Hi, I went finally through the guide, but probably i have still something wrong.
If someone would be that kind and check it, suggest what to change…over 2 month reading and not going any much furter 
- Some pages stopped to load (eg. duckduckgo.com) , google.com loads fine, not sure if DNS, something cached or FW problems is causing it…
- After applying suggested settings, Can’t connect to MT via IP now , only via MAC
- Soon as is working normally - I would like to WhiteList/select few devices / IPs to be on VPN (has PublicIP) and open few ports for those devices
Rest devices should be under Local Provider IP.
I’m using 3rd party VPN provider
This is the “former” code to add VPN WG
# Adding interface with correct private key works well
/interface/wireguard/add listen-port=13231 private-key="PrivateKey1" name=wg-az-se-sto comment="AzireVPN SE-STO interface"
# Over here i've added IPs from az-se-sto.conf file, but not able to add IPv6 address or doing it wrongly
/ip/address add address=10.0.15.53/32,2a0e:1c80:1337:1:10:0:15:53/128 interface=wg-az-se-sto
# it worked only without IPv6
/ip/address add address=10.0.15.53/32 interface=wg-az-se-sto
# This was added fine
/interface/wireguard/peers/add endpoint-address=se-sto.azirevpn.net endpoint-port=51820 public-key="PublicKey1" allowed-address=0.0.0.0/0, ::/0 interface=wg-az-se-sto
# here it surprisingly accepted also IPv6 DNS
/ip dns set servers=91.231.153.2,192.211.0.2,2a0e:1c80:1337:1:10:0:0:1 allow-remote-requests=yes
# both added fine
/ip/route add dst-address=0.0.0.0/0 gateway=wg-az-se-sto
# except " se-sto.azirevpn.net " can't be added seems like, even VPN provider strongy suggest to use hostname , as IP might change with the time. So i had to do "ping se-sto.azirevpn.net " to get IP 45.15.16.52
/ip/route add dst-address=45.15.16.52 gateway=10.38.166.65
# adding rule to FW
/ip firewall nat add chain=srcnat action=masquerade out-interface=wg-az-se-sto
# adding rule to FW to allow WG traffic
/ip firewall filter add action=accept chain=output comment="allow WireGuard" dst-address=45.15.16.52 dst-port=51820 protocol=udp place-before=1
Config from VPN provider
[Interface]
PrivateKey = PrivateKey1
Address = 10.0.15.53/32, 2a0e:1c80:1337:1:10:0:15:53/128
DNS = 91.231.153.2, 192.211.0.2, 2a0e:1c80:1337:1:10:0:0:1
[Peer]
PublicKey = PublicKey1
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = se-sto.azirevpn.net:51820
#had to find real IP in order to use it in Mikrotik
ping se-sto.azirevpn.net = 45.15.16.52
Then i’ve added
/routing table
add disabled=no fib name=useWG
/interface wireguard peers
add allowed-address=0.0.0.0/0 endpoint-address=se-sto.azirevpn.net \
endpoint-port=51820 interface=wg-az-se-sto persistent-keepalive=40s \
public-key="PublicKey1"
/ip address
add address=10.0.15.53/24 interface=wg-az-se-sto network=10.0.15.0
/ip firewall filter
add action=accept chain=forward in-interface=bridge out-interface=\
wg-az-se-sto
add action=accept chain=output comment="allow WireGuard" disabled=yes \
dst-address=45.15.16.52 dst-port=51820 protocol=udp
/routing rule
add action=lookup disabled=no src-address=192.168.10.0/24 table=useWG
added also whole export “anonymized”
Thanks
VPN.rsc (7.91 KB)