Mikrotik
      Back to home
      1. Help Center
      2. VPN
      3. Mikrotik

      WireGuard Installation on Router

      This article will help you learn how to install and configure WireGuard on a router, using the MikroTik router as an example.

       The configuration of WireGuard consists of two stages:

      1. WireGuard component installation.
      2. The configuration file uploading to the MikroTik router settings.
        4
        2

      Download the .conf configuration file from the provided link: http://server_IP:port/xxxxxxxxxx/, you have received this link via email after activating the service.

      You can also find VPN access information in your client area.

      1. In your client area, find the VPN Servers tab.

      2. Click Manage.
        10_

      3. In the Access section, find the WireGuard settings.
        11_

      4. Download access information there.
        12_-1

      WireGuard Component Installation on Router

      To install WireGuard on MikroTik router, follow the steps:

      1. Open the MikroTik configuration panel (command line) and enter:

        ssh user@192.168.88.1
      2. To create a new WireGuard interface, enter the following text in a command line and press Enter:
        /interface wireguard

        add listen-port=13231 mtu=1420 name=wireguard-inet private-key=”your private key”
      3.  Add an IP address to the interface you just created:  
        /IP-адрес 

        add address=10.2.0.2/30 interface=wireguard-inet network=10.2.0.0

      Configuration File Uploading to MikroTik Router Settings

      1. Add a WireGuard server as a peer:

        1. Add the endpoint address and endpoint port from the WireGuard config file (Endpoint=). If the config says Endpoint=103.107.197.2:51820, enter endpoint-address=103.107.197.2 and endpoint-port=51820.

        2. Add the public key from the WireGuard config file (PublicKey=).

          /interface wireguard peers

          add allowed-address=0.0.0.0/0 endpoint-address=x.x.x.x endpoint-port=xxxxx interface=wireguard-inet persistent-keepalive=25s public-key="your public key"
      2. Enable masquerade for that interface.

        This setup assumes that you are using the default local network address used by MikroTik. If you have changed this, use that address for scr-address=. 

        /ip firewall nat 

        add action=masquerade chain=srcnat out-interface=wireguard-inet src-address=192.168.88.0/24
      3. Redirect all internet traffic through WireGuard:
        /ip route

        add disabled=no distance=1 dst-address=0.0.0.0/1 gateway=10.2.0.1 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10

        add disabled=no distance=1 dst-address=128.0.0.0/1 gateway=10.2.0.1 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
      4. Configure DNS settings:
        /ip dns 

        set server=10.2.0.1 

        /ip dhcp-client 

        set 0 use-peer-dns=no
      5. To redirect the WireGuard IP address through main provider’s gateway, replace x.x.x.x with the endpoint address from the config file (Endpoint=):
        /ip route

        add disabled=no dst-address=x.x.x.x/32 gateway=[/ip dhcp-client get [find interface=ether1] gateway] routing-table=main suppress-hw-offload=no
      6. Restart your router.

      If you have any questions, you can ask them in the online chat in the lower right corner of the site or by ticketing the Techsupport Department.

      To order the Personal VPN and Socks5 Proxy service, please proceed with the order.