Hello
how we can setup a Wireguard Client on routeros ? i have two Router, Router A is Wireguard VPN Server and Router B must be Wireguard client. its possible ?
Of course it is (if both routers run RouterOS 7.x). Just bear in mind that the Wireguard configuration itself is identical at both peers; what reduces their roles to a “client” and a “server” (or rather an “initiator” and a “responder”) is the network topology.
Each peer acts as a responder by listening for incoming Wireguard transport packets on a particular UDP port; when a payload packet arrives from the “inside”, the peer acts as an initiator by sending a transport packet to the address and port of the other peer from that same UDP port. In order that this worked, the network path from the initiator to the responder must be predictable, i.e. the responder must have a public IP address on itself, or there must be a port-forwarding rule on some other router through which the responder is connected to the internet.
So on the client (initiator), you configure the public IP address and port through which the responder is accessible; if the initiator runs on a non-public IP address and there’s a dynamic NAT on its route to the internet, you can configure any random IP address and port on the responder to represent the initiator peer, as they will get rewritten by the actual ones once the first packet from that initiator arrives through that NAT.
problem is Router B doesnt have public IP, can i use Dynamic DNS ? however i think its impossible
A large number of public DNS servers are filtered. It is going to fail at resolving your DDNS record. You could order a public IP for a DVR or something like that.
my random IP will stay on my router if i dont turn it off or disable the connection, right ?
PPPOE ?
yes
No, It is going to change. However, You could use a script to get the new one and set it as your site A peer endpoint. What do you want to do with WG? IP Tunnel is better 
in fact Router A is a Mikrotik VM (Wireguard vpn server) in France and Router B is a mikrotik router in Iran, as you know our internet is completely restricted, only Wireguard and OPENVPN are available.
If both sides are MTs’ you should use an IP Tunnel because WG and OVPN are UDP and are being targeted widely right now.
are you iranian ?
and IP Tunnel is encrypted ?
thank you
Yes, It could be secured with IPsec.
i will try ip tunnel tonight
@own3r1138, would you mind a private talk on this? I have some doubts, but I don’t want to discuss them here on the forum as I’m sure the guys who are responsible for this whole topic monitor the forum too. If so, http://forum.mikrotik.com/t/bobcat-miner-300-relayed/154400/1 .
Hi,
I hope I did it right.
H7kjdkoHmfR8/XMTFcSzbs803y320YsVWN/WyzzY0yzRSoXiMD8oi4YoigxJMXaD
92Wo+KoU11BWsmYFg06b9z36O45KIjYc3nfsaE+vjA8NzG9elK7wft5WaCgW67qF
nAxgCJnCVgb5Y2FKbRJLZt0LJZHOdibJwnq31u1fQEizPslxzVnDkehxfEL9FTSd
OVF0E/MwCbYmWXIdV90PE6k4CM5WSmuV/YsWs6SxRg1+b0bVNjo+oqdANGfoOxXd
IqnFxScKuDAjGJn23NgUdUaa6QZx+26M4KtDscbpbOlKe7cRubALL/tv/WoiMZgy
nueyWFC33ObUrN5p7lviiy8ocLHuSnoFK/oBoQ7z3S4vIT/c6NLZlP+LpYqr+MKI
oKONnO6DBe87DhFQxam/C++zjYS2nv+Jfn+MtexnZiHnMwfsISXijknJbdAcT/UL
5qoYr+RZltvAKmsecTLbUDdRHTc7Vi9vwgESsTSsrT46u9tJFHknUbEyb1Eqxxd4
2qVOPpxy0Vl38ZktLtYy+U2fz5f6WU9yahkfId9qj5cvCNxFUyWB4fS8fN0A8S0e
iAhfbK0td6ncFT3dLkHzgyFh/OkiOxvoxAHPaOGr3hHfgafyH3DX4+6vM5RWEsq4
cOXXMzljWqw/K2+9dN8zZMM9IXaU1mICW7atpStK8zY=
One side has to have a public IP address.
I have a Wireguard VPN from the office to the warehouse. Warehouse has cable internet with a publicly reachable IP address.
The office is behind Starlink with carrier grade NAT.
Connection has been running for months at this point.
The warehouse is the relay for when we are in the field. Open Wireguard tunnel to warehouse… You can browse right to the office server.
both sides are mikrotik ? one side is server and one side is client, right ? how you setup client side ?
However Wireguard is blocked in Iran.
Both sides are Mikrotik.
The warehouse is the “server”.
We use the Wireguard program on windows or the App on our Androids.