Differences

This shows you the differences between two versions of the page.

--- networking:router:mikrotik_vpn_wg [2023/07/02 10:31]
gcooper
+++ networking:router:mikrotik_vpn_wg [2023/07/10 10:36] (current)
gcooper
@@ Line 12: / Line 12: @@
 **Road Warrior HowTo**: https://forum.mikrotik.com/viewtopic.php?p=899406
+**Why WireGuard?**: https://restoreprivacy.com/vpn/wireguard-vs-openvpn/
+**Enable/Disable Peer by Comment**: https://techoverflow.net/2022/04/18/how-to-enable-disable-wireguard-peer-by-comment-on-mikrotik/
 <note tip>Note that **Windows workstations do not respond to pings by default**, but will if you temporarily disable the firewall.  Don't forget to turn it back on when you are done testing!</note>
@@ Line 26: / Line 30: @@
 <file>
-# perform the next two commands only once
+# perform the next three commands only once
+# allow wireguard connections to the router - move rule as needed
+/ip firewall filter add action=accept chain=input comment="Allow WireGuard VPN" dst-port=51820 \
+    protocol=udp place-before=4
 # add a wireguard interface - name is arbitrary - select UDP listen port not blocked by all ISPs
-# only add/create once
+/interface wireguard add comment="WireGuard VPN Endpoint" listen-port=51820 mtu=1420 name=wg0
-/interface wireguard add comment="VA - WireGuard VPN Endpoint" listen-port=51820 mtu=1420 name=wg0
 # set the address of the wireguard interface - the address is arbitrary
-# we use a /24 netmask to include all peers - name must match interface name above
+# we use a /24 netmask with peer wireguard interfaces to be assigned address in 172.16.2.0/24
-/ip address add address=172.16.2.1/24 comment="VA - Wireguard VPN Endpoint" interface=wg0 network=172.16.2.0
+# name must match interface name above
+/ip address add address=172.16.2.1/24 comment="Wireguard VPN Endpoint" interface=wg0 network=172.16.2.0
 # do the following for each remote site

Virtual Architects Support Wiki

User Tools

Site Tools

Differences

Page Tools