WireGuard


WireGuard is a simple, fast, and modern VPN that utilizes state-of-the-art cryptography. Its aims to be a better choice than IPSEC or OpenVPN. MikroTik added WireGuard support starting in RouterOS version 7.1beta2. You can connect WireGuard to other MikroTik routers or pretty much any other platform out there includeing Windows and MacOS. The install clients for other platforms can be found here. Let’s take a look at a simple installation.

Step 1: In Router 1 (the one on the left) we’ll create the WireGuard Interface. All you have to do, is give it a name. It will auto generate the Public and Private Keys on it own.

Step 2: Repeat Step 1 for Router 2. In Router 2 (the one on the right) we’ll create the WireGuard Interface. All you have to do, is give it a name. It will auto generate the Public and Private Keys on it own.

Step 3: Set the Peers on Router 1

Step 4: Set the Peers on Router 2

Step 5: Add an address to the WireGuard interface on Router 1. (IP -> Address)

Step 6: Add an address to the WireGuard interface on Router 2. (IP -> Address)

Step 7: At the time of this writing, there is a bug in Winbox with the Endpoint Port. To set the Endpoint Port, you must configure it in the CLI on both sides as shown.

Finally, you will want to verify connectivity by pinging across from both sides. In this example, it will be the two 10.0.0.0/24 addresses that are assigned to the WireGuard interfaces that you will ping to.


Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

9 thoughts on “WireGuard