Wireguard Road Warrior Setup, Ft. MikroTik

Показать описание

Hey guys, hope you are all doing well. Many people have asked me about "Road Warrior" configurations when it comes to Wireguard since I made my first video about it. So... Here it is :D! This video will show you why Wireguard is such an awesome protocol. Why bother signing up to a VPN service when you can create it for free yourself on your own MikroTik and experience fast and SECURE browsing. Awesome stuff!

❗Help the channel grow by subscribing if you aren't subscribed already! A like is also very appreciated and feel free to leave a comment about what you liked or disliked in the video and what else you would like to see from me :) 👊❗

Timestamps:
📕00:00 - Introduction
📕01:13 - Topology Overview
📕03:51 - Wireguard Server setup
📕07:34 - Wireguard Client (Windows)
📕12:14 - Wireguard Client (Ubuntu)
📕15:20 - Testing Wireguard

Support the Channel:

Social Media:

MTCRE Playlist:

MTCNA Playlist:

Thumbnail art:
Matt Ferguson - Mad Max

Thanks again for watching

Рекомендации по теме

Комментарии

Some reference material and useful links:

MikroTik Wireguard Docs:

Wireguard Docs:

Wireguard Ubuntu Setup:

TheNetworkBerg

IPSec road warrior sound like a awesome next video ! Thanks again for a great upload ! Have a good evening

geoffvandermerwe

An important thing to note is that if you want to reach out to hosts inside the subnet(s) that are connected to the wireguard server (the router) from your wireguard roadwarrior peers, you need to srcnat the range of your wireguard subnet on your router otherwise, the only thing you’re going to reach through the tunnel is the router itself and the internet. Since my main goal with the tunnel was reaching my remote desktops and services at home, this was key to a working setup.

The other very important step is to allow the wireguard udp port through your input chain early on so the connection can establish successfully.

andrisvereczki

Wow. On your video it works without add any firewall rule (e.g. masquerade) for access to LAN. It's really shocking. 👍

vokurka-net

absolutely the best MK WG manual. great job. thank you.

konikonradowski

thank you and i am your student . i did sstp , l2tp and wireguard VPN on my pc and mikrotik router as server . trust me the BW test i got on each test . wiregaurd is by far the best. without vpn speed is 80/80M, l2tp 11/4M, SSTP 6/13M and wiregaurd 27/21M. wow !!

mikkio

8:12 You can give the Clients also a /24 Address. MikroTik doesn't automatically setup routes for the AllowedIPs i think/know.

m-electronics

I found out what the problem was. I had a firewall NAT rule for my phone server for ports 2000-65000 UDP and this clashed with wireguard UDP 13231. So i changed wireguard to a port below 2000 and it works fine! Thanks!

lorcster

Hi! great video, big learning process! Could you make a WG setup with a firewall rules (no production setup is been done without the proper fw rules)? tx

zeljkomikrotik

Thanks for a good video.
Why so many loopback interfaces?

RickardUddenberg

Thank you for sharing knowlegde! Great and straight to the point :)
I'm wondering if you could make a video wireguard setup on a mikrotik - then connect ether1 to internal network - and then share that wireguard connection to port 2-5. Then several PCs, TV/netflix etc can share the vpn connection. Possible?

kilko

Covering third party vpn setup could be a useful video, sure to get lots of Juice it up by adding road warrior connection person A, using your main router internet as you have just demonstrated and road warrior connection person B, tunneling in and using the 3rdparty wireguard VPN tunnel (and not the main ISP internet).

Anavllama

did everything exactly as mentioned in the video... unfortunately could not get it to work anywhere.. not even on local network :(

johnsant

Thanks for the Video, Lovely I must say. Someday I want you to do some video on user manager for ISP set up to manage data volume for WISP. Using Mikrotik router as the core device

jamesugbojoide

Another good video. You should note that it would help to have control of alle the peer by adding a comment to them. No one knows what an IP is. You can use netwatch to monitor the stateless Wireguard.

lakromani

I'm interested in setting up an ultimate road-warrior, portable Access Point.

The goal is to have a mikrotik device, that I can travel with. That device should have several ways to connect to any internet uplink - of course, all of them by default disabled, and I'd enable whatever I have at my disposal - sometimes, I'd put a SIM card in, sometimes I'd connect to hotel WiFi and sometimes, I'd simply plug in an ethernet cable.

On the other side of this device, I'd have it spread 3 WiFi networks. One would allow me to reach internet directly + all my self-hosted services at home via a wireguard tunnel. The second WiFi would tunnel all traffic through wireguard tunnel. And the third, would only share the internet uplink (this WiFi I'd share with the friends I'm travelling with).

I'm thinking on what would be the best approach to achieve this. Any suggestions?

shalak

Thanks, the actual setup worked fine. But the setup video only makes Wireguard tunnel accessible from the local network. IMO, it defeats the purpose of road warrior setup. To make it accessible from the WAN. I had to add this firewall rule:

chain=input action=accept protocol=udp in-interface= <Your WAN Interface Name> dst-port= <Your Wireguard Port>

Add this rule and move it in number one place of your firewall rules. AFAIK, Wireguard has in-built protection against port-scanners, so you would be fine here. I tested with an online open port checker and my WG port was displayed as closed. Just for assurance don't use WG's default port.

P.S: If you'd like to access your Mikrotik's webfig and Winbox settings through Wireguard tunnel. Make sure to add this rule and put it under the 'Wireguard Port' rule:

chain=input action=accept protocol=tcp in-interface= <Your Wireguard Interface Name> dst-port=80, 8291

palwindersingh

The need for a adblocker on your browser is real! haha

Great little tutorial though! Need to setup and test mine too

Riekertvv

/32 for the peers, now it's working, thanks again!!!

tamasiferenc

Nice video thank you !
For quick and easy LAN access through the wireguard tunnel, if I'm correct, you can add the wireguard interface in the default "LAN" interface list.

LuLuXDCraft

Wireguard Road Warrior Setup, Ft. MikroTik

Wireguard Road Warrior Setup, Ft. MikroTik

WireGuard VPN Configuration in MikroTik RouterOS7 with Windows Client (Road Warrior Setup)

Wireguard setup with MikroTik and your smartphone

Mikrotik WireGuard RoadWarrior Windows 10

WireGuard on Mikrotik - it's the best

Ultimate MikroTik Wireguard Site-to-Site Guide

22T29 WireGuard RoadWarrior VPN [konfiguracja MikroTik]

Dynamic Routing with Wireguard, Optimize your MikroTik network!

Clientes RoadWarriors de WireGuard

[TUT] MikroTik - WireGuard VPN einrichten [4K | DE]

Road Warrior VPN Setup (3 Solutions!!)

Learn How to Use Wireguard VPN with Mikrotik and Windows

Mikrotik WireGuard QR Code (tools)

Configure Wireguard VPN between MikroTik RouterOS v7 and Microsoft Windows

Mikrotik Wireguard Server MultiPoint

How To Setup a WireGuard PtP Tunnel on Mikrotik

SETUP FREE CloudFlare WARP VPN on Mikrotik router using Wireguard Protocol and Smart Routing

Is this the FASTEST VPN protocol? How to setup WireGuard on Mikrotik and Android (easy)

MikroTik RouterOS 7 - WireGuard

Mikrotik WireGuard Site-to-Site

Wireguard στο Mikrotik || Site-To-Site VPN || Πως το ρυθμίζουμε στο RouterOS!

Set Up WireGuard on MikroTik for Secure Connections + Setup Wireguard on Android phones

WireGuard explained + BEST VPNs that support it | WireGuard VPN

OPNSense: WireGuard VPN Server Setup