Mikrotik preparation and configuration

Mikrotik WireGuard VPN module WISECP 

Order now | Download | FAQ

Note: Enter the following commands one by one and wait for the command to complete.

Check RouterOS version

Make sure that the version of RouterOS is 7+

xxxxxxxxxx

system/package/print

Enabling HTTPS Create your own root CA on your router

xxxxxxxxxx

/certificate

add name=LocalCA common-name=LocalCA key-usage=key-cert-sign,crl-sign

Sign the newly created CA certificate

xxxxxxxxxx

/certificate

sign LocalCA

Create a new certificate for Webfig (non-root certificate)

Note: as common-name=XXX.XXX.XXX.XXX You enter public IP adddress of the router.

xxxxxxxxxx

/certificate

add name=Webfig common-name=XXX.XXX.XXX.XXX

Sign the newly created certificate for Webfig

xxxxxxxxxx

/certificate

sign Webfig ca=LocalCA

Enable SSL (www-ssl) and specify to use the newly created certificate for Webfig

xxxxxxxxxx

/ip service

set www-ssl certificate=Webfig disabled=no

Enable api-ssl and specify to use the newly created certificate for Webfig

xxxxxxxxxx

 /ip service 

 set api-ssl certificate=Webfig disabled=no

Enable WireGuard VPN server

Add IP address on Wireguard interface

Configuring NAT rules on the firewall