Mikrotik WireGuard Business-VPN WISECP module
The module is created to empower IT companies to enrich their service offerings through the provision of paid WireGuard VPN accounts. Once installed, the module takes care of the entire process of creating, modifying, and suspending WireGuard VPN accounts. It seamlessly integrates with the WISECP billing system, streamlining the exchange of crucial data for customer settlements, account activations, and service suspensions. In essence, the service is tailored for business clients who have the capability to manage their VPN accounts.
- Description
- Changelog
- Installation and configuration guide
- Setup (install/update)
- License Activation
- Mikrotik preparation and configuration
- Add server (Mikrotik) in WISECP
- Service/Product configuration
- WireGuard Clients configuring
- Admin Area
- Client Area
Description
Mikrotik WireGuard Business-VPN module WISECP
Order now | Download | FAQ
The MikroTik WireGuard Business-VPN module is designed to offer a customizable Virtual Private Network service for business clients who possess the capability to independently manage their VPN accounts.
At its core, the module provides the end customer with a group of VPN account entries that the client can control. This includes the ability to add, remove, block, and perform port forwarding on these accounts. All accounts are situated within a unified network and share a common external IP address. Moreover, there is a feature that allows internal traffic to be routed among these accounts.
This innovative system empowers the end client to establish corporate private networks for their own customers. With the flexibility to manage VPN accounts and the added functionality of internal traffic forwarding, businesses can tailor their VPN service to meet the specific needs of their clientele.
Requirements
WISECP: v3.1.5+, php: v8.x, Ioncube: V12+
MikroTik: v7+
Supports protocols:
- WireGuard
Module Functions:
- Auto create and deploy VPN account/accounts
- Suspend/Unsuspend/Delete/Change Package
- Port forwarding
- Requires a MikroTik device or MikroTik CHR.
- Possibility to set Bandwidth speed limits per client VPN account
- Module supports multilingualism (Arabic, Azerbaijani, Catalan, Chinese, Croatian, Czech, Danish, Dutch, English, Estonian, Farsi, French, German, Hebrew, Hungarian, Italian, Macedonian, Norwegian, Polish, Romanian, Russian, Spanish, Swedish, Turkish, Ukrainian)
- Link to instructions for setting up the service in the client area.
- Mechanism for working with servers and server groups
Available options in the admin panel:
- Create users
- Suspend users
- Unsuspend users
- Delete users
- Change Package
- VPN connection status
Available options in the client panel:
- Links in the form of buttons to the instruction and VPN clients
- General information about the service
- Option to download WireGuard configuration as a file
- QR code for WireGuard configuration
- VPN connection status
Screenshot of the client area
Screenshot of the Admin area
Changelog
Mikrotik WireGuard Business-VPN module WISECP
Order now | Download | FAQ
v1.1 Released 15-02-2024
- Fixed a bug with some cases where it was not possible to delete the server
- Improved security
v1.0 Released 06-12-2023
First version
Installation and configuration guide
Setup (install/update)
Mikrotik WireGuard Business-VPN module WISECP
Order now | Download | FAQ
To install and update a module, you must perform one and the same action.
1. Download the latest version of the module.
wget https://download.puqcloud.com/WISECP/Product/PUQ_WISECP-Mikrotik-WireGuard-Business-VPN/PUQ_WISECP-Mikrotik-WireGuard-Business-VPN-latest.zip
All versions are available: https://download.puqcloud.com/WISECP/Product/PUQ_WISECP-Mikrotik-WireGuard-Business-VPN/
2. Unzip the archive with the module.
unzip PUQ_WISECP-Mikrotik-WireGuard-VPN-latest.zip
3. Copy and Replace "puqMikrotikWireGuardBusinessVPN" from "PUQ_WISECP-Mikrotik-WireGuard-Business-VPN" to "WISECP_WEB_DIR/coremio/modules/Product/"
License Activation
Mikrotik WireGuard Business-VPN module WISECP
Order now | Download | FAQ
1. Log in to the administrative area of your WISECP.
2. Go to module configuration.
Services -> Service Management -> Module Settings -> Other -> All Modules -> PUQ Mikrotik WireGuard Business-VPN
3. On the open page, enter the purchased license key for this product and click the 'Check and Save' button to validate the key and save it.
Mikrotik preparation and configuration
Mikrotik WireGuard Business-VPN module WISECP
Order now | Download | FAQ
Note: Enter the following commands one by one and wait for the command to complete.
Check RouterOS version
Make sure that the version of RouterOS is 7+
system/package/print
Enabling HTTPS Create your own root CA on your router
/certificate
add name=LocalCA common-name=LocalCA key-usage=key-cert-sign,crl-sign
Sign the newly created CA certificate
/certificate
sign LocalCA
Create a new certificate for Webfig (non-root certificate)
Note: as common-name=XXX.XXX.XXX.XXX You enter public IP adddress of the router.
/certificate
add name=Webfig common-name=XXX.XXX.XXX.XXX
Sign the newly created certificate for Webfig
/certificate
sign Webfig ca=LocalCA
Enable SSL (www-ssl) and specify to use the newly created certificate for Webfig
/ip service
set www-ssl certificate=Webfig disabled=no
Enable api-ssl and specify to use the newly created certificate for Webfig
/ip service
set api-ssl certificate=Webfig disabled=no
Add server (Mikrotik) in WISECP
Mikrotik WireGuard Business-VPN module WISECP
Order now | Download | FAQ
1. Log in to the administrative area of your WISECP.
2. Go to module configuration.
Services -> Service Management -> Module Settings -> Other -> All Modules -> PUQ Mikrotik WireGuard Business-VPN
3. In the opened page, click the 'Add Server' button.
4. On the opened page, enter all the necessary information:
- Name: Displayed name of the server.
- Maximum Number of Accounts: The number of services that can be on this server.
- Server Group: Optionally, choose the server group.
- DNS 1 and DNS 2: are DNS servers that will be specified in the configuration of WireGuard clients.
- Assigned IP Addresses: a list of Interface fot public IP, Public IP, Private Net that will be assigned to WireGuard VPN clients, with each address on a new line. Format:
<interface>|<public_ip>/<mask>|<private_network>/<mask>
- IP Address or Domain: The address of the MikroTik router you are connecting to.
- Username: is the username for the account on MikroTik.
- Password: is the password for the account on MikroTik.
- Check the SSL box if you want to use SSL-encrypted connection. If necessary, specify the port and perform a connection test.
Service/Product configuration
Mikrotik WireGuard Business-VPN module WISECP
Order now | Download | FAQ
If you do not have a Service Group where you want to place the new service, you need to create a new Service Group
1. Log in to the administrative area of your WISECP.
2. Create New Service Group
Go to
Services -> Service Management -> Add Group
Enter all the necessary data and click the 'Create Group' button.
3. Adding a New Service
Go to
Services -> our service group where you need to add the new service.
In the opened window, click the 'Create New Service' button.
On the opened page, enter all the necessary details for your new service and navigate to the 'Core' tab.
Select the 'PUQ Mikrotik WireGuard Business-VPN' module from the drop-down list of modules.
4. Fill in the configuration options according to your preferences.
- Server Group is the group of servers from which a server will be chosen for provisioning the service
- Number of VPN Accounts: the quantity of VPN user accounts a client can create within this package
- Bandwidth Download and Bandwidth Upload represent the connection speed that will be restricted by these parameters, in megabits per second, respectively.
- Comment Prefix will be added at the comment in MikroTik
- Port Forwarding: If the checkbox is selected, it means the client will have the ability to redirect ports from the main public address to internal addresses.
- Internal Traffic: If the checkbox is selected, it indicates that internal traffic between VPN clients of the client will be allowed.
- NAT Rules on Public IP: If the checkbox is selected, firewall rules, specifically NAT (Network Address Translation) to the public IP address, will be created during the service deployment.
- Persistent Keepalive/AllowedIPs: parameters of configuration WireGuard clients
-
Interface MTU: This parameter will be set during the creation of the WireGuard interface.
- Link to Instruction Provide the link to the instruction for the service, and it will be displayed in the client area as a separate button
- Link to VPN Clients Provide the link to the page for downloading VPN clients for the service, and it will be displayed in the client area as a separate button
WireGuard Clients configuring
WireGuard Official clients
Mikrotik WireGuard Business-VPN module WISECP
Order now | Download | FAQ
You can download from the https://www.wireguard.com/install/
Please always download latest versions. The following list is intended as a general direction only.
Windows [7, 8.1, 10, 11, 2008R2, 2012R2, 2016, 2019, 2022 – v0.5.3]
Download Windows Installer
Browse MSIs
macOS [app store – v1.0.15]
Android [play store – vunknown – out of date & f-droid – v1.0.20220516]
Download from Play Store
Download from F-Droid
iOS [app store – v1.0.15]
Debian/Ubuntu
$ sudo apt install wireguard
Mikrotik WireGuard client configuration
Mikrotik WireGuard Business-VPN module WISECP
Order now | Download | FAQ
Make sure you have an up to date routerOS system.
Version must be at least: 7.6
[admin@VPN-CLIENT] > system package print
Columns: NAME, VERSION
# NAME VERSION
0 routeros 7.6
Open a single-use shipment on the WireGuard section for the client's configuration request
Login to Mikrotik via Winbox
Copy the private key from the text configuration from the [Interface] section to the PrivateKey field in the WireGuard interface settings in Mikrotik
Click OK to create the interface
Go to the peers tab.
Click plus to add a new peer
Interface - Select the previously created WireGuard interface
Public key - Copy the public key from the text configuration from the [Peer] section to the Public key field
Endpoint - Copy the server address from the text configuration from the [Peer] section to the endpoint field
Endpoint Port - Copy the server port from the text configuration from the [Peer] section to the Endpoint Port field
Allowed Address - Copy AllowedIPs from the text configuration from the [Peer] section to the Allowed Address field
Persistent Keepalive - Copy the PersistentKeepalive from the text configuration from the [Peer] section to the Persistent Keepalive field
Click OK to create a peer
In order to have communication with the server, you need to set the address on the WireGuard interface
Addresse - Copy the Address from the text configuration from the [Interface] section to the Address field
Interface - Select the previously created WireGuard interface
You also need to configure the traffic routes you need at your discretion.
Admin Area
Order Detail
Mikrotik WireGuard Business-VPN module WISECP
Order now | Download | FAQ
Navigate to the service you want to manage, then go to the 'Core' tab.
In the opened tab, you have a view of the online status of the service. The available online information includes:
- Connection status to the API
- Information about the VPN account on the MikroTik router
- Information about the account
Also, below are fields with the client's personal data.
You can also individually override package options for the client by checking the 'Overwrite package settings' box.
After modifying the configuration options, check the 'Send changes to server' box to save the data to the MikroTik server.
Client Area
Product Home Screen
Mikrotik WireGuard Business-VPN module WISECP
Order now | Download | FAQ
Available options in the client panel:
-
VPN Account Creation Button
-
Port Forwarding Management Button
- Links in the form of buttons to the instruction and VPN clients
- General information about the service
-
List of VPN Users Encrypted by the Client with Status and Edit Button
Screenshot of the client area
Add VPN account
Mikrotik WireGuard Business-VPN module WISECP
Order now | Download | FAQ
To create a new VPN account, you need to click on the "Add VPN Account" button on the main screen of the product.
In the opened window, you need to enter the account name for identification, as well as select an IP address for the account that the account will use. Don't forget to click the "Add VPN Account" button.
Port Forwarding
Mikrotik WireGuard Business-VPN module WISECP
Order now | Download | FAQ
To access the port forwarding settings, you need to click on the "Port Forwarding" button on the main screen of the product.
To create a new port forwarding rule, enter the port you want to forward, select the protocol, choose the VPN account from the dropdown list to which the port will be forwarded, and enter the port to which the forwarding will occur. After filling in the details, press the "Add Port Forwarding" button.
To delete an existing rule, you need to click the "Delete" button next to the rule you want to remove.