Configuring WireGuard on a MikroTik router

Configuring WireGuard on a MikroTik router involves several steps. MikroTik introduced WireGuard support in RouterOS v7, so ensure your router is running this version or later. Here’s a step-by-step guide to set up WireGuard VPN on a MikroTik device:

Prerequisites

  1. MikroTik Router with RouterOS v7 or later.
  2. WinBox or web-based admin access to the MikroTik router.
  3. WireGuard client installed on your device (Windows, macOS, Linux, iOS, Android).

WireGuard Configuration on MikroTik

Step 1: Generate Keys

You will need to generate a public/private key pair for both the server (MikroTik) and each client.

On a Linux machine (or use a WireGuard client on any OS): 

wg genkey | tee server_private.key | wg pubkey > server_public.key


wg genkey | tee client_private.key | wg pubkey > client_public.key

Save these keys securely. You'll need to configure the MikroTik router with the server keys and provide the client keys to the device you want to connect.

Step 2: Configure WireGuard Interface on MikroTik

  1. Log in to your MikroTik router using WinBox or via the web interface.

  2. Add a WireGuard interface:

    • Go to Interfaces -> WireGuard.
    • Click on + to add a new WireGuard interface.
    • Set the Name (e.g., wg0).
    • Paste the server's private key (from server_private.key) into the Private Key field.
    • Assign an IP address to the WireGuard interface (e.g., 10.0.0.1/24).

  3. Set up IP address:

    • Go to IP -> Addresses.
    • Add a new address: 10.0.0.1/24 on the wg0 interface.

Step 3: Configure WireGuard Peers

  1. Add a Peer:

    • Go to Interfaces -> WireGuard Peers.
    • Click on + to add a new peer.
    • Enter the Public Key of the client device (from client_public.key).
    • Set the Allowed Address to the client's IP address in the VPN (e.g., 10.0.0.2/32).
    • Optionally, set the Persistent Keepalive to 25 seconds for mobile clients.

Step 4: Configure Firewall and NAT

  1. Allow WireGuard traffic:

    • Go to IP -> Firewall -> Filter Rules.
    • Add a rule to accept traffic on the WireGuard port (51820 by default).
    • Set Chain to inputProtocol to udpDst. Port to 51820, and Action to accept.

  2. Set up NAT:

    • Go to IP -> Firewall -> NAT.
    • Add a rule to masquerade outbound traffic:
      • Set Chain to srcnat.
      • Set Out. Interface to your WAN interface.
      • Set Action to masquerade.

Step 5: Client Configuration

On the client device, configure WireGuard with the following settings:

  1. Install WireGuard on your client device if not already installed.

  2. Client configuration file:

    Create a configuration file (e.g., client.conf) with the following content: 

    
      
    [Interface]
    
      
    PrivateKey = <client_private_key>
    
      
    Address = 10.0.0.2/32
    
      
    DNS = 8.8.8.8
    
      

    
      
    [Peer]
    
      
    PublicKey = <server_public_key>
    
      
    Endpoint = <mikrotik_public_ip>:51820
    
      
    AllowedIPs = 0.0.0.0/0
    
      
    PersistentKeepalive = 25

    Replace <client_private_key> and <server_public_key> with the appropriate keys, and <mikrotik_public_ip> with your router’s public IP address or domain name.

    1. Connect to the VPN:

      • Import the configuration file into the WireGuard client and connect.

    Testing the Configuration

    1. Check the connection from the client device to ensure the VPN is working.

    2. Verify the peer status on MikroTik:

      • In WinBox, go to Interfaces -> WireGuard.
      • Select the interface and check the Latest Handshake and Rx/Tx data to verify connectivity.

    Conclusion

    WireGuard is a powerful and efficient VPN solution that’s now supported by MikroTik routers. By following these steps, you can configure a secure and fast VPN connection for your home or office network. Remember to regularly update your RouterOS to benefit from the latest features and security patches.

Comments

Post a Comment

Popular posts from this blog

A secure and cost-effective SOHO (home office) network design.

Image
Setting up a MikroTik router in a Small Office/Home Office (SOHO) environment can be quite beneficial due to MikroTik's feature-rich capabilities and flexibility. Here's a general guide to setting up a MikroTik router in a SOHO environment: In this project I would like to share a comprehensive guide to setting up a home network. You can build this secure network easily and on a budget. Here is a network diagram that I will follow, I think every small home office usually has these requirements. There is a lot of information in this diagram, but don't worry, I will walk you through it all step by step. If you want to save yourself the headache and time, you can contact me to help you build this network, otherwise you can follow me and hope it will be useful to you. Initial example Setup : Connect your MikroTik router to your modem using an Ethernet cable. Connect your computer to one of the LAN ports on the MikroTik router. Access the MikroTik router's web interface using...
Read more

One of the best tool for designing, deploying, and optimizing Wi-Fi networks across various industries

Image
Ekahau's applications are widely used across various industries to design, deploy, and optimize Wi-Fi networks. Below are some of the key applications and use cases for Ekahau tools: 1. Enterprise Wi-Fi Office Buildings : Ekahau tools help design robust Wi-Fi networks that support high-density environments with seamless coverage and capacity for voice, video, and data applications. Remote Work Support : Ekahau can assist in optimizing home networks for remote employees, ensuring reliable connectivity for work-from-home scenarios. 2. Healthcare Hospitals and Clinics : Ekahau solutions ensure reliable Wi-Fi coverage for critical healthcare applications, including electronic health records (EHR), medical devices, and patient monitoring systems. Asset Tracking : Ekahau's real-time location services (RTLS) can be used for tracking medical equipment, staff, and patients within healthcare facilities. 3. Education Schools and Universities : Ekahau tools are used to design and manage ca...
Read more