Answer the question
In order to leave comments, you need to log in
How to configure Mikrotik to work with Wireguard?
Hello!
There is a VPS with Wireguard installed, what needs to be written in the config on the server and in Mikrotik so that all traffic goes through the tunnel and devices in the VPN network can "communicate" with each other?
On Mikrotik'e, the IP address is dynamic, the Internet goes through a modem, RouterOS 7.1beta4.
Answer the question
In order to leave comments, you need to log in
Great, since you have beta 7.1, we skip this moment right away.
So.
On the server, you configure everything exactly as usual - add a new peer to the wireguard configuration file.
Set up the connection on MikroTik according to one of the many instructions for setting up WG on MikroTik
As soon as the connection is established and the links are up, the interesting begins.
On the vps, packet forwarding from and to the wireguard interface should already be enabled (usually wg0) and packet forwarding at the kernel level is enabled (corresponding setting in the sysctl.conf file)
Now the Mikrotik settings:
configure a new NAT on the wireguard interface
in the firewall settings in the address list add the address of your local network (for example, LAN name, address 192.168.88.0/24)
In the same place in the firewall in the mangle you set up connection marking: prerouting - src. address list "LAN" - action "Mark Connetion" - New connection mark "bh-conn"
next, mark the routes for this connection: prerouting - connection mark "bh-conn" - src. address list "LAN" - action "mark routing" new routing mark "bh-rt"
Then go to ip - route, add a new static route with a big "price", let it be 100, choose gateway wireguard interface, route mark choose bh- rt
after all these manipulations, all traffic from your local network should go to the tunnel to vps
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question