How to Set Up WireGuard on MikroTik Routers with VPNUK

Setting up WireGuard® VPNUK on MikroTik Routers

WireGuard is a modern, high-performance VPN protocol known for its blazing-fast speeds, strong security, and low resource usage. MikroTik routers running RouterOS 7.0 or later have native WireGuard support, allowing seamless integration with VPNUK for a secure and encrypted connection.

WireGuard® configuration download

Please login using the VPN login username and password from the vpn account you would like to configure.
Click Here to download your WireGuard® configuration file, which is compatible with all devices.

IMPORTANT NOTES: A WireGuard® connection is currently only compatible with our Dedicated IP accounts. Each configuration file is generated automatically, twice per hour, the process can take up to 20 minutes to complete, it can therefore sometimes take up to 1 hour for a new configuration file to be created on new accounts. If you are a new user please allow the system time to generate your configuration file.

1: Open your configuration file.

  1. Click Here to download the WireGuard configuration file (.conf).
  2. Open the .conf file in Notepad or a text editor and take note of the following details:
    • Private Key
    • Public Key
    • Allowed IPs
    • Endpoint (VPNUK Server Address)
    • Port

 

2. Enable WireGuard on MikroTik Router

  1. Log in to your MikroTik router via WinBox or SSH.
  2. Navigate to Interfaces.
  3. Click Add (+) > WireGuard.
  4. Enter the following details:
    • Name: wg-vpn
    • Listen Port: 59851
    • Private Key: (Paste your Private Key from the WireGuard .conf file)
  5. Click OK.

 

3. Add Peer (VPNUK Server)

  1. Go to Interfaces > WireGuard.
  2. Click Peers > Add (+).
  3. Enter the following details:
    • Interface: wg-vpn
    • Public Key: (Paste the Public Key from your .conf file)
    • Allowed Address: 0.0.0.0/0
    • Endpoint: (Enter the VPNUK server address from your .conf file)
    • Port: 59851
  4. Click OK.

 

4. Configure IP Address for WireGuard Interface

  1. Go to IP > Addresses.
  2. Click Add (+).
  3. Enter the following:
    1. Address: (Use the Address provided in your WireGuard .conf file)
    2. Interface: wg-vpn
  4. Click OK.

 

5. Configure IP Address for WireGuard Interface

  • Go to IP > Routes.
  • Click Add (+).
  • Enter the following:
    • Dst. Address: 0.0.0.0/0
    • Gateway: wg-vpn
  • Click OK.

 

6. Configure Firewall & NAT Rules

  • Go to IP > Firewall > NAT.
  • Click Add (+) and enter the following:
    • Chain: srcnat
    • Out Interface: wg-vpn
    • Action: masquerade
  • Click OK.

 

7. Connect & Verify VPN Status

  1. Go to Interfaces and ensure wg-vpn is running.
  2. Go to Log to check the WireGuard handshake.
  3. To confirm the connection, check your new IP address by visiting: https://www.ipaddress.com/
    Your IP should now match your unique VPNUK IP.

 

Enjoy Secure VPN Access with VPNUK & WireGuard on MikroTik Routers

Did this guide help? Please provide us with feedback here or share it with others looking for a secure VPN setup on MikroTik Routers!

 

Optional WireGuard Settings for MikroTik Routers

1. Enable Auto-Start for WireGuard VPN

To ensure your MikroTik router automatically connects to VPNUK’s WireGuard VPN after reboot or network failure:

  1. Log in to MikroTik via WinBox or SSH.

  2. Go to System > Scheduler.

  3. Click Add (+).

  4. Enter the following:

    • Name: WireGuard-AutoConnect
    • Start Date: (Leave default)
    • Start Time: 00:00:00
    • Interval: 00:05:00 (Runs every 5 minutes, adjust as needed)

  5. In the On Event box, enter the following script:

    :if ([/interface wireguard get [find name="wg-vpn"] running] = false) do={ /interface enable wg-vpn }

  6. Click OK to save.

This ensures WireGuard reconnects automatically if it disconnects due to network issues or router reboots.

2. Selective Routing (Policy-Based Routing for Specific Devices)

By default, all devices connected to your MikroTik router use the VPN tunnel. If you want only certain devices to use VPNUK WireGuard, follow these steps:

Create a Separate Routing Table for WireGuard VPN

  1. Go to IP > Routes.
  2. Click Add (+).
  3. Enter the following:
    • Dst. Address: 0.0.0.0/0
    • Gateway: wg-vpn
    • Routing Table: VPN
  4. Click OK.

Assign Specific Devices to VPN

  1. Go to IP > Firewall > Mangle.
  2. Click Add (+) and enter:
    • Chain: prerouting
    • Src. Address: (Enter the IP address of the device you want to route through VPN, e.g., 192.168.1.100)
    • Action: mark-routing
    • New Routing Mark: VPN
  3. Click OK.

Only selected devices will now route through the VPN, while all others remain on the normal internet connection.

Troubleshooting Common Issues

Cannot connect to VPNUK servers?

Ensure the WireGuard server address and keys are correct.
We recommend downloading a new config file if the connection stops working.
Restart your MikroTik router and try again.
Verify that UDP Port 51820 is open on your network.

VPN is connected, but no internet?

Go to Firewall NAT rules and ensure masquerade is enabled.
Check IP Routes to confirm wg-vpn is set as the default gateway.

 

“WireGuard” and the “WireGuard” logo are registered trademarks of Jason A. Donenfeld. WireGuard® is available and should always be updated from the developers website at wireguard.com