In this short guide I will show you how to connect two Mikrotiks running RouterOS 7 or higher with Wireguard VPN.
Before we start, there are some requirements. At least one side needs to have a static public IP address.
Both Mikrotiks need to be running RouterOS 7 or newer. In my case, that is two hAP AC2.
The following diagram is in Packet Tracer, but it is the easiest way to draw it.
I also highly recommend you connect to both Mikrotiks at the same time
Open Winbox on the left routers.
Click Wireguard, Add a new Wireguard interface.
Give it a name and keep the listen port default (it should be 13231) and click OK. That will create your Wireguard interface. When you reopen the interface, there should be a public key and a private key. We will need both.
Now do the same thing on the right Mikrotik.
Now that you have interfaces on both, we need to create their peers.
In this case, I only want access to my home network, I don’t want to route all of my traffic through there.
We are on the Left Mikrotik again, the one with a public IP address
Go to Wireguard – Peers and create a new Peer
Interface – wireguard interface from previous step
Public Key – Public key from the other Mikrotik
Endpoint and Endpoint port will stay empty
Allowed Address – 172.16.0.0./30 (that is our connecting network between them) and 10.0.1.0/24 (that is the network of the Mikrotik on the right)
IP – Addresses and add 172.16.0.1/30 to the wireguard1 interface
IP – Routes – New
Dst. Address 10.0.1.0/24
Now repeat this on the right Mikrotik, but with a few exceptions
In the peer, Endpoint will either be IP address or a domain for your IP address, and Endpoint Port will be 13231
Allowed Address – 172.16.0.0/30 (that is our connecting network between them) and 10.0.0.0/24 (that is the network of the Mikrotik on the right)
IP – Routes – New
Dst. Address 10.0.0.0/24
And, I think that should be it. Try pinging on device on one network with another one.
Weirdly, my Mikrotiks themselves aren’t able to reach anything on the other network, not sure why here.