Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
laptopwiki:guides:networking:mikrotik:connecttwowithwireguard [31/03/2023 23:32] – removed - external edit (Unknown date) 127.0.0.1 | laptopwiki:guides:networking:mikrotik:connecttwowithwireguard [31/03/2023 23:38] (current) – dustojnikhummer | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Connecting Two Mikrotiks with a Wireguard Tunnel ====== | ||
+ | In this short guide I will show you how to connect two Mikrotiks running RouterOS 7 or higher with Wireguard VPN tunnel. \\ | ||
+ | |||
+ | Disclaimer: This is my personal setup that works for my homelab purposes. If you have any questions or suggestions/ | ||
+ | |||
+ | ===== Requirements ===== | ||
+ | |||
+ | - Two Mikrotik Routers | ||
+ | - RouterOS 7 or newer (with Wireguard support) | ||
+ | - At least one side with a static public IP address with minimal port blocking | ||
+ | - This guide assumes both are directly connected to the internet. It might be possible to do behind NAT with port forwarding but I haven' | ||
+ | - Winbox connection to both Mikrotiks at the same time | ||
+ | |||
+ | The following diagram is in Packet Tracer, but it is the easiest way to draw it. \\ | ||
+ | {{: | ||
+ | |||
+ | |||
+ | - Open Winbox on the left router. | ||
+ | - Click Wireguard, Add a new Wireguard interface. | ||
+ | - Give it a name and keep the listen port default (it should be 13231) and click OK. | ||
+ | - That will create your Wireguard interface. When you reopen the interface, there should be a public key and a private key. **We will need both**. | ||
+ | - Now do the same thing on the right Mikrotik. | ||
+ | {{: | ||
+ | |||
+ | Now that you have interfaces on both, we need to create their peers. \\ | ||
+ | In this case, I only want access to my home network, I don’t want to route all of my traffic through there. \\ | ||
+ | |||
+ | - We are on the Left Mikrotik again, the one with a public IP address | ||
+ | - Go to Wireguard – Peers and create a new Peer | ||
+ | - Interface – wireguard interface from previous step | ||
+ | - Public Key – Public key from the other Mikrotik | ||
+ | - Endpoint and Endpoint port will stay empty | ||
+ | - Allowed Address – 172.16.0.0./ | ||
+ | - Next, | ||
+ | - IP – Addresses and add 172.16.0.1/ | ||
+ | - IP – Routes – New | ||
+ | - Dst. Address 10.0.1.0/24 | ||
+ | - Gateway 172.16.0.2 | ||
+ | |||
+ | - Now repeat this on the right Mikrotik, but with a few exceptions | ||
+ | - In the peer, Endpoint will either be IP address or a domain name/FQDN for your IP address, and Endpoint Port will be 13231 | ||
+ | - Allowed Address – 172.16.0.0/ | ||
+ | - Next, | ||
+ | - IP – Routes – New | ||
+ | - Dst. Address 10.0.0.0/24 | ||
+ | - Gateway 172.16.0.1 | ||
+ | |||
+ | And, I think that should be it. Try pinging on device on one network with another one. | ||
+ | Weirdly, my Mikrotiks themselves aren’t able to reach anything on the other network, not sure why here. | ||
+ | |||
+ | |||
+ | |||
+ | --- // |