In our previous post, we introduced WireGuard—a modern and efficient VPN protocol—and discussed how MikroTik RouterOS can be the ideal platform to set up a secure WireGuard server. Now, it’s time to dive into the technical details and configure the MikroTik router to act as a WireGuard server. This post will guide you through the essential steps.
Router Configuration
Before we begin with WireGuard setup, ensure that you have access to your MikroTik router’s web interface. If you haven’t already configured your router, you should establish basic internet connectivity and access to the router’s admin panel.
- Accessing the Router Admin Panel:
- To access the router’s admin panel, open your web browser and enter the router’s IP address. The default IP is often
192.168.88.1. You can usually find this information in the router’s manual or on a label on the router itself. - Log in with your router’s administrator credentials. If you haven’t changed these, the default username is typically “admin,” and the password is usually blank or set to “admin.”
- To access the router’s admin panel, open your web browser and enter the router’s IP address. The default IP is often
- Initial Router Setup:
- After logging in, you might be guided through an initial setup wizard. This wizard typically includes setting a password, configuring your WAN (internet) connection, and basic network settings. Follow the wizard’s prompts to complete this initial configuration.
- After logging in, you might be guided through an initial setup wizard. This wizard typically includes setting a password, configuring your WAN (internet) connection, and basic network settings. Follow the wizard’s prompts to complete this initial configuration.
Installing WireGuard on MikroTik
To configure the MikroTik router as a WireGuard server, you’ll first need to install the WireGuard package. Here’s how to do it:
- Installing WireGuard Package:
- In the MikroTik web interface, navigate to System and then click on Packages. This is typically found in the left-hand menu.
- Click the Check For Updates button to ensure you have the latest packages.
- Locate the WireGuard package. It’s usually listed as “wireguard” or “wireguard-<version>.” If you don’t see it, you may need to check if it’s available in a different package repository or update your RouterOS version to a version that supports WireGuard.
- Enable the WireGuard Module:
- After installing the WireGuard package, navigate to System > Packages again.
- Find the WireGuard package in the list and click Enable to activate the WireGuard module.
Generating WireGuard Keys
Now that WireGuard is installed, it’s time to generate the necessary keys for your WireGuard server. These keys will be used for encryption and authentication.
- Generating WireGuard Keys:
- Open a new terminal or SSH into your MikroTik router.Run the following commands to generate WireGuard private and public keys:
/interface wireguard generate-keypair
- This command will generate a private key and a corresponding public key.
- Securely Store the Keys:
- It’s crucial to securely store these keys. You can use a secure password manager or another trusted method to keep them safe.
With the WireGuard package installed, the module enabled, and the keys generated, your MikroTik router is now ready to be configured as a WireGuard server. In the next part of this series, I’ll dive into creating the WireGuard interface and setting up firewall rules for secure communication. Stay tuned for more next weekend!
