At the Mikrotik i tried several ways of routing and setup but in every try i had the connection and i got internet access BUT problems with the upload thing (mabe is something else and i see it in the upload)
I have read also other topics that has the same issue with the wireguard but i havent underestand how they fixed or if they fixed it at all.
My setup is supposed to be eth1 and eth2 as WAN port and eth2 to be as failover so i was curius if it would be an issue of that but i even tried with just the basic config from mikrotik and just add the Wireguard but still the same issue. im sending 2 of my lots of tries i did and could not manage to stabilise it.
CONFIG 1 SINGLE WAN
CONFIG 2 DUAL WAN FAILOVER# 2024-04-07 23:09:08 by RouterOS 7.14.2
# software id = M8KE-V5ID
#
# model = RB750Gr3
# serial number = HD********2AS
/interface bridge
add admin-mac=18:FD:74:8C:28:66 auto-mac=no comment=defconf name=bridge
/interface wireguard
add listen-port=13231 mtu=1420 name=wireguard1
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp interface=bridge name=defconf
/routing table
add disabled=no fib name=via-WG1
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/interface wireguard peers
add allowed-address=0.0.0.0/0 endpoint-address=5.172.1**.95 endpoint-port=\
13231 interface=wireguard1 persistent-keepalive=25s public-key=\
"ySD/xFuT****************************S4xyT6wE="
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
192.168.88.0
add address=192.168.32.50 interface=wireguard1 network=192.168.32.0
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=1.1.1.1 gateway=\
192.168.88.1
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,192.168.32.1
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall mangle
add action=change-mss chain=forward new-mss=clamp-to-pmtu out-interface=\
wireguard1 passthrough=yes protocol=tcp tcp-flags=syn
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat out-interface=wireguard1
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=wireguard1 routing-table=\
via-WG1 suppress-hw-offload=no
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" \
dst-port=33434-33534 protocol=udp
add action=accept chain=input comment=\
"defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=input comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
"defconf: drop everything else not coming from LAN" in-interface-list=\
!LAN
add action=accept chain=forward comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment=\
"defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=\
500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=forward comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
"defconf: drop everything else not coming from LAN" in-interface-list=\
!LAN
/routing rule
add action=lookup disabled=no src-address=192.168.88.0/24 table=via-WG1
/system clock
set time-zone-name=Europe/Athens
/system note
set show-at-login=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
# 2024-04-02 23:02:52 by RouterOS 7.14.2
# software id = M8KE-V5ID
#
# model = RB750Gr3
# serial number = HD2*****AS
/interface bridge
add name=Bridge-LAN
/interface ethernet
set [ find default-name=ether1 ] name=WAN1
set [ find default-name=ether2 ] name=WAN2
/interface wireguard
add listen-port=13231 mtu=1420 name=wireguard1
/interface list
add name=WAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip pool
add name=dhcp_pool0 ranges=192.168.13.100-192.168.13.254
add name=dhcp_pool1 ranges=192.168.14.200-192.168.14.205
/ip dhcp-server
add address-pool=dhcp_pool0 interface=Bridge-LAN lease-time=1d name=dhcp1
add address-pool=dhcp_pool1 interface=ether5 lease-time=6d name=dhcp2
/routing table
add disabled=no fib name=via-WG1
/interface bridge port
add bridge=Bridge-LAN interface=ether3
add bridge=Bridge-LAN interface=ether4
/interface list member
add interface=WAN1 list=WAN
add interface=WAN2 list=WAN
/interface wireguard peers
add allowed-address=0.0.0.0/0 endpoint-address=5.172.1**.95 endpoint-port=\
13231 interface=wireguard1 persistent-keepalive=25s public-key=\
"ySD/xFuTQ0+********************S4xyT6wE="
/ip address
add address=192.168.13.1/24 interface=Bridge-LAN network=192.168.13.0
add address=192.168.1.99/24 interface=WAN1 network=192.168.1.0
add address=192.168.2.98/24 interface=WAN2 network=192.168.2.0
add address=192.168.32.50 interface=wireguard1 network=192.168.32.0
add address=192.168.14.1/24 interface=ether5 network=192.168.14.0
/ip dhcp-client
add disabled=yes interface=WAN1
add disabled=yes interface=WAN2
/ip dhcp-server network
add address=192.168.13.0/24 dns-server=192.168.13.1 gateway=192.168.13.1
add address=192.168.14.0/24 gateway=192.168.14.1
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,192.168.32.1
/ip firewall mangle
add action=change-mss chain=forward disabled=yes new-mss=clamp-to-pmtu \
out-interface=wireguard1 passthrough=yes protocol=tcp tcp-flags=syn
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
add action=masquerade chain=srcnat out-interface=wireguard1
/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
192.168.1.1 pref-src="" routing-table=main scope=30 suppress-hw-offload=\
no target-scope=10
add disabled=no distance=5 dst-address=0.0.0.0/0 gateway=192.168.2.1 \
pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
target-scope=10
add disabled=no dst-address=0.0.0.0/0 gateway=wireguard1 routing-table=\
via-WG1 suppress-hw-offload=no
/routing rule
add action=lookup-only-in-table disabled=yes src-address=192.168.13.0/24 \
table=main
add action=lookup disabled=no src-address=192.168.13.0/24 table=via-WG1
/system clock
set time-zone-name=Europe/Athens
/system note
set show-at-login=no