Android and IOS VPN with Mikrotik

miankamran7100 · February 18, 2024, 10:24pm

dear all
hope you will be fine. I want to set up a VPN for my Android and IOS devices (phone). All new Android devices support only ikev2/IPsec.
which VPN is good and efficient.

Thanks

Mesquite · February 19, 2024, 4:32pm

Android devices support wireguard, which is recommended
As per the next post… Confirm what type of Public IP you get from your provider.

optio · February 19, 2024, 4:36pm

There is also MT “Back To Home” mobile app for iOS and Android which simplifies VPN (Wireguard) configuration process.

miankamran7100 · February 19, 2024, 6:43pm

I have static public IP.
I no need BTH.

Mesquite · February 19, 2024, 7:03pm

Great then wireguard it is…
https://help.mikrotik.com/docs/display/ROS/WireGuard

https://www.youtube.com/watch?v=CH10spRyGpU&t=80s

optio · February 19, 2024, 8:47pm

You don’t need BTH because you have public static IP (and guessing not behind CGNAT) or you don’t need BTH because you don’t need internet connection routed over home VPN? BTH VPN will not use MT cloud server for VPN connection if VPN port is accessible from WAN.
BTH is easier approach to set it up, if you don’t want to use it then follow some tutorials/guides for Wireguard from this forum or elsewhere how to set it up, there are plenty.

miankamran7100 · February 19, 2024, 9:05pm

But I can’t use BTH for professional services.
However one thing is best in BTH which is QR code.
Easy for cellphone.
But on the other hand I can’t able to scan QR Code in normal wireguard configuration.

Is there any solution for QR code in wireguard without BTH???

optio · February 19, 2024, 9:11pm

Yes, QR code is visible in Winbox/WebFig in WG peer configuration

miankamran7100 · February 19, 2024, 9:22pm

I don’t need BTH QR.
I have not found it yet in the peer configuration.
can you please post a screenshot of QR in peer configuration?

optio · February 20, 2024, 12:42am

I think this is related to ROS version, not sure on which is introduced, I have latest 7.13.5

miankamran7100 · February 20, 2024, 8:59pm

and port
Thanks for your answer
1). but here is a problem I want to use IP with my ranges and ports but it shows default IP 192.168.177.2/24: 5180.
2). and just a few websites are opening.
maybe MTU issue?

miankamran7100 · February 20, 2024, 11:20pm

A few websites not working when connected with wireguards on Android phone.

Help please

Mesquite · February 21, 2024, 7:45pm

Modifying MTU on mikrotik devices, when the mikrotik is CLIENT, is often done connecting to third party servers. Not the reverse.

You could try setting the MTU the same on android and Mikrotik to 1500 or other higher and lower variants than the default, and see if one work for all.