{{tag>vpn wireguard mikrotik}}

====== Wireguard mikrotik setup ======

  /interface/wireguard add name=wireguard1
  /ip/address add address=192.168.100.0/24 interface=wireguard1
  /ip/firewall/filter add chain=input action=accept protocol=udp dst-port=13231

If you have a different local subnet for your devices, like 192.168.200.0/24, you need to allow traffic from the wireguard subnet to it.

  /ip firewall address-list add address=192.168.200.0/24 list=local-net

  /ip/firewall/filter add chain=forward action=accept src-address=192.168.100.0/24 dst-address-list=local-net log=no log-prefix=""
  
Add peer:

  /interface wireguard peers add allowed-address=192.168.100.10/32 client-address=192.168.100.10/32 client-dns=192.168.200.1 endpoint-port=13231 interface=wireguard1 \name=wg-user1 private-key=auto

For ''allowed-address'' you can use the specific client ip (''192.168.100.10/32'') or allow all ''0.0.0.0/0,::/0''.

For ''client-dns'' you can use the router's IP if that is your DNS server or any public DNS server.

Then use client config to setup you client device (Android, PC etc.) 

====== Tested on ======
  * WireGuard for Android v1.0.20250531
  * Mikrotik ax3 - RouterOS 7.19.4

====== See also ======
{{topic>wiki?mikrotik}}


====== References ======
  * https://web.archive.org/web/20251130101616/https://mikrotikmasters.com/setting-up-wireguard-on-mikrotik-a-comprehensive-guide/