WireGuard - Remote Devices - Configuration Example Request

RouterOS General
1

In our business, we end up with MikroTik devices at many off-network locations. We have 3 general requirements for off-network MikroTik devices:

  • Continuous VPN connection to our office
  • Log in to the remote device through that established VPN from the office network
  • Use device as a Dude Agent reporting through VPN
  • Have device report to our network over VPN (i.e., IoT connections)

We currently do this successfully with older VPN configurations. I would like to move to WireGuard. I’m looking for a good Configuration Example for such a use case. I imagine others are already doing this.

Is there a good example of this intended configuration? I think it would be useful to have this sort of example in the documentation.

Thank you.

2

If the locations are fixed locations (not mobiles / laptops travelling, but remote offices), you can start with the Site-to-Site example from the documentation:

If you have more subnets than the example, then it's just a matter of adding more subnets to the allowed-address field of the peers, as well adding more entries under /ip route.

You use the forward chain of the firewall to do blocking between subnets if needed (just like between your local subnets).

I've never used the Dude so I know nothing about its requirements.

Individual travelling devices connected through public external networks should be configured as individual RoadWarrior clients instead, also on that documentation page.