I created roadwarrior wireguard peer config. I use IPv4 and IPv6, and a shared secret (PSK). The config file is thus a bit larger than plain vanilla IPv4-only, thus the QR code blob is also bigger than the minimum sized one.
The PSK and keys were generated on a Linux box with:
Code: Select all
# Create Preshared Key (RouterOS 7.14.1 has 'preshared-key=auto' available)
> wg genpsk
KH8nrvx0cuczwE3R56qH5/vyLyHAEBv0QwogCA50ZjU=
# Create keys, first is the private key, then the public key
> wg genkey | tee /dev/tty | wg pubkey
+PENj+zzPfIsTmc35JMPqCEfNzJD56ecPgh8C+ol8GE=
7+C0DcBwtIozJXrZ7tjIbDRbtfgwRVnC/MPBmwe3Rms=
- The QR code that is produced by ROS, is very big, and with Winbox, the full QR code does not fit into the QR code window. Please make the QR code a bit smaller (or the QR code window larger) so it fits the QR-code winbox window fully. The QR code can now only be scrolled wit the scroll bar, but that does not allow user to scan/copy the QR code into a phone WG peer config. (I attached a snipping to show the bug)
- I tried to see the QR code with winbox/terminal, "/interface/wireguard/peers/show-client-config 0", and the QR code is still too big to fit to any winbox terminal window. The resulted physical font of the QR code is again way too big. That is a font issue, but also means QR code is hard to use.
- I tried to export the peer config and peer-QR-code into a file. The QR code is NOT exported to the file:
"show-client-config 0 file=20240307-hemmo-wg-client-x20.txt" creates a file with the ASCII WG-client config, but the QR code is NOT in that file. That created config is wrong/broken, see next item. - I had a working peer (peer 0). I copied that one (with winbox) and entered new public/private keys, new PSK, and new IPv4 and IPv6 addresses. The created client text configuration wrong (I had picture attahed). The QR code config is also equally wrong. In Command Line, the actual Mikrotik side device configuration is ok, but the generated client-config screen is with wrong IPv4 address (192.168.177.X), with wrong mask (/24), without any client IPv6 addressing wrong . (Picture was attached)
- I created a brand new peer, as a second peer to a working Wireguard config. The installation goes as supposed, and the Mikrotik side config is correct. Now again looking at the "client config" text box, it is missing whole of the IPv6 address, the IPv4 is 192.168.177.X addresses (which I had never used), the "client endpoint" (with :port ) gets :port:port , eg port repeated twice. And the generated QR code is equally broken with that same broken client config.
- Could you make the Winbox/Wireguard "client config" text Winbox window allowed to be copied to clipboard. Now you can see the config, but not copy it. The terminal/CLI screen allows copy fine, but Winbox needs to allow that too in the GUI.
- When doing winbox/terminal: "/interface/wireguard/peers> show-client-config 1", the output text config is indented with 4 spaces. For easier copy-paste experience, could you take that extra indentation out?
And then there was one feature request. Wireguard clients are easy to configure with the QR code, thus this is likely the best way to send configurations to a (remote) user. Getting the QR-code in PNG format, makes life a lot easier. So far, I created the WG-client configs manually, created a QR code (pink QR for girls), and had to jump many hoops to get there. Mikrotik could do all of that. So I asked this feature request:
- If possible, please allow the export of the QR code to a PNG file (or what is easiest for you). Now the ASCII QR-codes are very big, and to offer those to a non-computer-savy end user, leads the user not to be able to scan the ASCII QR-code.