Hi,

I am trying to set up SSH access from my VPS (public IP, Ubuntu) to my MikroTik router (public IP, but behind quite prohibitive router). I decided to try and use a Wireguard implementation in RouterOS v7.1rc5. Before trying to set this up, I managed to successfully set up my laptop as a client to my VPS (in this setup, this is the "server"). Everything is going on a 10.0.0.0/24 network with 10.0.0.1 being my VPS and 10.0.0.2 being my laptop. I managed to set up also Wireguard on MikroTik. According to my VPS, the handshake went OK:
The problem is, I am not able to ping the router nor my VPS (ping nor tcpdump on wg0 interface shows anything, this is different from ping to/from my laptop). When I try to ping from VPS, I can see that there is traffic on wireguard's interface on the router. I can also see, using Torch, that on this interface there is also a packet going in the other direction (responding to ping from VPS) but this packet is I guess dropped somewhere. This exact setup is working on my laptop, so I expect, there is not something terribly wrong on the side of VPS but rather on the side of the router. I went through most of the guides and it seems that there could be a problem with routing or firewall. I checked the routing table many times and it seems okay to me. In the case of the firewall, I had the impression that it's not very prohibitive in the case of an outgoing packet, so I am pretty lost right now. Thank you very much for any help!

Everything is in a basic and clean setup. Thing's that I added are (except for wireguard interface):

WireGuard -> Peers:
Endpoint: (VPS public IP)
Endpoint Port: 41194
Allowed Address: 10.0.0.0/24
Persistent Keepalive: 00:00:15

IP -> Addresses:
Address: 10.0.0.0/24
Network: 10.0.0.0
Interface: wireguard1

IP -> Routes:
Dst. Address: 10.0.0.0/24
Gateway: %wireguard1

Is the Wireguard device (MT) the main router ( attached to ISP modem) on one side of the tunnel
Is it acting as a SERVER or client (are users coming to the wireguard MT device to go out its internet etc.......)

(everything Wireguard interests me a lot ...but still a lot to learn)

Surely this can not be correct.
That's not an address but a subnet ? May be easier to post your config:
/export hide-sensitive file=anynameyouwishbecauseanavsaidso

Is the Wireguard device (MT) the main router ( attached to ISP modem) on one side of the tunnel
Is it acting as a SERVER or client (are users coming to the wireguard MT device to go out its internet etc.......)

VPS acts as a server and MikroTik is supposed to be a client. Idea is to be able to connect from VPS to my MikroTik and wake up my PC connected to MikroTik

Two things required:
(1) On the MT wireguard peer settings.....
Use allowed address of
0.0.0.0/0

(2) You need a route to ensure all intended WG LAN users are routed to the tunnel and not to the MTs normal route out to its internet.

0.0.0.0/0 gateway=wireguard routing-table=VPS-server

Route rule:
source address=LANsubnet
Action=lookup ONLY in table
Table=VPS-server