From 2d03581b44f1f031aa0dec3f1e7cb62d9ccb7903 Mon Sep 17 00:00:00 2001 From: Kablersalat Date: Fri, 14 Mar 2025 16:43:49 +0100 Subject: pushing a stone up a hill because i forgot to set an ip on wireguard interface lol --- JOURNAL.md | 76 +++++++++++++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 68 insertions(+), 8 deletions(-) diff --git a/JOURNAL.md b/JOURNAL.md index 8792e4d..56de686 100644 --- a/JOURNAL.md +++ b/JOURNAL.md @@ -182,8 +182,6 @@ Detailed work : - New - Action : create dynamic enabled - Master Configuration : default-config -- Add new dynamic cap1 interface to bridge -(Same as above shown in first wifi configs on 2025-03-07) - Make the other VLANs show up through their respective wifi - Wireless -> CAPsMAN -> Datapaths - New @@ -200,11 +198,73 @@ Detailed work : - default-config - slave configurations : user-config, guest-config -unformatted gabble gooble that will be properly formated later i am too tiered : -sign into the ap and reboot it -enabled save channel selection to save time when ap reboots -aksi ebavke bridge management of vlans setting thingy -if the ssids dont show immediatly thats okay btw, the mAP lite is a tiny device and it does frequency scanning for all ssids which takes quiete a while. had to wait like 5-10 minutes until all were there consistently +## 2025-03-14 +Summary : +Spent alot of time figuring out why my site to site VPN wasnt working on my already present infra. +Then spent some time actually getting the -test if it works and stuff \ No newline at end of file +### Work done on MT RouterOS on hEX s board + + +- Created two new WireGuard interfaces + - Interfaces -> WireGuard + - New + - Name : wg-v6 + - Comment : reserved for future IPv6 testing + - New + - Name : wg-site-to-site + - Comment : site-to-site VPN interface + - Listen Port : 13331 + - Private Key : + - IP -> Addresses + - New + - Address : 10.99.99.4/24 + - Interface : wg-site-to-site +- Added wg-site-to-site interface to LAN interface list + - Interfaces -> Interface List + - New + - List : LAN + - Interface : wg-site-to-site +- Added Peer for Main Site VPN Gateway + - Interfaces -> WireGuard -> Peers + - New + - Interface : wg-site-to-site + - Public Key : + - Allowed Address : + - 10.99.99.1/32 + - 10.201.0.0/24 + - 10.201.1.0/24 + - Persistent Keepalive : 25 +- Added static routes to access main site VLANs + - IP -> Routes + - New + - Dst. Address : 10.0.0.0/8 + - Gateway : 10.99.99.1 + +### Work done on MT RouterOS on Main Site Router + + +- Added Peer for hEX S + - Interfaces -> WireGuard -> Peers + - New + - Interface : wg-site-to-site + - Public Key : + - Allowed Address : + - 10.99.99.4/32 + - 10.201.0.0/16 + - 10.33.0.0/16 + - 10.43.0.0/16 + - (Add additional allowed networks here if needed) + - Persistent Keepalive : 25 +- Added static route to access it + - IP -> Routes + - New + - Dst. Address : 10.201.0.0/16 + - Gateway : 10.99.99.4 + +- End of Lesson + - Goals next lesson : + - Finish IPv6 WG Tunnel + - Firewall rules to block Guest to other Nets finally + - (Optional, maybe later) Captive Portal for Guest wifi \ No newline at end of file -- cgit v1.2.3-70-g09d2