Introduction:
Wireguard is a new feature added to ROS7 offering great speeds, adequate security and an easy/simple config (especially when you compare it to native IPsec tunnels).
This guide is going to assume that the devices are already configured to have internet connectivity and the devices are able to communicate with each other on their public interfaces.
This guide will teach you how to set up site to site tunnel as well as dial in 'road warrior' tunnels for devices like phone and laptops that could be using nay public IP address.
Site to site configuration:
First thing we will need to is log into one of the devices and go to the wireguard menu from the main menu on the left hand side of winbox, from the wiregaurd tab we will need to add a new interface.
You are welcome to change the name of the interface and what port they will be listening on for the other side of the tunnel, you can choose to use another tool to generate the private and public keys but if you just click apply ROS will generate these for you.
From here we will need to go the other router and do the same thing.
From here we need to copy the public key from the first router (as seen above)
Then go to the second router, go to the wireguard menu again then go to peers, in here we just need to paste that public key, add an endpont (ip of the device on the other side that we can reach) as well as set the allowed addresses. The allowed addresses will be what address are allow to traverse through the tunnel and if you would like all traffic to you can leave it as ::/0 or 0.0.0.0/0 for just ipv4 traffic. as well as this if you changed the listen port on the device you are connecting to you will need to add that into the endpoint port configuration (will be the port you set up on the other router under the wiregaurd interface)
From there we do the same steps but this time copying the public key from our first routers wiregaurd interface then applying it to the second routers peer configuration
This should be all that is needed to get the tunnel up and running, from here you can add ip addresses on the tunnel interfaces then set routes through these to access spesific resources or use mangle rules to influence your traffic to use this tunnel. If you need assistance with this please check out our other guides here: https://support.duxtel.com/help/en-gb/5-configuration-guides-and-tools or open up a ticket by emailing support@duxtel.com