Hey guys, hope you are all doing well. Many people have asked me about “Road Warrior” configurations when it comes to Wireguard since I made my first video about it. So… Here it is :D! This video will show you why Wireguard is such an awesome protocol. Why bother signing up to a VPN service when you can create it for free yourself on your own MikroTik and experience fast and SECURE browsing. Awesome stuff!
❗Help the channel grow by subscribing if you aren’t subscribed already! A like is also very appreciated and feel free to leave a comment about what you liked or disliked in the video and what else you would like to see from me 🙂 👊❗
Timestamps:
📕00:00 – Introduction
📕01:13 – Topology Overview
📕03:51 – Wireguard Server setup
📕07:34 – Wireguard Client (Windows)
📕12:14 – Wireguard Client (Ubuntu)
📕15:20 – Testing Wireguard
Support the Channel:
⭐Become a Patreon: https://www.patreon.com/thenetworkberg
⭐Become a YouTube Member: https://www.youtube.com/channel/UCIHIxCpBGe64YHLUM59zy_Q/join
Social Media:
🌏 https://www.linkedin.com/company/thenetworkberg
🌏 https://twitter.com/bergnetwork
🌏 https://www.facebook.com/The-Network-Berg-394513498062892/
MTCRE Playlist:
MTCNA Playlist:
Thumbnail art:
Matt Ferguson – Mad Max
Tweets by Cakes_Comics
Thanks again for watching
Some reference material and useful links:
MikroTik Wireguard Docs:
https://help.mikrotik.com/docs/display/ROS/WireGuard
Wireguard Docs:
https://www.wireguard.com/papers/wireguard.pdf
Wireguard Ubuntu Setup:
https://www.thomas-krenn.com/en/wiki/Ubuntu_Desktop_as_WireGuard_VPN_client_configuration
did everything exactly as mentioned in the video… unfortunately could not get it to work anywhere.. not even on local network 🙁
absolutely the best MK WG manual. great job. thank you.
/32 for the peers, now it's working, thanks again!!!
Hi! great video, big learning process! Could you make a WG setup with a firewall rules (no production setup is been done without the proper fw rules)? tx
Quick question I am able to connect with an android device to my router with Wireguard, I have the available addresses set to 0.0.0.0/0 on the android and can access the internet through the WG connection and other IP's on the network that my MT is connected to but cant access the mikrotik or anything on the local network of the MT itself. Checked all firewall rules and nothing there blocking input from WG ip's any ideas?
Wow. On your video it works without add any firewall rule (e.g. masquerade) for access to LAN. It's really shocking. 👍
hello i have wireguard site to site How do I get a public IP address from Site B to Site A?
thanks
From client device hdandshake not working. Public key at both end are okay. What could be problem?
Quick update it's no longer 'public.key' it's just publickey
I would be most grateful if someone would kindly explain the /24 /32 masks in more detail. I think I understand why this is, but not really. Why does /24 on the warriors break the setup? How exactly does it break it? Thanks in advance 🙂
8:12 You can give the Clients also a /24 Address. MikroTik doesn't automatically setup routes for the AllowedIPs i think/know.
Thanks!
3 weeks ago I was using L2TP and PPTP. After watching your video I set up Wireguard and have installed and configured in many Mobiles and Windows PCs. I have been using it for 3 weeks and I am not satisfied. I noticed that the speed is less than what I had. So I decided not to use it anymore.
I'm interested in setting up an ultimate road-warrior, portable Access Point.
The goal is to have a mikrotik device, that I can travel with. That device should have several ways to connect to any internet uplink – of course, all of them by default disabled, and I'd enable whatever I have at my disposal – sometimes, I'd put a SIM card in, sometimes I'd connect to hotel WiFi and sometimes, I'd simply plug in an ethernet cable.
On the other side of this device, I'd have it spread 3 WiFi networks. One would allow me to reach internet directly + all my self-hosted services at home via a wireguard tunnel. The second WiFi would tunnel all traffic through wireguard tunnel. And the third, would only share the internet uplink (this WiFi I'd share with the friends I'm travelling with).
I'm thinking on what would be the best approach to achieve this. Any suggestions?
Can we do a IPsec or wireguard setup same as NordVPN to only push certain devices (Apple TV) over the VPN to bypass restricted content. Maybe with a hosted ROS in linode? Using Mikroik as the client device.
If you didnt want the WG to be the default route I assume you add all the subnets behind the WG server to allowed-ips on the client?
How do you find the Endpoint IP on your MikroTik?
i like it
why mine is not working
Thank you for sharing knowlegde! Great and straight to the point 🙂
I'm wondering if you could make a video wireguard setup on a mikrotik – then connect ether1 to internal network – and then share that wireguard connection to port 2-5. Then several PCs, TV/netflix etc can share the vpn connection. Possible?
I found out what the problem was. I had a firewall NAT rule for my phone server for ports 2000-65000 UDP and this clashed with wireguard UDP 13231. So i changed wireguard to a port below 2000 and it works fine! Thanks!
Do you know why my mikrotik-wireguard interface is in italics? Also, in IP->Addresses, the IP Address I setup for wireguard says 'Invalid' as it is in red writing.
This sadly did not work. It may be due to the firewall filter rules i am not sure. I tried to add a rule but it didn't work.
add action=accept chain=input comment="Wireguard 13231 port allowed"
dst-port=13231 in-interface=ether1 protocol=udp