We run some Mikrotik routers as Wireguard clients behind NAT. This means that we set them up with persistent keepalive to have the tunnel up and running. We have lots of routers running this config and it works great. However if you upgrade past 7.12 this stops working and the configuration is just messed up it seems.
Changelog here (7.12), released 2023-11-09
https://mikrotik.com/download/changelogs
You can see this line;
“wireguard - request public or private key to be specified in order to create peer;”
This makes the configuration of the peer impossible in the router. You already get an automatically created Public/Private keypair when creating the interface. Here we should create a new one for some reason?
They also added a preview of the resulting config, this is also incorrect as the Interface Public Key is actually shown as the PublicKey for the [Peer], and not the [Interface].
If you try to add a Peer with the CLI and leave the PrivateKey empty, the “PrivateKey” under [Interface] is populated with “AAAAAAAAA…EA=”. This means it’s impossible to configure a correct Wireguard setup, both via CLI and the GUI.
Did I miss something here or did Mikrotik mess this completely up?