Shuvodip's Networking Warehouse: WireGuard VPN with MikroTik

Finally, MikroTik started supporting WireGuard in development channel RouterOS version 7.1beta2. WireGuard is now mostly using rather than any VPN (Virtual Private Network) for Performance and speed, Easy configuration, cross-platform use and Security.

The VPN client of WireGuard is available for almost every cross Platform.

Download Link: https://www.wireguard.com/install/

WireGuard® is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it is now cross-platform (Windows, macOS, BSD, iOS, Android) and widely deployable. It is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and simplest VPN solution in the industry.

Why WireGuard?

# Simple & Easy-to-use

# Cryptographically Sound

# Minimal Attack Surface

# High Performance

# Well Defined & Thoroughly Considered

# Most Significantly Fast

Read Comparison of VPN protocols to know more. in here.

As a fact, users request was to MikroTik support for WireGaurd. MikroTik showed respect to the users request and it is now in development phase and hopefully soon it will also be released as Stable for production.

Configure WireGaurd in MikroTik

We will configure as Dial-UP or RAVPN VPN but WireGaurd for sure can be used as Site to Site VPN also. For this configuration, we need a MikroTik Router which is already configured with RouterOS version 7.1beta2 for WAN. That means...

• External IP/ WAN Public IP is configured.

• Default Route is configured.

• DNS configured.

• RouterOS upgraded to at least RouterOS version 7.1beta2.

Now at first, we will create WireGaurd Interface. To do it in MikroTik through Winbox.

Wiregaurd>Wiregaurd>Add

We will change the default Listen Port: 13231 to 54321. It may also be run with default port but it is a good practice. Then,

Apply>OK

Private & Public Key will be automatically generated.

Now, we will assign address for WireGaurd Interface.

IP>Addresses>Add

For our configuration we add 192.168.0.1/24. From this block Dial-UP or RAVPN client will get IP Address.

We also need to NAT this Private IP Block over Public IP. Thus, we will receive Internet after VPN connected.

IP>Firwall>NAT>Add

Thus, our WireGaurd VPN server in MikroTik configuration is complete.

To add client, we will configure client at first. For this, we will use Windows Platform as client. More client configuration is available in WireGaurd Website.

We already download the Windows client software installer from the link and installed it. Now, it is time to open it.

Now Add Tunnel>Add empty tunnel or Ctrl+N

Create New Tunnel TAB will be open with Auto Generated Public & Private Key.

Now need to Open a “Note PAD” and copy-paste Interface and Private Key value. Thus, we will be able to configure the Interface and PEER for the client.

PEER Public Key is the WireGaurd Interface Public Key and Endpoint is the WAN IP and Listen Port of WirGaurd-MikroTik. Interface Address is 192.168.0.2/24 as we used in MikroTik 192.168.0.1/24 already and for DNS using Google Global DNS. You are also inspired to use your ISP DNS.

After give save, Client part will be done. Now need to configure MikroTik Peer. All we need information from client interface Public Key. Let’s copy it and go back to MikroTik.