wiki:wireguard_mikrotik_setup
This is an old revision of the document!
Table of Contents
Wireguard mikrotik setup
/interface/wireguard add name=wireguard1 /ip/address add address=192.168.100.0/24 interface=wireguard1 /ip/firewall/filter add chain=input action=accept protocol=udp dst-port=13231
If you have a different local subnet for your devices, like 192.168.200.0/24, you need to allow traffic from the wireguard subnet to it.
/ip firewall address-list add address=192.168.200.0/24 list=local-net
/ip/firewall/filter add chain=forward action=accept src-address=192.168.100.0/24 dst-address-list=local-net log=no log-prefix=""
Add peer:
/interface wireguard peers add allowed-address=192.168.100.10/32 client-address=192.168.100.10/32 client-dns=192.168.200.1 endpoint-port=13231 interface=wireguard1 \name=wg-user1 private-key=auto
For allowed-address you can use the specific client ip (192.168.100.10/32) or allow all 0.0.0.0/0,::/0.
For client-dns you can use the router's IP if that is your DNS server or any public DNS server.
Then use client config to setup you client device (Android, PC etc.)
Tested on
- WireGuard for Android v1.0.20250531
- Mikrotik ax3 - RouterOS 7.19.4
See also
References
wiki/wireguard_mikrotik_setup.1764500384.txt.gz · Last modified: by antisa