I am trying to get WIreguard to work on my haP ac2 so that all WAN traffic goes through my commercial VPN provider.
Basically I want the router to do the job that my provider's Windows software is doing right now, except I want it to handle also traffic from my other connected devices, not just the Windows PC.
This is what I have done so far:
I got the .conf files from my provider for my chosen endpoint locations. I didn't find any way to import them directly into ROS v7.2Rc1, so I transfered the information manually.
The files have the following format:
Code: Select all
[Interface]
PrivateKey = xxx
Address = xxx/32
DNS = xxx
[Peer]
PublicKey = xxx
AllowedIPs = 0.0.0.0/0
Endpoint = xxx:443
PresharedKey = xxx
Then I setup a Wireguard Interface and Peer and added it to the LAN group like this:
Code: Select all
/interface wireguard
add listen-port=13231 mtu=1420 name=VPNProvider
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=VPNProvider list=LAN
/interface ovpn-server server
set auth=sha1,md5
/interface wireguard peers
add allowed-address=0.0.0.0/0 comment="BKK" disabled=yes \
endpoint-address=xxx endpoint-port=443 \
interface=VPNProvider persistent-keepalive=25s public-key=\
"xxx"
add allowed-address=0.0.0.0/0 comment=FRA endpoint-address=\
xxx endpoint-port=443 interface=VPNProvider \
persistent-keepalive=25s public-key=\
"xxx"
I am not surprised, because from what I have read, I also need to set up a route and some firewall rules and maybe something else too.
And so here I would like some help from the more experienced members, because these are very sensitive areas and I don't want to do anything wrong.
Also I hope that this thread with your help could be an asset for other people who simply would like to set up their VPN provider in their MikroTik router, since I could not find any tutorial on various provider's websites.
Actually it would be great if MikroTik could add this to the Quick Set since I think this would be of great interest to the home user.
Thank you for your kind help.