hi, i followed these two posts to get nordlynx (nordvpn’s wireguard) working on my friend’s router
https://forum.openwrt.org/t/instruction-config-nordvpn-wireguard-nordlynx-on-openwrt/89976
http://forum.mikrotik.com/t/v7-1beta6-development-is-released/149195/278
and this post to get the routing working with fasttrack
http://forum.mikrotik.com/t/ros-7-1beta2-routing-via-wireguard/144669/1
here’s my config
[admin@MikroTik] > /export terse
# jan/08/2022 15:59:36 RB951Ui-2nD RouterOS 7.1.1
/interface bridge add admin-mac=x auto-mac=no comment=defconf name
=bridge
/interface wireless set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=
20/40mhz-XX disabled=no distance=indoors frequency=auto installation=indoor mode=a
p-bridge ssid=x wireless-protocol=802.11
/interface wireguard add listen-port=13231 mtu=1420 name=wireguard1
/interface list add comment=defconf name=WAN
/interface list add comment=defconf name=LAN
/interface wireless security-profiles set [ find default=yes ] authentication-type
s=wpa-psk,wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik
/ip pool add name=dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server add address-pool=dhcp interface=bridge name=defconf
/routing table add disabled=no fib name=via-wg
/interface bridge port add bridge=bridge comment=defconf interface=ether2
/interface bridge port add bridge=bridge comment=defconf interface=ether3
/interface bridge port add bridge=bridge comment=defconf interface=ether4
/interface bridge port add bridge=bridge comment=defconf interface=ether5
/interface bridge port add bridge=bridge comment=defconf interface=wlan1
/interface list member add comment=defconf interface=bridge list=LAN
/interface list member add comment=defconf interface=ether1 list=WAN
/interface wireguard peers add allowed-address=0.0.0.0/0 endpoint-address=serverip endpoint-port=51820 interface=wireguard1 persistent-keepalive=25s public-ke
y="serverwireguardkey"
/ip address add address=192.168.88.1/24 comment=defconf interface=bridge network=1
92.168.88.0
/ip address add address=10.5.0.2 interface=wireguard1 network=10.5.0.2
/ip dhcp-client add comment=defconf interface=ether1
/ip dhcp-server network add address=192.168.88.0/24 comment=defconf dns-server=192
.168.88.1 gateway=192.168.88.1
/ip dns set allow-remote-requests=yes
/ip dns static add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter add action=accept chain=input comment="defconf: accept establi
shed,related,untracked" connection-state=established,related,untracked
/ip firewall filter add action=drop chain=input comment="defconf: drop invalid" co
nnection-state=invalid
/ip firewall filter add action=accept chain=input comment="defconf: accept ICMP" p
rotocol=icmp
/ip firewall filter add action=accept chain=input comment="defconf: accept to loca
l loopback (for CAPsMAN)" dst-address=127.0.0.1
/ip firewall filter add action=drop chain=input comment="defconf: drop all not com
ing from LAN" in-interface-list=!LAN
/ip firewall filter add action=accept chain=forward comment="defconf: accept in ip
sec policy" ipsec-policy=in,ipsec
/ip firewall filter add action=accept chain=forward comment="defconf: accept out i
psec policy" ipsec-policy=out,ipsec
/ip firewall filter add action=fasttrack-connection chain=forward comment="defconf
: fasttrack" connection-state=established,related hw-offload=yes
/ip firewall filter add action=accept chain=forward comment="defconf: accept estab
lished,related, untracked" connection-state=established,related,untracked
/ip firewall filter add action=drop chain=forward comment="defconf: drop invalid"
connection-state=invalid
/ip firewall filter add action=drop chain=forward comment="defconf: drop all from
WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-l
ist=WAN
/ip firewall nat add action=masquerade chain=srcnat comment="defconf: masquerade"
ipsec-policy=out,none out-interface-list=WAN
/ip firewall nat add action=masquerade chain=srcnat out-interface=wireguard1
/ip route add disabled=no dst-address=0.0.0.0/0 gateway=wireguard1 pref-src="" rou
ting-table=via-wg suppress-hw-offload=no
/routing rule add action=lookup-only-in-table disabled=no dst-address=10.0.0.0/24
src-address=10.0.0.0/24 table=main
/routing rule add action=lookup-only-in-table disabled=no dst-address=0.0.0.0/0 sr
c-address=10.0.0.0/24 table=via-wg
/routing rule add action=lookup disabled=no src-address=192.168.88.254/32 table=vi
a-wg
/routing rule add action=lookup disabled=no src-address=192.168.88.253/32 table=vi
a-wg
/routing rule add action=lookup disabled=no src-address=192.168.88.252/32 table=vi
a-wg
/routing rule add action=lookup disabled=no src-address=192.168.88.251/32 table=vi
a-wg
/routing rule add action=lookup disabled=no src-address=192.168.88.250/32 table=vi
a-wg
/routing rule add action=lookup disabled=no src-address=192.168.88.249/32 table=vi
a-wg
/routing rule add action=lookup disabled=no src-address=192.168.88.248/32 table=vi
a-wg
/routing rule add action=lookup disabled=no src-address=192.168.88.247/32 table=vi
a-wg
/routing rule add action=lookup disabled=no src-address=192.168.88.246/32 table=vi
a-wg
/routing rule add action=lookup disabled=no src-address=192.168.88.245/32 table=vi
a-wg
/routing rule add action=lookup disabled=no src-address=192.168.88.244/32 table=vi
a-wg
/routing rule add action=lookup disabled=no src-address=192.168.88.243/32 table=vi
a-wg
/routing rule add action=lookup disabled=no src-address=192.168.88.242/32 table=vi
a-wg
/routing rule add action=lookup disabled=no src-address=192.168.88.241/32 table=vi
a-wg
/routing rule add action=lookup disabled=no src-address=192.168.88.240/32 table=vi
a-wg
as you can see i manually add the first 15 ips served via dhcp but wanted to know if there’s a way to route 50 ips at a time