When you configure a Wireguard peer in Winbox, you can complete the endpoint and endpoint port - where the peer should connect to the server (in my case, a port open on my boundary router that is forwarded to this device).
However, further down there is a read-only box summarising the peer config. This summary omits the endpoint data. It should be under [Peer] Endpoint
The generated QR code, only contains the text from the summary box, so also omits the endpoint. Scanning the code with a wireguard client, does not provide a working configuration without the endpoint.
It is possible to work around, after scanning the QR code with your client, you then need to manually edit the config and type the endpoint address:port into the client.
One is unable to easily create and send a client peer user, a completed wireguard setup file or qr code, so dont waste your time.
I have provided MT with some thoughts on how to achieve this, lets see what they come up with down the line.
For now send your peer users the information in a text file so they can at least manually enter it.
OPTION1 - They create their interface with their own private key and public key generation.
a. the wireguard address they should use
b. your endpoint port and endpoint address
c. the public key your wireguard interface has provided ( used for all remote peers on the same wireguard interface )
d. the persistent keep alive you want them to use
e. a DNS setting for them to use if applicable.
f. a pre-shared key if you want to add extra security.
From them you will need their public key generated to put on your local peer settings.
OPTION2 - You create a separate private key and public key setup for each peer.
a. you send them the extra private key you generated for them to use on their device to generate their public key (which you now already have)
b. take the public key generated by this extra private key and place it in the public key area for the peer settings for that client
Note: To get a new private and public key for each remote peer client, generate another temporary wireguard interface with private and public key to get random private keys and public keys generated.
Call the interface by an apppriate name
After all is done, simply delete all the xtra interfaces they are not needed.
c. the wireguard address they should use
d. your endpoint port and endpoint address
e. the public key your wireguard interface has provided ( used by all remote client peers to identify this device )
f. the persistent keep alive you want them to use
g. a particular DNS they should use if applicable.
h. a pre-shared key if you want to add extra security.