MikroTik WireGuard

RouterOS 7 WireGuard Server

Create WireGuard Interface

/interface/wireguard
add name=wg0 listen-port=51820 mtu=1420

Print the server’s public key:

/interface/wireguard print

Assign WireGuard IP

/ip/address
add address=10.0.0.1/24 interface=wg0

Add Client Peer

/interface/wireguard/peers
add interface=wg0 \
    public-key="CLIENT_PUBLIC_KEY_HERE" \
    allowed-address=10.0.0.2/32 \
    comment="Laptop"

Firewall — Allow WireGuard

/ip/firewall/filter
add chain=input action=accept protocol=udp dst-port=51820 comment="Allow WireGuard"
add chain=forward action=accept in-interface=wg0 comment="Forward from WireGuard"

Client Configuration

[Interface]
PrivateKey = CLIENT_PRIVATE_KEY
Address = 10.0.0.2/24
DNS = 1.1.1.1

[Peer]
PublicKey = SERVER_PUBLIC_KEY
Endpoint = YOUR_SERVER_IP:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25

Generate Client Keys (on Linux)

wg genkey | tee client_private.key | wg pubkey > client_public.key
cat client_private.key
cat client_public.key