No Internet wireguard

I am a newbie, installed OS 7.4 on my VM, and just want to use this server for WireGuard VPN to route all of the traffic through eth5 public IP, I would also like to apply rate limitation of 3mbp/s for every client, thank you.

[admin@MikroTik] > /export
# nov/22/2023 08:27:37 by RouterOS 6.49.8
# software id = 
#
#
#
/interface ethernet
set [ find default-name=ether1 ] disable-running-check=no
set [ find default-name=ether2 ] disable-running-check=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip dhcp-client
add disabled=no interface=ether1
add disabled=no interface=ether2
/ip service
set telnet disabled=yes
[admin@MikroTik] >

set [ find default-name=ether1 ] disable-running-check=no name=ether4
set [ find default-name=ether2 ] disable-running-check=no name=ether5
/interface wireguard
add listen-port=13231 mtu=1420 name=wireguard1
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/port
set 0 name=serial0
/ipv6 settings
set max-neighbor-entries=15360
/interface wireguard peers
add allowed-address=10.10.10.2/32 interface=wireguard1 public-key=\
    "u+2qjZlKkQjUZsDmE42Ak/ZubablL0IDDKen0NbTrjM="
/ip address
add address=10.10.10.1/24 interface=wireguard1 network=10.10.10.0
/ip dhcp-client
add interface=*1
add interface=*2
add interface=*3
add interface=ether4
add interface=ether5
/ip firewall filter
add action=accept chain=input dst-port=13231 protocol=udp
/system note
set show-at-login=no
/system scheduler
add name=myscheduler on-event=ipscript1 policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-time=startup
add name=myscheduler2 on-event=ipscript2 policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-time=startup
add name=myscheduler3 on-event=ipscript3 policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-time=startup
add name=myscheduler4 on-event=ipscript4 policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-time=startup
add name=myscheduler5 on-event=ipscript5 policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-time=startup
add name=myscheduler6 on-event=ipscript6 policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-time=startup
/system script
add dont-require-permissions=no name=ipscript1 owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
    "/ip dhcp-client add interface=ether3 disabled=no;"
add dont-require-permissions=no name=ipscript2 owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
    "/ip dhcp-client add interface=ether4 disabled=no;"
add dont-require-permissions=no name=ipscript3 owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
    "/ip dhcp-client add interface=ether5 disabled=no;"
add dont-require-permissions=no name=ipscript4 owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
    "/ip dhcp-client add interface=ether6 disabled=no;"
add dont-require-permissions=no name=ipscript5 owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
    "/ip dhcp-client add interface=ether7 disabled=no;"
add dont-require-permissions=no name=ipscript6 owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
    "/ip dhcp-client add interface=ether8 disabled=no;

when I connect to WireGuard, I can ping the public address and myself 10.10.10.2 but I can’t ping Cloudflare DNS or open any website, I am connecting to wireguard from another location and IP network and connecting publically to this VM machine installed OS 7.4.

Fuzzy explanation …

More info needed on the complete context of the setup.
What is located where ?
And what are you trying to do ?

Tip:
Check allowed addresses in peer settings.
Most likely your problem is there.

# 2023-11-22 10:57:38 by RouterOS 7.10.2
# software id = 
#
/interface ethernet
set [ find default-name=ether1 ] disable-running-check=no name=ether4
set [ find default-name=ether2 ] disable-running-check=no name=ether5
/interface wireguard
add listen-port=13231 mtu=1420 name=wireguard1
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/port
set 0 name=serial0
/ipv6 settings
set max-neighbor-entries=15360
/interface wireguard peers
add allowed-address=10.10.0.2/32 interface=wireguard1 persistent-keepalive=25s \
    public-key="u+2qjZlKkQjUZsDmE42Ak/ZubablL0IDDKen0NbTrjM="
/ip address
add address=10.10.0.1 interface=wireguard1 network=10.10.0.1
/ip dhcp-client
add interface=*1
add interface=*2
add interface=*3
add interface=ether4
add interface=ether5
/system note
set show-at-login=no
/system scheduler
add name=myscheduler on-event=ipscript1 policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-time=startup
add name=myscheduler2 on-event=ipscript2 policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-time=startup
add name=myscheduler3 on-event=ipscript3 policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-time=startup
add name=myscheduler4 on-event=ipscript4 policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-time=startup
add name=myscheduler5 on-event=ipscript5 policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-time=startup
add name=myscheduler6 on-event=ipscript6 policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-time=startup
/system script
add dont-require-permissions=no name=ipscript1 owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
    "/ip dhcp-client add interface=ether3 disabled=no;"
add dont-require-permissions=no name=ipscript2 owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
    "/ip dhcp-client add interface=ether4 disabled=no;"
add dont-require-permissions=no name=ipscript3 owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
    "/ip dhcp-client add interface=ether5 disabled=no;"
add dont-require-permissions=no name=ipscript4 owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
    "/ip dhcp-client add interface=ether6 disabled=no;"
add dont-require-permissions=no name=ipscript5 owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
    "/ip dhcp-client add interface=ether7 disabled=no;"
add dont-require-permissions=no name=ipscript6 owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
    "/ip dhcp-client add interface=ether8 disabled=no;"

Thank you for the reply, I already have checked the peer of allowed address, I am trying to access the internet by WireGuard on another public address (Just like the VPN works anywhere).
I have internet on my eth5 port of Mikrotik, I have included my config, is there anything am missing? I have seen about doing bridge or something to give internet access since I can ping the public & private address by connecting to my WireGuard but there’s no Internet access, can’t ping cloudflare or google DNS,

What needs to be clear are who/what are at each end of the wireguard connections.
What is server for handshake what is peer for handshake.
A network diagram would help.

Thanks for the reply, The diagram is the following, I am trying to make a VPN server which is accessible anywhere in the world and put Bandwidth shaping so they don’t end up using more than allocated speed, can allow burst speed if possible, I would also like to know, is it possible to put some expiry on the WireGuard client? Like 1 month etc? Thank you so much for your time regarding, I know that Linux server was going to be quite easy but I always wanted to learn Mikrotik that’s why am trying to educated myself, watched many youtube videos but nothing seems to help me as I follow them and try to understand the function but don’t know what’s happening wrong and where.

ON MT Server Router
(1) You only have one wireguard peer not three as per the diagram.
(2) The peer setting on the server do not require keep alive, that is something for the client end.
(3) I do not see any subnets for the LAN under IP addresses??
(4) The IP address for the WG interface is not the right format. Should be:
/ip address
add address=10.10.0.1/24 interface=wireguard1 network=10.10.0.0
(4) There are no firewall rules so cannot say anything further on that score.
(5) I dont see routes… same same.

So providing an incomplete config as usual has NOT been helpful.

[rafaycivil@MikroTik] > /export
# 2023-11-22 17:00:41 by RouterOS 7.10.2
# software id = 
#
/interface ethernet
set [ find default-name=ether1 ] disable-running-check=no name=ether4
set [ find default-name=ether2 ] disable-running-check=no name=ether5
/interface wireguard
add listen-port=13231 mtu=1420 name=wireguard1
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=wireguard ranges=10.10.0.2-10.10.0.254
/port
set 0 name=serial0
/ipv6 settings
set max-neighbor-entries=15360
/interface wireguard peers
add allowed-address=10.10.0.2/32 interface=wireguard1 public-key=\
    "u+2qjZlKkQjUZsDmE42Ak/ZubablL0IDDKen0NbTrjM="
/ip address
add address=10.10.0.1/24 interface=wireguard1 network=10.10.0.0
/ip dhcp-client
add interface=*1
add interface=*2
add interface=*3
add interface=ether4
add interface=ether5
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,8.8.8.8
/ip firewall nat
add action=masquerade chain=srcnat src-address=10.10.0.0/24
add action=masquerade chain=srcnat src-address=38.x.x.0/24
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=38.x.x.8 routing-table=main \
    suppress-hw-offload=no
/system note
set show-at-login=no
/system scheduler
add name=myscheduler on-event=ipscript1 policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-time=startup
add name=myscheduler2 on-event=ipscript2 policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-time=startup
add name=myscheduler3 on-event=ipscript3 policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-time=startup
add name=myscheduler4 on-event=ipscript4 policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-time=startup
add name=myscheduler5 on-event=ipscript5 policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-time=startup
add name=myscheduler6 on-event=ipscript6 policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-time=startup
/system script
add dont-require-permissions=no name=ipscript1 owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
    "/ip dhcp-client add interface=ether3 disabled=no;"
add dont-require-permissions=no name=ipscript2 owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
    "/ip dhcp-client add interface=ether4 disabled=no;"
add dont-require-permissions=no name=ipscript3 owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
    "/ip dhcp-client add interface=ether5 disabled=no;"
add dont-require-permissions=no name=ipscript4 owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
    "/ip dhcp-client add interface=ether6 disabled=no;"
add dont-require-permissions=no name=ipscript5 owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
    "/ip dhcp-client add interface=ether7 disabled=no;"
add dont-require-permissions=no name=ipscript6 owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
    "/ip dhcp-client add interface=ether8 disabled=no;"
[rafaycivil@MikroTik] >

By watching YouTube and understanding some of the functions, I managed to make it connected to the internet but the speed is quite very slow around 1Mbps only

I have tried MTU size, decreasing to 1300 and even tried making pptp server and connecting to it but it shows the same speed as in Wireguard also disabled the fastpath, I am very confused where that bandwidth is getting limited, it’s not even 1Mbps