I prefer to put it somewhere random, making it harder for bots to target. 1 - and the nearby 192.168.77.0/24 subnet for WireGuard.Īlthough port 13231 seems popular for WireGuard, there's nothing about the protocol that requires it. This example uses the MikroTik default of 192.168.88.0/24 for the LAN - with the router as.
I added double-NAT to mducharme's configuration, then simplified it a bit: /interface wireguardĪdd allowed-address=192.168.77.2/32 interface=wg1 public-key="iPhone-pubkey"Īdd allowed-address=192.168.77.3/32 interface=wg1 public-key="iPad-pubkey"Īdd address=192.168.77.1/24 interface=wg1Īdd action=src-nat chain=srcnat src-address=192.168.77.0/24 to-addresses=192.168.88.1 My use case is that the WireGuard server is a CRS328 behind a third-party Internet router rather than a directly Internet-facing MikroTik router.
You can find many WireGuard configuration guides for RouterOS 7, including mducharme's fine road-warrior configuration, but I needed something a bit different.
0 kommentar(er)
