WireGuard on MikroTik

WireGuard on MikroTik

The article describes the self setup of VPN on WireGuard on MikroTik devices with version RouterOS 7 and higher. (Not available in lower RouterOS versions, you must upgrade RouterOS). This phenomenal VPN is very fast, secure and easily configurable in a home environment.

If you are a home user and thinking about how to access your home network from the internet, WireGuard is currently one of the easiest choices. It is ideal for secure access to your home NAS or smart home when you are not at home.


What do we need?



Any MikroTik router (Router OS 7 version, if you have an older one, upgrade the firmware)

Any Android, iOS phone

Any PC, Laptop with any OS


WireGuard VPN

Internet connection and public IPv4 address (if you don't have it, ask your internet provider)



Log in to your MikroTik router. We recommend not using the web interface and using WinBox. However, the procedure is identical. Go to the WireGuard tab and the + icon to add a new WireGuard connection. Name the setting, e.g. wireguard and copy the Public Key somewhere:

Mikrotik WireGuard vytvoření

Next, we must add a new address for the WireGuard interface in the IP → Addresses by clicking on the + icon. We will choose a unique range and start with a one, for example:

MIkroTik WireGuard Address


In the final step, we will add the other side, called "Peer". Switch to the Peers tab. Here, you need to know the Public Key of the client device (for example, phone, computer, tablet - look in your client's app, see instructions in the left menu). Copy the Public Key and assign it an address allowed for the WireGuard network, which should have a unique range:

MikroTik WireGuard Add Peer


If you have a default firewall -> you are using predefined firewall from Quick Setup in your MikroTik, you need to allow the UDP port for WireGuard. In our case, the port is 33333. Go to IP → Firewalland add a new rule again using the + icon, see the example below:

MikroTik WireGuard Firewall

And if you want to access local network from your WireGuard (probably yes), you should add wireguard interface in interface list.This can be done under Interfaces -> Interface List.  Click + and add wireguard to local network, named "LAN" in this case. See below:

WireGuard Interface List


That's it!

Now set up the client according to the type of phone or computer. See instructions in the left menu

PS: Part of the household may have their MikroTik router behind another router provided by the internet provider. In this case, it is necessary to forward the "Port Forward" from the external provider router to your MikroTik. This setting depends on the type of router and if you don't know how to do, asks your internet provider technical support for help. You need to redirect the selected UDP port (in our case 33333) on the MikroTik internal router to same port 33333.

Rate the article:

Average: 4.4 (5 votes)

Support Us:

Add comment:


Your profile picture

Excellent guide, thank you for publishing this. Question, on 2nd screenshot, shouldn't the address be (and not /24)?

Your profile picture

Hi thank you, probably you can use /32 as well. But /24 means that last number can be 0-255 which is true ( is under range) and should works as well.

Add comment

Newest articles in blog

Tailscale - remote access without public IP
Tailscale - remote access without public IPRating: 

The Tailscale service solves access between individual devices if you don't have a public IP address. It's free for one user with support for up to 100 devices. We'll show you how to install Tailscale on a Raspberry Pi that you'll have at home and on a client (Android, iPhone) from which you'll want to access the home Raspberry Pi. Our example will be remote access to OpenHAB running on a Raspberry Pi. However, the same setup applies to many other applications - home NAS, PiHole, Home Assistant, Domoticz, NextCloud, and others.

Shelly OpenHAB MQTT
Shelly vs OpenHABRating: 

The Shelly brand is known for its products that primarily communicate over WiFi, including smart plugs, relay switches, blinds control relays, and many other devices. One of the advantages for deployment is the ability to both read and control these devices using the universal MQTT protocol. Across existing add-ons for both OpenHAB and Home Assistant, we will demonstrate how to use Shelly devices without installing any additional extensions.

Victron & OpenHAB
Victron vs Smart HomeRating: 

In this post, we will show you how to retrieve information from a photovoltaic power plant by Victron. We will connect to the Cerbo unit via MQTT. Based on these values, we can control various appliances (heating, boiler, etc.) and prevent the battery from being drained when they don't need to be.

Smart Home GoodWe inverter
Smart Home vs GoodWeRating: 

In the post, we will demonstrate step by step how to communicate directly with the GoodWe inverter in a smart home setup and obtain real-time information (unlike the SEMS portal). This information is essential if we want to react to current parameters in a smart home, such as activating additional cooling or controlling a socket with a various load.

Voice control smart home
Voice control of the houseRating: 

In this article, we will connect the Amazon Echo Dot voice assistant with open source home automation. We won't be using OpenHAB Cloud, so everything runs locally. In this case, a few additional settings are necessary, but the result is worth it!

MikroTik - Winbox, DHCP, Ranges
Basics - Winbox, DHCPRating: 

In this series, we will look at the step-by-step setup of MikroTik devices for home users or a small business (up to 25 people). In the first article, we will focus on the initial setup - we will download Winbox and set up DHCP for the primary network and guest network. Similarly, we will also adjust the WiFi settings.

Alarm Smart Home PIR
Alarm from existing PIR sensors in a smart home.Rating: 

In a your smart home, PIR sensors may not only be used to switch lights on and off based on motion, it is possible to utilize these sensors to detect the presence of motion in a particular room. This information can be used to create a relatively reliable uncertified home security system. In this guide, you will find the logic for how this can work in the OpenHAB software in our model smart home.

NFC Tag Example in Smart Home
NFC tags in smart homeRating: 

NFC (Near Field Communication) tags are small plastic or paper stickers that can be used to automate various functions in the smart home. In this article, we will show you examples of use and a guide on how to write an action on an NFC tag using a mobile phone.

WireGuard iOS
WireGuard on iOS devicesRating: 

In this article, you will find a detailed guide on how to connect to WireGuard VPN from iOS.

WireGuard on Android device
WireGuard on Android devicesRating: 

In this article, you will find a detailed guide on how to connect to WireGuard VPN from Android.