WireGuard VPN scheme with 2 MikroTiks and VPS

blizzard6018 · July 14, 2025, 5:51am

I have 2 locations: location 1 and location 2
Both locations have:

provider’s router located behind CGNAT
my MikroTik router RB5009UG+S+IN with RouterOS 7.19.3 and WireGuard

Because of CGNAT, incoming connections to MikroTik from internet are impossible,
so I have VPS with static public IP, WireGuard installed, and both MikroTiks are connecting to VPS.

Also I have laptop in location 2
which is connected by ethernet cable to MikroTik 2
I can’t install any software on this laptop.

Laptop should go to internet via MikroTik 1 - all third-party observers should see as it is geographically located in location 1

Internal IPs are:
VPS 10.66.66.1
MikroTik 1 10.66.66.3
MikroTik 2 10.66.66.6
Laptop 10.66.66.7

What should wg0.conf contain on VPS, so all the traffic from laptop should be redirected to MikroTik 1?
Please advise

CGGXANNX · July 14, 2025, 9:12am

Do the ISPs at the two locations provide IPv6 connectivity? If yes use that instead to establish a direct WG link between the two routers (no CGNAT with IPv6) and you can get rid of the VPS.

blizzard6018 · July 14, 2025, 12:57pm

Unfortunately, none of my ISPs support IPv6, so I can’t rid off VPS here