Not sure, Perhaps it isn't choosing the wireguard interface's ip address for pinging for some reason. If very keen, you could do a packet sniff on the wireguard interface. Regards Roger From: Karl Auer <kauer@nullarbor.com.au> To: MikroTik Public <public@talk.mikrotik.com.au> Date sent: Mon, 16 Oct 2023 09:39:29 +1100 Organization: Nullarbor Consulting pty Ltd Subject: Re: [MT-AU Public] Mikrotik and Starlink Send reply to: kauer@nullarbor.com.au, MikroTik Australia Public List <public@talk.mikrotik.com.au> [ Double-click this line for list subscription options ] On Sun, 2023-10-15 at 14:55 +0000, Andrew Oakeley wrote:
I'd be inclined to set your allowed-address for the peers to 0.0.0.0/0
On Mon, 2023-10-16 at 09:10 +1100, Roger Plant wrote:
On the Server, You need to add 192.168.16.3 to the allowed addresses in the Client peer entry.
On the Client, You need to add 192.168.16.1 (or maybe .16.0/24 if there will be other peers attached to server in future) to the allowed addresses in the Server peer entry.
I had already tried what Roger suggested, and had added ",192.168.16.0/24" to the allowed-address on each end. It changed the error, but only on the client end, from the error 126 to a timeout. So I just now tried what Andrew suggested, and FMS it then worked; I could ping each Wireguard interface address from its "opposing" address on the link. But WHY?!? Why was it not enough to add just the Wireguard link subnet to each end's allowed-address list? Regards, K. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~ Karl Auer (kauer@nullarbor.com.au) work +61 2 64957435 http://www.nullarbor.com.au mobile +61 428 957160 _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au---------------------------- Roger Plant