PUQ Mautic

Mikrotik WireGuard Business-VPN WISECP module

The module is created to empower IT companies to enrich their service offerings through the provision of paid WireGuard VPN accounts. Once installed, the module takes care of the entire process of creating, modifying, and suspending WireGuard VPN accounts. It seamlessly integrates with the WISECP billing system, streamlining the exchange of crucial data for customer settlements, account activations, and service suspensions. In essence, the service is tailored for business clients who have the capability to manage their VPN accounts.

Description

Mikrotik WireGuard Business-VPN module WISECP 

Order now | Download | FAQ

The MikroTik WireGuard Business-VPN module is designed to offer a customizable Virtual Private Network service for business clients who possess the capability to independently manage their VPN accounts.

At its core, the module provides the end customer with a group of VPN account entries that the client can control. This includes the ability to add, remove, block, and perform port forwarding on these accounts. All accounts are situated within a unified network and share a common external IP address. Moreover, there is a feature that allows internal traffic to be routed among these accounts.

This innovative system empowers the end client to establish corporate private networks for their own customers. With the flexibility to manage VPN accounts and the added functionality of internal traffic forwarding, businesses can tailor their VPN service to meet the specific needs of their clientele.

Requirements
WISECP: v3.1.5+, php: v8.x, Ioncube: V12+
MikroTik: v7+

Supports protocols:
Module Functions:
Available options in the admin panel:
Available options in the client panel:
Screenshot of the client area

image-1700922685060.png

 

image-1700922690995.png

 

image-1700922706424.png

Screenshot of the Admin area

image-1700922768869.png

 

 

 

 

Changelog

Mikrotik WireGuard Business-VPN module WISECP 

Order now | Download | FAQ
v1.2 Released 16-03-2025

 - Fixed a bug with incorrect distribution of IP addresses


v1.1 Released 15-02-2024

 - Fixed a bug with some cases where it was not possible to delete the server
 - Improved security


v1.0 Released 06-12-2023

First version

Installation and configuration guide

Installation and configuration guide

Setup (install/update)

Mikrotik WireGuard Business-VPN module WISECP 

Order now | Download | FAQ

To install and update a module, you must perform one and the same action.

 
1. Download the latest version of the module.
wget https://download.puqcloud.com/WISECP/Product/PUQ_WISECP-Mikrotik-WireGuard-Business-VPN/php81/PUQ_WISECP-Mikrotik-WireGuard-Business-VPN-latest.zip

All versions are available: https://download.puqcloud.com/WISECP/Product/PUQ_WISECP-Mikrotik-WireGuard-Business-VPN/

 
2. Unzip the archive with the module.
unzip PUQ_WISECP-Mikrotik-WireGuard-VPN-latest.zip
 
3. Copy and Replace "puqMikrotikWireGuardBusinessVPN" from "PUQ_WISECP-Mikrotik-WireGuard-Business-VPN" to "WISECP_WEB_DIR/coremio/modules/Product/"
Installation and configuration guide

License Activation

Mikrotik WireGuard Business-VPN module WISECP 

Order now | Download | FAQ

 

1. Log in to the administrative area of your WISECP.

2. Go to module configuration.
Services -> Service Management -> Module Settings -> Other -> All Modules -> PUQ Mikrotik WireGuard Business-VPN

image-1700485721333.png

image-1700485726951.png

image-1700485737918.png

 

image-1700923806126.png

3. On the open page, enter the purchased license key for this product and click the 'Check and Save' button to validate the key and save it.

 

image-1700923838633.png

 

 

 

 
Installation and configuration guide

Mikrotik preparation and configuration

Mikrotik WireGuard Business-VPN module WISECP 

Order now | Download | FAQ

 

Note: Enter the following commands one by one and wait for the command to complete.

Check RouterOS version

Make sure that the version of RouterOS is 7+

system/package/print 
 
Enabling HTTPS Create your own root CA on your router
/certificate
add name=LocalCA common-name=LocalCA key-usage=key-cert-sign,crl-sign
 
Sign the newly created CA certificate
/certificate
sign LocalCA

 

Create a new certificate for Webfig (non-root certificate)

Note: as common-name=XXX.XXX.XXX.XXX You enter public IP adddress of the router.

/certificate
add name=Webfig common-name=XXX.XXX.XXX.XXX
 
Sign the newly created certificate for Webfig
/certificate
sign Webfig ca=LocalCA 
 
Enable SSL (www-ssl) and specify to use the newly created certificate for Webfig
/ip service
set www-ssl certificate=Webfig disabled=no
 
Enable api-ssl and specify to use the newly created certificate for Webfig
 /ip service 
 set api-ssl certificate=Webfig disabled=no 
 
Installation and configuration guide

Add server (Mikrotik) in WISECP

Mikrotik WireGuard Business-VPN module WISECP 

Order now | Download | FAQ
1. Log in to the administrative area of your WISECP.

2. Go to module configuration.
Services -> Service Management -> Module Settings -> Other -> All Modules -> PUQ Mikrotik WireGuard Business-VPN

image-1700485721333.png

image-1700485726951.png

image-1700485737918.png

image-1700908237215.png

 
3. In the opened page, click the 'Add Server' button.

image-1700924292215.png

 

4. On the opened page, enter all the necessary information:

image-1700924467454.png

 

 

 
Installation and configuration guide

Service/Product configuration

Mikrotik WireGuard Business-VPN module WISECP 

Order now | Download | FAQ

If you do not have a Service Group where you want to place the new service, you need to create a new Service Group

1. Log in to the administrative area of your WISECP.
2. Create New Service Group


Go to

Services -> Service Management -> Add Group

image-1700487270737.png

Enter all the necessary data and click the 'Create Group' button.
image-1700487384497.png

3. Adding a New Service

Go to

Services -> our service group where you need to add the new service.

image-1700487595449.png

In the opened window, click the 'Create New Service' button.

image-1700487653237.png

On the opened page, enter all the necessary details for your new service and navigate to the 'Core' tab.

Select the 'PUQ Mikrotik WireGuard Business-VPN' module from the drop-down list of modules.

image-1700924994747.png

4. Fill in the configuration options according to your preferences.

 

WireGuard Clients configuring

WireGuard Clients configuring

WireGuard Official clients

Mikrotik WireGuard Business-VPN module WISECP 

Order now | Download | FAQ
image-1668783561800.png

 

You can download from the https://www.wireguard.com/install/

Please always download latest versions. The following list is intended as a general direction only.


Windows [7, 8.1, 10, 11, 2008R2, 2012R2, 2016, 2019, 2022 – v0.5.3]

Download Windows Installer
Browse MSIs


macOS [app store – v1.0.15]

Download from App Store


Android [play store – vunknown – out of date & f-droid – v1.0.20220516]

Download from Play Store
Download from F-Droid


iOS [app store – v1.0.15]

Download from App Store


Debian/Ubuntu

$ sudo apt install wireguard

 

WireGuard Clients configuring

Mikrotik WireGuard client configuration

Mikrotik WireGuard Business-VPN module WISECP 

Order now | Download | FAQ

 

Make sure you have an up to date routerOS system.

Version must be at least: 7.6

[admin@VPN-CLIENT] > system package print 
Columns: NAME, VERSION
# NAME      VERSION
0 routeros  7.6    

image-1671100595697.png

 

Login to Mikrotik via Winbox

Click on the menu item WireGuard In the window that opens, in the WireGuard tab, click the plus to add a new WireGuard interface

image-1671100789370.png

Copy the private key from the text configuration from the [Interface] section to the PrivateKey field in the WireGuard interface settings in Mikrotik

Click OK to create the interface

image-1671101049703.png

Go to the peers tab.
Click plus to add a new peer

image-1671101223879.png

 

Interface - Select the previously created WireGuard interface 

Public key - Copy the public key from the text configuration from the [Peer] section to the Public key field

Endpoint - Copy the server address from the text configuration from the [Peer] section to the endpoint field

Endpoint Port - Copy the server port from the text configuration from the [Peer] section to the Endpoint Port field

Allowed Address - Copy AllowedIPs from the text configuration from the [Peer] section to the Allowed Address field

Persistent Keepalive - Copy the PersistentKeepalive from the text configuration from the [Peer] section to the Persistent Keepalive field

Click OK to create a peer

image-1671101662963.png

In order to have communication with the server, you need to set the address on the WireGuard interface

 

Go to the menu item IP->Addresses In the window that opens, click the plus to assign an IP address to the WireGuard interface

image-1671101826333.png

Addresse - Copy the Address from the text configuration from the [Interface] section to the Address field

Interface - Select the previously created WireGuard interface 

Press the OK button to confirm

image-1671102046038.png

 

You also need to configure the traffic routes you need at your discretion.

 

Admin Area

Admin Area

Order Detail

Mikrotik WireGuard Business-VPN module WISECP 

Order now | Download | FAQ

 

Navigate to the service you want to manage, then go to the 'Core' tab.

image-1700928964135.png

In the opened tab, you have a view of the online status of the service. The available online information includes:

Also, below are fields with the client's personal data.

You can also individually override package options for the client by checking the 'Overwrite package settings' box.

After modifying the configuration options, check the 'Send changes to server' box to save the data to the MikroTik server.

image-1700929130269.png

 

Client Area

Client Area

Product Home Screen

Mikrotik WireGuard Business-VPN module WISECP 

Order now | Download | FAQ

 

Available options in the client panel:
Screenshot of the client area

image-1700926025317.png

Client Area

Add VPN account

Mikrotik WireGuard Business-VPN module WISECP 

Order now | Download | FAQ

 

To create a new VPN account, you need to click on the "Add VPN Account" button on the main screen of the product.

image-1700926595587.png

In the opened window, you need to enter the account name for identification, as well as select an IP address for the account that the account will use. Don't forget to click the "Add VPN Account" button.

image-1700926729715.png

Client Area

Port Forwarding

Mikrotik WireGuard Business-VPN module WISECP 

Order now | Download | FAQ

 

To access the port forwarding settings, you need to click on the "Port Forwarding" button on the main screen of the product.

image-1700926797237.png

 

To create a new port forwarding rule, enter the port you want to forward, select the protocol, choose the VPN account from the dropdown list to which the port will be forwarded, and enter the port to which the forwarding will occur. After filling in the details, press the "Add Port Forwarding" button.

 

image-1700926871159.png

To delete an existing rule, you need to click the "Delete" button next to the rule you want to remove.