/interface/wireguard add name=wireguard1 /ip/address add address=192.168.100.0/24 interface=wireguard1 /ip/firewall/filter add chain=input action=accept protocol=udp dst-port=13231
If you have a different local subnet for your devices, like 192.168.200.0/24, you need to allow traffic from the wireguard subnet to it.
/ip firewall address-list add address=192.168.200.0/24 list=local-net
/ip/firewall/filter add chain=forward action=accept src-address=192.168.100.0/24 dst-address-list=local-net log=no log-prefix=""
Add peer:
/interface wireguard peers add allowed-address=192.168.100.10/32 client-address=192.168.100.10/32 client-dns=192.168.200.1 endpoint-port=13231 interface=wireguard1 \name=wg-user1 private-key=auto
For allowed-address you can use the specific client ip (192.168.100.10/32) or allow all 0.0.0.0/0,::/0.
For client-dns you can use the router's IP if that is your DNS server or any public DNS server.
Then use client config to setup you client device (Android, PC etc.)
| 2021/05/01 12:31 | |
| 2021/06/02 10:15 | |
| 2025/07/09 18:04 | |
| 2025/08/24 09:36 | |
| 2021/05/14 14:16 | |
| 2021/02/04 10:18 | |
| 2025/02/15 20:55 | |
| 2021/05/14 14:20 | |
| 2025/06/24 15:51 | |
| 2025/11/30 10:59 |