setup wireguard on mikrotik

What you will read?

1 Prerequisites
2 Step 1: Update Your RouterOS
3 Step 2: Enable WireGuard
4 Step 3: Generate Keys
5 Step 4: Configure WireGuard Peers
6 Step 5: Assign an IP Address to the WireGuard Interface
7 Step 6: Configure Firewall Rules
8 Step 7: Enable IP Forwarding
9 Step 8: Test Your Connection

WireGuard has gained immense popularity due to its simplicity, speed, and robust security features. If you’re looking to set up WireGuard on your MikroTik router, you’re in the right place. In this guide, we’ll walk you through the process step-by-step, ensuring that you can enjoy a secure and efficient VPN connection.

Prerequisites

Before diving into the setup, make sure you have the following:

A MikroTik router running RouterOS version 7.1 or higher.
Basic knowledge of MikroTik configuration.
Access to your MikroTik router’s web interface or Winbox.

Step 1: Update Your RouterOS

First, ensure that your MikroTik router is running the latest version of RouterOS. You can do this by navigating to the System > Packages section in the web interface. If an update is available, download and install it.

Step 2: Enable WireGuard

Open the terminal in your MikroTik interface.
Use the following command to add a new WireGuard interface:
```
/interface/wireguard/add name=wg0 listen-port=51820
```
You can verify the creation of the interface by running:
```
/interface/wireguard/print
```

Step 3: Generate Keys

To secure your WireGuard connection, you’ll need to generate a public and private key pair.

Run the following commands in the terminal:
```
/interface/wireguard/key/generate
```
This will generate a new key pair. Note down both the private and public keys.

Step 4: Configure WireGuard Peers

Next, you’ll want to add peers to your WireGuard setup. A peer can be another WireGuard client or another router.

Add a peer using the command below. Replace YOUR_PUBLIC_KEY with the public key of the peer and YOUR_IP_ADDRESS with the peer’s IP address:
```
/interface/wireguard/peers/add interface=wg0 public-key="YOUR_PUBLIC_KEY" allowed-address="YOUR_IP_ADDRESS/32"
```
You can add multiple peers by repeating the command with different keys and IP addresses.

Step 5: Assign an IP Address to the WireGuard Interface

Now, you need to assign an IP address to your WireGuard interface.

Use the following command to set an IP address:
```
/ip/address/add address=10.0.0.1/24 interface=wg0
```
Adjust the IP address according to your network configuration.

Step 6: Configure Firewall Rules

To ensure that your WireGuard traffic is allowed through the firewall, you’ll need to add some rules.

Add an input rule for the WireGuard port:.

/ip/firewall/filter/add chain=input protocol=udp dst-port=51820 action=accept

Allow established and related connections:

/ip/firewall/filter/add chain=forward connection-state=established,related action=accept

Finally, allow traffic from your WireGuard network:

/ip/firewall/filter/add chain=forward src-address=10.0.0.0/24 action=accept

Step 7: Enable IP Forwarding

For the VPN to function properly, ensure that IP forwarding is enabled.

Run the following command:
```
/ip/settings/set ip-forward=yes
```

Step 8: Test Your Connection

After completing the configuration, it’s time to test your WireGuard setup. Connect a WireGuard client using the public key and endpoint information from your MikroTik router. Verify the connection and ensure that you can send and receive traffic through the VPN.

Setting up WireGuard on a MikroTik router is a simple process enabling greatly improved network protection. By adhering to the following directions, one can craft a dependable and streamlined VPN satisfying their requirements. Savor the novel seclusion and security WireGuard brings! Should additional instruction or recommendations be sought, dropvps.com holds further informative guides. Cheerful networking to all!