laptopwiki:guides:networking:mikrotik:connecttwowithwireguard

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
laptopwiki:guides:networking:mikrotik:connecttwowithwireguard [31/03/2023 23:32] – removed - external edit (Unknown date) 127.0.0.1laptopwiki:guides:networking:mikrotik:connecttwowithwireguard [31/03/2023 23:38] (current) dustojnikhummer
Line 1: Line 1:
 +====== Connecting Two Mikrotiks with a Wireguard Tunnel ======
  
 +In this short guide I will show you how to connect two Mikrotiks running RouterOS 7 or higher with Wireguard VPN tunnel. \\
 +
 +Disclaimer: This is my personal setup that works for my homelab purposes. If you have any questions or suggestions/improvements, feel free to contact me on LaptopWiki Discord!
 +
 +===== Requirements =====
 +
 +  - Two Mikrotik Routers
 +  - RouterOS 7 or newer (with Wireguard support)
 +  - At least one side with a static public IP address with minimal port blocking
 +  - This guide assumes both are directly connected to the internet. It might be possible to do behind NAT with port forwarding but I haven't tried that myself.
 +  - Winbox connection to both Mikrotiks at the same time
 +
 +The following diagram is in Packet Tracer, but it is the easiest way to draw it. \\
 +{{:laptopwiki:guides:networking:mikrotik:wireguard:mikrotik_wgtunnel1.png?600|}}
 +
 +
 +  - Open Winbox on the left router.
 +  - Click Wireguard, Add a new Wireguard interface.
 +  - Give it a name and keep the listen port default (it should be 13231) and click OK. 
 +  - That will create your Wireguard interface. When you reopen the interface, there should be a public key and a private key. **We will need both**.
 +  - Now do the same thing on the right Mikrotik.
 +{{:laptopwiki:guides:networking:mikrotik:wireguard:mikrotik_wgtunnel2.png?600|}}
 +
 +Now that you have interfaces on both, we need to create their peers. \\
 +In this case, I only want access to my home network, I don’t want to route all of my traffic through there. \\
 +
 +  - We are on the Left Mikrotik again, the one with a public IP address
 +  - Go to Wireguard – Peers and create a new Peer
 +  - Interface – wireguard interface from previous step
 +  - Public Key – Public key from the other Mikrotik
 +  - Endpoint and Endpoint port will stay empty
 +  - Allowed Address – 172.16.0.0./30 (that is our connecting network between them) and 10.0.1.0/24 (that is the network of the Mikrotik on the right)
 +  - Next,
 +    - IP – Addresses and add 172.16.0.1/30 to the wireguard1 interface
 +    - IP – Routes – New
 +      - Dst. Address 10.0.1.0/24
 +      - Gateway 172.16.0.2
 +
 +  - Now repeat this on the right Mikrotik, but with a few exceptions
 +  - In the peer, Endpoint will either be IP address or a domain name/FQDN for your IP address, and Endpoint Port will be 13231
 +  - Allowed Address – 172.16.0.0/30 (that is our connecting network between them) and 10.0.0.0/24 (that is the network of the Mikrotik on the right)
 +  - Next,
 +    - IP – Routes – New
 +      - Dst. Address 10.0.0.0/24
 +      - Gateway 172.16.0.1
 +
 +And, I think that should be it. Try pinging on device on one network with another one.
 +Weirdly, my Mikrotiks themselves aren’t able to reach anything on the other network, not sure why here.
 +
 +
 +
 + --- //[[laptopwiki:staff:index|dustojnikhummer]] 31/03/2023 23:38//