Floppy Pancake Media

Tag: Winbox

  • Setup Wireguard With Mikrotik and Fedora Linux

    1. Ensure Mikrotik (Hex S in my case) is updated for Wireguard support
    2. In Wireguard menu on Winbox (or web manager):
      • Add a new Wireguard instance
        • Name the interface
        • Change the port number
        • Click ‘+’ next to private key
    3. Go to IP -> Addresses and add new address
      • Comment appropriately
      • Set address as something not commonly used. 192.168.100.1/24, perhaps
      • Set network address (192.168.100.0, for this case)
      • Set the interface as the Wireguard instance created above
    4. Go to IP -> Firewall
      • In Filter Rules:
        • New rule.
          • Chain = input.
          • Protocol = 17(udp).
          • Dst. Port = {your chosen port}.
          • Action = accept.
          • Comment as “Accept WG input” or something.
        • New rule.
          • Chain = forward.
          • In Interface = {WG interface set up above}.
          • Action = accept.
          • Comment as “For WG access” or something.
      • In NAT:
        • New rule.
          • Chain = srcnat.
          • Src Address = {WG network address (192.168.100.0/24)}.
          • Out Interface = {Your WAN interface}.
          • Action = masquerade
          • Comment as “Masquerade WG” or something
    5. On Fedora client (Should work similarly for any Linux distro, to be fair)
      • sudo dnf install wireguard-tools
      • wg genkey | tee privatekey | wg pubkey > publickey
      • sudo su. You will need to be root in terminal to access the WG folder
      • cd /etc/wireguard
      • nano wg0.conf (or name it whatever you want your connection named)
      • "[Interface]
        PrivateKey = {paste private key}
        ListenPort = {your chosen port}
        Address = {IP within chosen network ie/ 192.168.100.2}

        [Peer]
        PublicKey = {paste from Winbox}
        Endpoint = {Your public IP}:{your WG port}
        AllowedIPs = 0.0.0.0/0
        PersistentKeepalive = 20
      • Ctrl + x then ‘y’ to save
      • nmcli con import type wireguard file /etc/wireguard/{your config file}
      • firewall-cmd –add-port={your WG port}/udp
    6. Configure peer in Winbox
      • In Wireguard menu, select Peers tab and add new
      • Give it a name, and a comment if you like
      • Choose your WG interface
      • Copy/paste public key from Fedora
      • Allowed Address = {Fedora WG IP/32 (192.168.100.2/32)}
    7. Try the connection!

    Hopefully this is helpful if you stumble across it. I’m hoping to do more of these tutorials as I try to do more stuff myself and stumble across the internet for answers. Did this work for you? Let me know if anything doesn’t or if something confuses you above!