[Feature request] Wireguard

chiem · August 23, 2018, 6:38am

+1

Wireguard is supposed to be extremely simple. Please don’t take 3+ years to support it.

TPecorella · August 27, 2018, 12:08pm

1, please add support asap

mozerd · August 27, 2018, 12:35pm

+1
I have been using wireguard on the Ubiquiti EdgeRouter-Lite and WOW in a site to site scenario – amazing vpn performance.
I definitely would encourage MikroTik to take a very serious look at this.

Steveocee · August 27, 2018, 8:08pm

+1 Was reading about this earlier. Would love to see the MikroTik finger “on the pulse”.

pe1chl · August 28, 2018, 6:27am

I rather would love to see MikroTik implement existing and long outstanding feature requests rather than to be swayed by the issues of the day!

Sob · August 28, 2018, 3:23pm

@pe1chl: It’s generally true, but if this thing can be implemented as easily as authors claim:

WireGuard has been designed with ease-of-implementation and simplicity in mind. It is meant to be easily implemented in very few lines of code, and easily auditable for security vulnerabilities.

(even though “very few lines of code” sounds a little too optimistic), it might be worth to give it a higher priority. If implementing Wireguard would be easier than finishing OpenVPN implementation (I don’t know, might be), I’d say to go for it. Not that it’s a dream come true in complete package…

I have mixed feelings about roadwarrior use. It needs only single udp port (great) and even has some kind of roaming (I’m still not decided how much it helps). But inside config (addresses, routes) seems to be intentionally static-only. That’s not great, because it means that it’s not very usable when there’s a lot of users and things can change. On the other hand, it’s not much worse than what MikroTik’s OpenVPN offers. For small SOHO use it could be good, as it seems to be otherwise quite easy to understand. Even working Windows client already exists.

For site to site, IPSec works great for me, but it’s true that I do it mostly with static public addresses. When that’s not available, Wireguard could work better. It should also have better performance on devices without HW acceleration. And it would provide interfaces for links, which would make it more clear for a lot of people than current tunnel-mode IPSec (I know about IPIP/GRE/EoIP inside IPSec, but it’s extra step).

pe1chl · August 28, 2018, 4:19pm

I’m not sure it is so much better than L2TP/IPsec which is proven and has hardware acceleration on a lot of MikroTik routers.
It can also deal with roaming users with dynamic IP, static or dynamic user tunnel addresses, etc.
And we already know what happens when MikroTik quickly implement a protocol which then later continues to develop independently… see OpenVPN.

No, for me it is much more important that IPv6 is finally worked on again, and for others a multicore BGP solution is even more important.
Those things should be on top priority for MikroTik to work on (when they are not distracted by security issues), and new features like Wireguard should go below that.
When any work on VPN solutions is to be done, it should be to implement route pushing in existing protocols, according to (de-facto) standards.
When working between MikroTik routers one can use BGP, and I do so, but when using proprietary clients we need e.g. DHCP over L2TP (for Windows) and OpenVPN push route.

samael · September 6, 2018, 7:47am

+1.

flazzarini · September 10, 2018, 5:44pm

+1

Wireguard is so easy to setup and works on so many platforms already. On a side note though if implemented please make it more easier to use DNS names instead of IP addresses.

R1CH · September 10, 2018, 10:19pm

I know it’s a lot to hope for, but this could easily be avoided if Mikrotik would stop re-implementing these features themselves and start using the open source implementations directly. They already use Linux kernel (GPL), I really don’t see why they are so against using other open source packages and are instead re-inventing them with reduced features and more security bugs.

On that note, a large amount of the Wireguard code operates in the Linux kernel, so in the future if RouterOS upgrades to a modern kernel we could very easily see Wireguard support with minimal work required by Mikrotik since it comes “for free”.

czb123 · September 24, 2018, 8:25pm

+1 from me

ofer · September 26, 2018, 9:15am

+1 i hope it’ll be included in the next major version

denisbondar · October 7, 2018, 11:59am

+1 for Wireguard

bakshtay · November 8, 2018, 9:57am

+1 for wireguard on routeros

moneron · November 8, 2018, 1:34pm

I think this is a good idea.
+1 for WireGuard.

shopping · November 14, 2018, 5:17pm

+1 wireguard asap

SaurVLZ · December 10, 2018, 5:44pm

+1 for Wireguard

dakobg · December 11, 2018, 7:00am

+1

Изпратено от моят SM-G903F с помощта на Tapatalk

32768 · December 31, 2018, 1:52pm

+1 for Wireguard

BDF · January 7, 2019, 9:18am

+1 for WG