I bought a new ccr2004 and i am trying to import a wireguard config that i have exported from a CRS326-24G, but in the new router the import function fails , give an error that couuld not parse the file.
Is this a bug?
I can open the file with notepad , it is not encrypted , but in winbox and cli is failing.
who knows… without details we can’t help you
Maybe, maybe not.
https://help.mikrotik.com/docs/spaces/ROS/pages/69664792/WireGuard
Minimum parameters must be specified for importing on the client device by QR-code/file.
Example:
interface: wireguard1
public-key: v/oIzPyFm1FPHrqhytZgsKjU7mUToQHLrW+Tb5e601M=
private-key: KMwxqe/iXAU8Jn9dd1o5pPdHep2blGxNWm9I944/I24=
allowed-address: 192.168.88.3/24
client-address: 192.168.88.3/32
client-endpoint: example.com:13231
When using interface/wireguard/wg-import file=,[b] you may get Could not parse error[/b], if Wireguard import file starts with #, use it clean as per example:
[Interface]
Address =192.168.88.3/24
ListenPort = 13533
PrivateKey = UBLqJEFZZf9wszZSUF2BPWa9dsMX99RbEcxlNfxWffk=
If those are your real keys, you might as well start over as publishing actual keys and actual WANIP information is a big NONO.
Assuming you have one device ( server peer for handshake and you would like to transfer the setup to a second router as a client peer ).
Well its quite simple.
What the MAIN ROUTER provides for you to use on all devices is its public KEY.
ON the new router, when you create a new interface, it will also provide you with a public KEY
Therefore on the new router you install the public KEY of the main router ( on the peer settings for the main router )
On the main router you install the public key of the new router ( on the peer settings for the new router )
MAIN ROUTER
LEts say
add address=10.10.10.1/24 interface=wireguardmain network=10.10.10.0
/interface wg peer
add addresses=10.10.10.2/32,subnet1,subnet2 interface=wireguardmain publickey=“kdkdkdkdk”
Note: where subnet1,subnet2 refer to subnets at new router that either local users need to visit, or that are coming into your main router!!
ALSO need Routes for remote subnet traffic.
/ip route
add dst-address=subnet1 gateway=wireguardmain routing-table=main
add dst-address=subnet2 gateway=wireguardmain routing-table=main
NEW ROUTER
Lets say
add address=10.10.10.2/24 interface=wireguardnew network=10.10.10.0
/interface wg peer
add addresses=10.10.10.0/24,subnetA,subnetB endpoint-address=mynetame.ent endpoint-port=listeningPort-MainRouter
interface=wireguardnew publickey=“*&^%^&k” persistent-keep-alive=25s
Note1: where subnetA,subnetB refer to subnets at MAIN router that either local users need to visit, or that are coming into your new router!!
Note2: If remote users also need access to the internet at MAIN router then the wireguard peers will change to…
/interface wg peer
add addresses=0.0.0.0/0 interface=wireguardnew publickey=“*&^%^&k”
persistent-keep-alive=25s[/i]
Note: Use firewall rules to ensure only those with internet need get it ( combination of forward rules at both routers )
ALSO need Routes for remote subnet traffic.
/ip route
add dst-address=subnetA gateway=wireguardnew routing-table=main
add dst-address=subnetB gateway=wireguardnew routing-table=main