|
|
@@ -182,8 +182,6 @@ Detailed work :
|
|
|
- New
|
|
|
- Action : create dynamic enabled
|
|
|
- Master Configuration : default-config
|
|
|
-- Add new dynamic cap1 interface to bridge
|
|
|
-(Same as above shown in first wifi configs on 2025-03-07)
|
|
|
- Make the other VLANs show up through their respective wifi
|
|
|
- Wireless -> CAPsMAN -> Datapaths
|
|
|
- New
|
|
|
@@ -200,11 +198,73 @@ Detailed work :
|
|
|
- default-config
|
|
|
- slave configurations : user-config, guest-config
|
|
|
|
|
|
-unformatted gabble gooble that will be properly formated later i am too tiered :
|
|
|
|
|
|
-sign into the ap and reboot it
|
|
|
-enabled save channel selection to save time when ap reboots
|
|
|
-aksi ebavke bridge management of vlans setting thingy
|
|
|
-if the ssids dont show immediatly thats okay btw, the mAP lite is a tiny device and it does frequency scanning for all ssids which takes quiete a while. had to wait like 5-10 minutes until all were there consistently
|
|
|
+## 2025-03-14
|
|
|
+Summary :
|
|
|
+Spent alot of time figuring out why my site to site VPN wasnt working on my already present infra.
|
|
|
+Then spent some time actually getting the
|
|
|
|
|
|
-test if it works and stuff
|
|
|
+### Work done on MT RouterOS on hEX s board
|
|
|
+
|
|
|
+
|
|
|
+- Created two new WireGuard interfaces
|
|
|
+ - Interfaces -> WireGuard
|
|
|
+ - New
|
|
|
+ - Name : wg-v6
|
|
|
+ - Comment : reserved for future IPv6 testing
|
|
|
+ - New
|
|
|
+ - Name : wg-site-to-site
|
|
|
+ - Comment : site-to-site VPN interface
|
|
|
+ - Listen Port : 13331
|
|
|
+ - Private Key : <autogenerated>
|
|
|
+ - IP -> Addresses
|
|
|
+ - New
|
|
|
+ - Address : 10.99.99.4/24
|
|
|
+ - Interface : wg-site-to-site
|
|
|
+- Added wg-site-to-site interface to LAN interface list
|
|
|
+ - Interfaces -> Interface List
|
|
|
+ - New
|
|
|
+ - List : LAN
|
|
|
+ - Interface : wg-site-to-site
|
|
|
+- Added Peer for Main Site VPN Gateway
|
|
|
+ - Interfaces -> WireGuard -> Peers
|
|
|
+ - New
|
|
|
+ - Interface : wg-site-to-site
|
|
|
+ - Public Key : <public key of main sites interface>
|
|
|
+ - Allowed Address :
|
|
|
+ - 10.99.99.1/32
|
|
|
+ - 10.201.0.0/24
|
|
|
+ - 10.201.1.0/24
|
|
|
+ - Persistent Keepalive : 25
|
|
|
+- Added static routes to access main site VLANs
|
|
|
+ - IP -> Routes
|
|
|
+ - New
|
|
|
+ - Dst. Address : 10.0.0.0/8
|
|
|
+ - Gateway : 10.99.99.1
|
|
|
+
|
|
|
+### Work done on MT RouterOS on Main Site Router
|
|
|
+
|
|
|
+
|
|
|
+- Added Peer for hEX S
|
|
|
+ - Interfaces -> WireGuard -> Peers
|
|
|
+ - New
|
|
|
+ - Interface : wg-site-to-site
|
|
|
+ - Public Key : <public key of remote branch>
|
|
|
+ - Allowed Address :
|
|
|
+ - 10.99.99.4/32
|
|
|
+ - 10.201.0.0/16
|
|
|
+ - 10.33.0.0/16
|
|
|
+ - 10.43.0.0/16
|
|
|
+ - (Add additional allowed networks here if needed)
|
|
|
+ - Persistent Keepalive : 25
|
|
|
+- Added static route to access it
|
|
|
+ - IP -> Routes
|
|
|
+ - New
|
|
|
+ - Dst. Address : 10.201.0.0/16
|
|
|
+ - Gateway : 10.99.99.4
|
|
|
+
|
|
|
+- End of Lesson
|
|
|
+ - Goals next lesson :
|
|
|
+ - Finish IPv6 WG Tunnel
|
|
|
+ - Firewall rules to block Guest to other Nets finally
|
|
|
+ - (Optional, maybe later) Captive Portal for Guest wifi
|
Kablersalat