ΒΆ RouterOS Configuration
- Create the Wireguard interface on both routers
/interface/wireguard
add listen-port=13231 name=wireguard1
-
Assign an IP address to the Wireguard interface
a. For the relais side (basically the server side with the static IP):/ip/address add address=192.168.100.1/24 interface=wireguard1b. For the first client (Rathaus):
/ip/address add address=192.168.100.10/24 interface=wireguard1 -
Setup the routing tables
a. For the relais side:/ip/route add dst-address=192.168.10.0/24 gateway=192.168.100.10a. For the client side:
/ip/route add dst-address=192.168.88.0/24 gateway=192.168.100.1 -
Add the wireguard interface to the LAN list.
This allows the traffic to be forwarded to the "LAN"/interface/list/member add interface=wireguard1 list=LAN -
On the server side we need to accept incoming Wireguard Clients (place it before drop rules):
/ip/firewall/filter add action=accept chain=input dst-port=13231 protocol=udp src-address=192.168.80.1 place-before=3