MikroTik - Wireguard Configuration

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
what's up everybody the networkberg here hope you've been doing well in this video we will be covering configuring a wire guard tunnel between two microchip routers in order to route vpn traffic so what is wireguard it is a new type of vpn solution that's looking to replace ipsec as well as openvpn it is actually a pretty strong contender a lot of people use it on their systems on different routers and maybe servers and such and i'm going to show you how to set this up on mikrotik so stay tuned okay so let's get into the wire guard setup just a quick disclaimer before we begin this is all happening on router os version seven so this is not released on version six it's not officially supported on version six it's currently a experimental feature on version seven which i'm hoping will also definitely carry through when they launch version 7 so something to just remember so if you're trying to set this up and follow along with me on your own version 6 router it's not going to work because you won't have the packages or the features set to run wireguard okay now that that's out of the way let's just quickly look at this topology we've basically got two cloud hosted routers rather one router two and then they have one nine two one six eight.246.x eyepiece which are their wan addresses on ether one that these routers will use to connect to each other like over the internet almost then i have a private subnet at each router which is defined here and then i have fake pieces which are just other micro ticks that are going to act as if they were computers and then finally we've got our wire guard tunnel with this 10.0.0.0 30 subnet which we will be assigning as ips between the routers so that we can route traffic across the wire guard tunnel so this is going to be really fun let's quickly get on to winbox so from winbox i'm just going to connect onto router 1. and if you look on your management panel then you'll see there is a cool new wire guard that i can go to so i'll click on wire guard and then i have two sections that i need to be aware of wireguard and piers so here by wireguard is where you're basically going to be creating the wireguard interface and the pier is where you're going to be defining who you're connecting to as well as which ip subnet you're allowing across the network now the cool thing about wire guard is the setup is very simple very straightforward if you've ever set up ovpn or um ip6i to site on mikrotik there's a few weird little things that you need to be aware of and that you need to do in order for everything to work with wireguard it is so simple the moment the tunnel is up you can just route traffic across it and you just need to allow the new subnets of your peer and everything works that's really cool so what i'm going to do is i'm just quickly going to create a wireguard interface so click on the plus we can give it a name so i can just call this wireguard1 this is just for admin on the router you don't need to match this on the two equipment or anything mtu so this is just the mtu size of the interface listen port this is pretty important i'll just copy this one three two three one that is micro export that i've assigned you can give it your own port but just make sure it's not something that's going to clash with anything else and then the big important stuff here is the private and public key so it's blank currently i could fill this in if i want to but i'm not going to do that because if i just hit apply it's going to create a private key for me and there will be a public key as well so the private and public key they are both used together in order to encrypt and decrypt the traffic of the vpn tunnel so that's what we're going to use that for the public key is also important because this is what your opposite end is going to use to connect to you and they will also similarly have their own public key that they need to share to you in order to connect so i might just keep an eye on that and i'll hit ok and then what i'm going to do is i'm going to go into the second micro tick and do this from the command line so that you can see us do this from command line as well also just note since it is on beta there is this weird little bug where you need to specify um the port for your remote end from the command line also doesn't take it but we'll see that when we get to the peers so first things first we're going to go to wire guard so we're going to go to interface wire guard and then we're going to just add and then what we can do is give it a name so i'll call this wire guard one again the mtu we don't need to set it but it was 14 20 so i'll just save that anyways and the listen port which was listen port was one three two three one i think let's just confirm one three two three one okay that's fine and that should be it if i hit okay and i do an interface wire guard print i get my public and private key as well neato so i've set up the wire guard interface on router 2 as well next step we're going to go back onto router 1 we're going to go to our peers we're going to click on the plus it's going to ask us for an interface so this will be your wireguard interface it's going to ask you for a public key so this will be your peers public key so let's just go back into this party session let me just copy that and paste it in here your end point so this will be think of this as the public iep of your peer what you're connecting to so in my example i will be connecting to 192.168.246.131 all right and then we need to specify our allowed addresses so think of this as the subnets of the remote end that you want to allow over the wire card tunnel to connect to you so i'm going to define this as 10.0.0.30 which is just going to be the subnet of the wireguard tunnel as well as the ip range of the private addresses sitting behind my neighbor so in my example it was 192.168.2.0.24. you can define a pre-shared key this is just for added security but i'm not going to do that here and then i'm going to apply this so here's the actual bug because with the end point you actually need to make the colons and then specify your port 1 3 2 3 1 but we will we'll do this on the command line just to fix that all right so there is our peer it's been defined now let's do it from the command line for router 2 so let me just get back on to inbox or another inbox patient so we'll go interface wire card pier add let's look at our options i know i need to specify my interface and that was wireguard1 i need to specify my endpoint which will be 192.168. 246.120 and here i actually this is what i'm talking about where the bug is where i need to put the the port in one three two three one and i'm going to add that via the command line on router one as well just to make it work we need to specify our allowed addresses so this will be slash 10.0.0.0.30. and ten dot no one seven two dot sixteen dot one not zero slash twenty four and then we need to specify our public key as well so those are the important bits so let me just quickly fetch the public key of router one i'm just going to copy that and hit enter invalid public key okay i cop oh it i didn't take the equals there we go all right so if i go interface wire guard print it should be up actually so the way that we can test this is we can actually quickly assign this wireguard tunnel eyepiece to our micro ticks so on router 1 i'm going to go to my addresses i'll assign 10.0.0.1.30 to wireguard and then on the command line for other two i will add an iep address add address equals 10 0 0 2 30 interface is wire guard okay so first things first let's see can we ping across the tunnel ping 10.0.0.1 i can ping 10 0 0 1 from 10 0 002 so i'm pinging across the wire guard ip now so from dot 2 i'm pinging 2.1 so that's over the wire guard tunnel let's see from router 2 can i ping this one 7216 1.1 address no i can't why can't i ping it i've defined it in my peer but i can't ping it and the reason is i haven't added a route for that yet so let's quickly add her out we can do that by going into iprout add destination address equals 172.16.1.0 24. and our gateway will be if you look at the topology it's going to be the tunnel ip of router 1 because i'm on router 2 so this will be 10.0.0.1 cool now i need to add routing from router 1 as well even though let's quickly do a test let's see can we ping 172 16 1.1 now we can ping that now the reason we can ping it is it's actually pinging it from the 10.0.0.2 address but if i'm going to ping this from 192.1602.1 it's going to fail and the reason is there is no return route on router 1 yet so let's quickly go into router 1 go into our routes let's click on the plus and add a route for 192.168.2.0 24 and our gateway is the tunnel ip or the wire guard iep of router 2. i'll apply that and let's hit ok and let's jump onto our test pc so i'm going to go back into pc1 let's quickly see can i ping 192.168.2.1 holy smokes i can ping across the wires or the well i almost called it wireshark the wire guard ip uh let's see can i ping.100 which is a pcs2 address yes i can so let's just jump back onto inbox and then let's verify that by going on to wireguard look at our interfaces and then we can actually see there is traffic passing over the interface if i look at the status it is up if we look at the traffic there is the traffic that is traversing this wire guard tunnel if i torch it i can see the ping as well amazing so we've set up a wire guard tunnel between two sites and kind of set up an ip a side to site vpn using wire guard and it was super quick and easy if you think about it so really this is a feature i'm super excited about i do hope router version 7 comes out and that is very soon and it brings wire guard with it anyways i'd like to thank you guys for watching see you in the next video oh and i'd like to remind you guys to subscribe and like and share the video and comment if you have any questions thanks again bye
Info
Channel: The Network Berg
Views: 21,263
Rating: undefined out of 5
Keywords: #Routers, #CCNA, #CCNP, #MTCNA, #MTCRE, #MTCINE, #Networking, #Computers, #Ethernet, #DHCP, #Configuration, #WireGuard, #ROS7
Id: lS4zeMACT3w
Channel Id: undefined
Length: 12min 51sec (771 seconds)
Published: Thu Nov 19 2020
Related Videos
my SUPER secure Raspberry Pi Router (wifi VPN travel router)
NetworkChuck
370K
Talking about MikroTik Certifications & Building more BGP labs (The Network Berg Stream Ep.07)
The Network Berg
1K
Common MikroTik WiFi mistakes and how to avoid them
MikroTik
82K
Special Lecture: F-22 Flight Controls
MIT OpenCourseWare
2.1M
Drone Programming With Python Course | 3 Hours | Including x4 Projects | Computer Vision
Murtaza's Workshop - Robotics and AI
1.7M
2020 Getting started with pfsense 2.4 Tutorial: Network Setup, VLANs, Features & Packages
Lawrence Systems
587K
How To Build Your Own Wireguard VPN Server in The Cloud
Lawrence Systems
82K
The REAL story About the Crash that Killed Concorde! | Air France flight 4590
Mentour Pilot
4.2M
📗MikroTik MTCNA - Wireless AP & Client Configuration
The Network Berg
1K
NETWORKING : Impostazioni base delle Routerboard Mikrotik
alltechhobbies
5.9K
#112 LoRa / LoRaWAN De-Mystified / Tutorial
Andreas Spiess
754K
Выбор оборудования Mikrotik: для дома, для офиса, для компании среднего и крупного размеров.
Mikrotik Training
37K
Pritunl VPN with WireGuard! Free, Open Source, Self Hosted, and Fast! Speedtests Show WireGuard Wins
Awesome Open Source
15K
HOW TO MAKE A SUPER EXTENSION CORD! (Perfect for Christmas!)
Stud Pack
1.1M
This is Why I Hate MikroTik
MikroTik
44K
1951 Radio Receiver - Can We Bring It Back To Life?
Mr Carlson's Lab
49K
The XIAOMI MI Router 4A Gigabit Edition
OneMarcFifty
14K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.