DropVPS Team
Writer: Cooper Reagan
setup wireguard on mikrotik
Table of Contents
What you will read?
WireGuard has gained immense popularity due to its simplicity, speed, and robust security features. If you’re looking to set up WireGuard on your MikroTik router, you’re in the right place. In this guide, we’ll walk you through the process step-by-step, ensuring that you can enjoy a secure and efficient VPN connection.
Prerequisites
Before diving into the setup, make sure you have the following:
- A MikroTik router running RouterOS version 7.1 or higher.
- Basic knowledge of MikroTik configuration.
- Access to your MikroTik router’s web interface or Winbox.
Step 1: Update Your RouterOS
First, ensure that your MikroTik router is running the latest version of RouterOS. You can do this by navigating to the System > Packages section in the web interface. If an update is available, download and install it.
Step 2: Enable WireGuard
-
Open the terminal in your MikroTik interface.
-
Use the following command to add a new WireGuard interface:
/interface/wireguard/add name=wg0 listen-port=51820 -
You can verify the creation of the interface by running:
/interface/wireguard/print
Step 3: Generate Keys
To secure your WireGuard connection, you’ll need to generate a public and private key pair.
-
Run the following commands in the terminal:
/interface/wireguard/key/generateThis will generate a new key pair. Note down both the private and public keys.
Step 4: Configure WireGuard Peers
Next, you’ll want to add peers to your WireGuard setup. A peer can be another WireGuard client or another router.
-
Add a peer using the command below. Replace
YOUR_PUBLIC_KEYwith the public key of the peer andYOUR_IP_ADDRESSwith the peer’s IP address:/interface/wireguard/peers/add interface=wg0 public-key="YOUR_PUBLIC_KEY" allowed-address="YOUR_IP_ADDRESS/32" -
You can add multiple peers by repeating the command with different keys and IP addresses.
Step 5: Assign an IP Address to the WireGuard Interface
Now, you need to assign an IP address to your WireGuard interface.
-
Use the following command to set an IP address:
/ip/address/add address=10.0.0.1/24 interface=wg0Adjust the IP address according to your network configuration.
Step 6: Configure Firewall Rules
To ensure that your WireGuard traffic is allowed through the firewall, you’ll need to add some rules.
-
Add an input rule for the WireGuard port:.
/ip/firewall/filter/add chain=input protocol=udp dst-port=51820 action=accept - Allow established and related connections:
/ip/firewall/filter/add chain=forward connection-state=established,related action=accept - Finally, allow traffic from your WireGuard network:
/ip/firewall/filter/add chain=forward src-address=10.0.0.0/24 action=accept
Step 7: Enable IP Forwarding
For the VPN to function properly, ensure that IP forwarding is enabled.
-
Run the following command:
/ip/settings/set ip-forward=yes
Step 8: Test Your Connection
After completing the configuration, it’s time to test your WireGuard setup. Connect a WireGuard client using the public key and endpoint information from your MikroTik router. Verify the connection and ensure that you can send and receive traffic through the VPN.
Setting up WireGuard on a MikroTik router is a simple process enabling greatly improved network protection. By adhering to the following directions, one can craft a dependable and streamlined VPN satisfying their requirements. Savor the novel seclusion and security WireGuard brings! Should additional instruction or recommendations be sought, dropvps.com holds further informative guides. Cheerful networking to all!
