Make a WireGuard vpn server in mikrotik

Make a WireGuard vpn server in mikrotik

   MikroTik Networking basics    2020  |  0
#Here you make wireguard vpn server in mikrotik ver7.xx
/interface wireguard
add listen-port=13250 mtu=1420 name=wireguard1

#Here you make a ip subnet for wireguard interface
/ip address
add address=192.168.171.1/24 interface=wireguard1 network=192.168.171.0

#If you have default or strict firewall configured, you need to allow remote device to establish the WireGuard connection to your device.
/ip firewall filter
add action=accept chain=input comment="allow WireGuard" dst-port=13250 protocol=udp place-before=1

#To allow remote devices to connect to the RouterOS services (e.g. request DNS), allow the WireGuard subnet in input chain.
/ip firewall filter
add action=accept chain=input comment="allow WireGuard traffic" src-address=192.168.171.0/24 place-before=1

Make a WireGuard client (peer) in mikrotik

#Here you make a wireguard client in wireguard mikrotik server (a second client change ip and name)
/interface wireguard peers
add allowed-address=192.168.171.12/32 client-dns=8.8.8.8 interface=wireguard1 \
    name=WifiNL2 private-key="auto" \
    public-key=""

Check what public-key is WireGuard server

/interface wireguard print

# this is what you see in print
[admin@MikroTik_Wifinederland_testlab] > /interface wireguard print
Flags: X - disabled; R - running 
 0  R name="wireguard1" mtu=1420 listen-port=13250 
      private-key="WBwddSrfake_key_not real2WSw2o=" 
      public-key="WPkk7twx7Fake_key_not_realgBTMR148r3qw67ckWM=" 
[admin@MikroTik_Wifinederland_testlab] >

Print peer client config to set in windows pc

#check client config for in windows.
/interface/wireguard/peers>print
You see like this:

# INTERFACE   PUBLIC-KEY                                    ENDPOINT-PORT  ALLOWED-ADDRESS  
0 wireguard1  B9S+FQjVl8xSbIzEfake_key_yehjgCbooQN0XI8wwlpC0=              0  192.168.171.12/32

#Now do this
/interface/wireguard/peers/show-client-config
#enter interface number
number: 0

#and you see this , You can use it for client pc

[Interface]
    ListenPort = 13250 <--(this line you can delete)
    PrivateKey = aOcGMQ3iZnot_real_keypYRzQiYMGs=
    Address = 192.168.171.12/32
    DNS = 8.8.8.8
    
    [Peer]
    PublicKey = WPkk7twx7Fake_key_not_realgBTMR148r3qw67ckWM=
    AllowedIPs = 0.0.0.0/0, 192.168.17.1/24
    Endpoint = public ip:13250

 

Schrijf je in voor de nieuwsbrief

Links

  • MikroTik scripts
  • Wat is mijn IP
  • Speedtest
  • IP subnet
  • Waar ligt glasvezel?

    • Contact

    WifiNederland
    info@wifinederland.nl
    Tel: 085-7602711
    KvK: 76802671
    Btw: NL003137656B03

    © 2025 WifiNederland.