVN
add address=113.176.13.231 list=IPWANBV
add address=127.2.41.46 list=IPWANBV
add address=10.10.1.222 list=IPNATPORT
add address=myip.com list=BHXHVN
add address=myip.com list=Myip
add address=cloud.mikrotik.com list=Cloud
add address=cloud2.mikrotik.com list=Cloud
add address=mpki2.ca.gov.vn list="CUC CHUNG THU SO"
add address=ca.gov.vn list="CUC CHUNG THU SO"
/ip firewall filter
add action=accept chain=input dst-port=13231 protocol=udp
add action=accept chain=forward dst-address=10.0.0.0/8 src-address=\
172.16.0.0/24
add action=accept chain=forward dst-address=172.16.0.0/24 src-address=\
10.0.0.0/8
/ip firewall mangle
add action=accept chain=prerouting src-address-list=KhongCBT
add action=mark-routing chain=output dst-address-list=BHXHVN \
new-routing-mark="Ra WAN 2" passthrough=yes src-address-list=CBT
add action=mark-routing chain=output comment="Test my ip" dst-address-list=\
Myip new-routing-mark="Ra WAN 3" passthrough=yes
add action=mark-routing chain=output comment="Cloud mikrotik DDNS" \
dst-address-list=Cloud new-routing-mark="Ra WAN 3" passthrough=no
add action=accept chain=prerouting dst-address-list=CBT src-address-list=CBT
add action=mark-connection chain=input in-interface=ether1 \
new-connection-mark="Vao WAN 1" passthrough=yes
add action=mark-connection chain=input in-interface=VNPT new-connection-mark=\
"Vao WAN 2" passthrough=yes
add action=mark-connection chain=input in-interface=FPT new-connection-mark=\
"Vao WAN 3" passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local new-connection-mark=data_part1 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:10/0 src-address-list=\
CBT
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local new-connection-mark=data_part2 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:10/1 src-address-list=\
CBT
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local new-connection-mark=data_part3 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:10/2 src-address-list=\
CBT
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local new-connection-mark=data_part4 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:10/3 src-address-list=\
CBT
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local new-connection-mark=data_part5 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:10/4 src-address-list=\
CBT
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local new-connection-mark=data_part6 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:10/5 src-address-list=\
CBT
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local new-connection-mark=data_part7 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:10/6 src-address-list=\
CBT
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local new-connection-mark=data_part8 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:10/7 src-address-list=\
CBT
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local new-connection-mark=data_part9 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:10/8 src-address-list=\
CBT
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local new-connection-mark=data_part10 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:10/9 src-address-list=\
CBT
add action=mark-routing chain=prerouting connection-mark=data_part1 \
new-routing-mark="Ra WAN 1" passthrough=yes src-address-list=CBT
add action=mark-routing chain=prerouting connection-mark=data_part2 \
new-routing-mark="Ra WAN 1" passthrough=yes src-address-list=CBT
add action=mark-routing chain=prerouting connection-mark=data_part3 \
new-routing-mark="Ra WAN 2" passthrough=yes src-address-list=CBT
add action=mark-routing chain=prerouting connection-mark=data_part4 \
new-routing-mark="Ra WAN 2" passthrough=yes src-address-list=CBT
add action=mark-routing chain=prerouting connection-mark=data_part5 \
new-routing-mark="Ra WAN 2" passthrough=yes src-address-list=CBT
add action=mark-routing chain=prerouting connection-mark=data_part6 \
new-routing-mark="Ra WAN 3" passthrough=yes src-address-list=CBT
add action=mark-routing chain=prerouting connection-mark=data_part7 \
new-routing-mark="Ra WAN 3" passthrough=yes src-address-list=CBT
add action=mark-routing chain=prerouting connection-mark=data_part8 \
new-routing-mark="Ra WAN 3" passthrough=yes src-address-list=CBT
add action=mark-routing chain=prerouting connection-mark=data_part9 \
new-routing-mark="Ra WAN 3" passthrough=yes src-address-list=CBT
add action=mark-routing chain=prerouting connection-mark=data_part10 \
new-routing-mark="Ra WAN 3" passthrough=yes src-address-list=CBT
add action=mark-routing chain=output connection-mark="Vao WAN 1" \
new-routing-mark="Ra WAN 1" passthrough=yes
add action=mark-routing chain=output connection-mark="Vao WAN 2" \
new-routing-mark="Ra WAN 2" passthrough=yes
add action=mark-routing chain=output connection-mark="Vao WAN 3" \
new-routing-mark="Ra WAN 3" passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat comment=VIETEL out-interface=ether1
add action=masquerade chain=srcnat comment=VNPT out-interface=VNPT
add action=masquerade chain=srcnat comment=FPT out-interface=FPT
add action=masquerade chain=srcnat src-address=172.16.0.0/24
/ip ipsec profile
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
/ip route
add check-gateway=ping disabled=no dst-address=0.0.0.0/0 gateway=127.2.41.45
add check-gateway=ping disabled=no dst-address=0.0.0.0/0 gateway=ether1 \
routing-table="Ra WAN 1"
add check-gateway=ping disabled=no dst-address=0.0.0.0/0 gateway=VNPT \
routing-table="Ra WAN 2"
add check-gateway=ping disabled=no dst-address=0.0.0.0/0 gateway=FPT \
routing-table="Ra WAN 3"
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip smb shares
set [ find default=yes ] directory=/pub
/routing bfd configuration
add disabled=no interfaces=all min-rx=200ms min-tx=200ms multiplier=5
/snmp
set enabled=yes trap-version=2
/system clock
set time-zone-name=Asia/Bangkok
/system note
set show-at-login=no

Adblocker detected! Please consider reading this notice.

Hỏi/ Thắc mắc Lỗi Wireguard trên mikrotik

htclub

Gà con

Chủ đề tương tự

Bim Sponges

Moderator

htclub

Gà con

ĐANG THẢO LUẬN

ĐỪNG BÕ LỠ

Bài Viết Mới