13 ตุลาคม 2565

wireguard :: mikrotik server split tunnel with mikrotik client, android client, ubuntu client

scenario
server ip
192.168.20.1

local network
192.168.70.0/24
192.168.80.0/24

key pair generate script via ubuntu
wg genkey | tee private.key | wg pubkey > public.key

mikrotik server   
private-key="SEzAh6+G7eVcNxSAWD/9KdR28YoXVy58KF6Nvd4YMEM="
public-key="PgFcfWLokU8YjNW0tTrmE3e2tc2rmG8EuXJEhO2Ogzg="

mikrotik client   
private-key="cHfKboloI7SfT2W2dBUVDksLHL9EvmMURcSY6Jm3Ens="
public-key="zwtwrDYy9XmrGDpONawDBZCZRr66CkHDimhaurIgxEc=

android   
private-key="mD/VGj1qBY1+CWyOP/Zr0+cay/D24Z5e/0zsT/rTy0U="
public-key="6six3G4E0rbHNekcHCeUJHRRcGgbvOGW5EgOiXmWQS8="

ubuntu   
private-key="eOCMv9KQGZYm5vwhIjAUMtyjcrIGEksKd5ACx4lm+0E="
public-key="y3MmYwOGbaVpxt7DtbeR82XXnrhyBQ8ARohRT0fK2Qw="


mikrotik server
/interface/wireguard/
add listen-port=13231 mtu=1420 name=wg1 private-key="SEzAh6+G7eVcNxSAWD/9KdR28YoXVy58KF6Nvd4YMEM="

/interface/wireguard/peers/
add allowed-address=10.0.0.2/32 comment="mikrotik peer" interface=wg1 persistent-keepalive=30s public-key="zwtwrDYy9XmrGDpONawDBZCZRr66CkHDimhaurIgxEc="
add allowed-address=10.0.0.3/32 comment="android peer" interface=wg1 persistent-keepalive=30s public-key="6six3G4E0rbHNekcHCeUJHRRcGgbvOGW5EgOiXmWQS8="
add allowed-address=10.0.0.4/32 comment="ubuntu peer" interface=wg1 persistent-keepalive=30s public-key="y3MmYwOGbaVpxt7DtbeR82XXnrhyBQ8ARohRT0fK2Qw="

/ip/address/
add address=10.0.0.1/24 interface=wg1 network=10.0.0.0

mikrotik client
/interface/wireguard/
add listen-port=13231 mtu=1420 name=wg1 private-key="cHfKboloI7SfT2W2dBUVDksLHL9EvmMURcSY6Jm3Ens="

/interface/wireguard/peers/
add allowed-address=0.0.0.0/0 endpoint-address=192.168.20.1 endpoint-port=13231 interface=wg1 persistent-keepalive=30s public-key="PgFcfWLokU8YjNW0tTrmE3e2tc2rmG8EuXJEhO2Ogzg="

/ip/address/
add address=10.0.0.2/24 interface=wg1 network=10.0.0.0

/ip/route/
add dst-address=192.168.70.0/24 gateway=wg1
add dst-address=192.168.80.0/24 gateway=wg1


android
install wireguard from play store and import config file

wg1.conf
[Interface]
Address = 10.0.0.3/32
PrivateKey = mD/VGj1qBY1+CWyOP/Zr0+cay/D24Z5e/0zsT/rTy0U=

[Peer]
AllowedIPs = 10.0.0.0/24, 192.168.70.0/24, 192.168.80.0/24
Endpoint = 192.168.20.1:13231
PersistentKeepalive = 30
PublicKey = PgFcfWLokU8YjNW0tTrmE3e2tc2rmG8EuXJEhO2Ogzg=


ubuntu
sudo apt-get install wireguard
sudo vi /etc/wireguard/wg1.conf
sudo wg-quick up wg1

wg1.conf
[Interface]
Address = 10.0.0.4/32
SaveConfig = true
PrivateKey = eOCMv9KQGZYm5vwhIjAUMtyjcrIGEksKd5ACx4lm+0E=

[Peer]
PublicKey = PgFcfWLokU8YjNW0tTrmE3e2tc2rmG8EuXJEhO2Ogzg=
AllowedIPs = 10.0.0.0/24, 192.168.70.0/24, 192.168.80.0/24
Endpoint = 192.168.20.1:13231
PersistentKeepalive = 30