张无忌

GL-MT3600BE

GL-MT3600BE WireGuard settings，Line 03=10.1.0.2/24

1. [Interface]
   
2. PrivateKey = 8N8uKPLa0H+pyL8lHxMoySqSq60wieDpCvhiKOlQhG0=
   
3. Address = 10.1.0.2/24, fd00:9262:bc00:b88c::2/64
   
4. DNS = 10.1.0.1, fd00:9262:bc00:b88c::1, 64.6.64.6
   
5. MTU = 1420
   
6. 
   
7. [Peer]
   
8. PublicKey = rHT/pRV/ovJr7tVgRQQ2vaQA3WkcLo4C1gnV1Xd9YhM=
   
9. PresharedKey = qAnHo8uMf5CrgqFP0XzyFHsG1EZW8+BWG8I3GW/rPUQ=
   
10. AllowedIPs = 0.0.0.0/0, ::/0
    
11. Endpoint = xyz.abc.com:51820
    
12. PersistentKeepalive = 25

複製代碼

..

MikroTik RB951G-2HnD，Line 12=10.1.0.2/24

1. #################################################
   
2. # Step one
   
3. #################################################
   
4. /interface wireguard
   
5. add listen-port=13231 mtu=1420 name=wg-hk private-key=\
   
6. "8N8uKPLa0H+pyL8lHxMoySqSq60wieDpCvhiKOlQhG0=" \
   
7. comment="WG HK"
   
8. 
   
9. #######################
   
10. # Assign address to the router on the new interface.
    
11. /ip address
    
12. add address=10.1.0.2/24 comment="Wireguard" interface=wg-hk \
    
13.     network=10.1.0.0
    
14. 
    
15. #/ip firewall filter
    
16. #add action=accept chain=input comment="Wireguard" dst-port=13231 \
    
17. #   protocol=udp
    
18. 
    
19. # Set up HK peer
    
20. /interface wireguard peers      
    
21. add name=hk allowed-address=0.0.0.0/0 comment="hk" \
    
22.     endpoint-address=abc.xyz.com endpoint-port=51820 \
    
23.     interface=wg-hk public-key=\
    
24.     "rHT/pRV/ovJr7tVgRQQ2vaQA3WkcLo4C1gnV1Xd9YhM=" \
    
25.     preshared-key="qAnHo8uMf5CrgqFP0XzyFHsG1EZW8+BWG8I3GW/rPUQ=" \
    
26.     persistent-keepalive=25
    
27. 
    
28. #################################################
    
29. # Step Two
    
30. #################################################
    
31. # On China MikroTik
    
32. /routing table
    
33. add comment="For use by local clients" disabled=no fib name=wg-vpn
    
34. 
    
35. /routing rule
    
36. add action=lookup-only-in-table \
    
37.     comment="Local clients should use (only) Wireguard routing table" \
    
38.     disabled=no interface=bridge src-address=192.168.88.0/24 table=wg-vpn
    
39. 
    
40. /ip route
    
41. add dst-address=0.0.0.0/0 gateway=wg-hk routing-table=wg-vpn
    
42. 
    
43. /ip firewall nat \
    
44. add chain=srcnat out-interface=wg-hk action=masquerade
    
45. 
    
46. ### Open MSDOS  window input "curl http://myip.dnsomatic.com" to display HK IP address ###
    
47. 
    
48. #################################################
    
49. # Step Three
    
50. #################################################
    
51. /ip dns
    
52. set allow-remote-requests=yes servers=1.1.1.1,8.8.8.8
    
53. 
    
54. /ip dhcp-server network
    
55. set 0 dns-server=1.1.1.1,8.8.8.8
    
56. 
    
57. #must reboot once
    
58. # /system reboot
    
59. 
    
60. #################################################
    
61. # Step Four
    
62. #################################################
    
63. /ip firewall mangle
    
64.   add action=change-mss chain=forward new-mss=clamp-to-pmtu passthrough=yes protocol=tcp tcp-flags=syn
    
65.   add action=change-mss chain=output new-mss=clamp-to-pmtu passthrough=no protocol=tcp tcp-flags=syn
    
66. 
    
67. /system reboot

複製代碼

..


References:
[1] Mainland China VPN Hong Kong via MikroTik and WireGuard
[2] https://dimitrije.website/posts/ ... -and-wireguard.html

张无忌

hAP ac lite

hAP ac lite WireGuard settings，Line 03=10.3.0.5/32

1. [Interface]
   
2. PrivateKey = uLxOU/qK69xmEiryFoqZ2Z9IaeoDb6E2p9fn4R7CcUU=
   
3. Address = 10.3.0.5/32
   
4. DNS = 1.1.1.1, 8.8.8.8
   
5. 
   
6. [Peer]
   
7. PublicKey = 1WhizDkvtctaL6Ob/HNOPxvgwgHELlBRlQL/rEwTMGs=
   
8. PresharedKey = qAnHo8uMf5CrgqFP0XzyFHsG1EZW8+BWG8I3GW/rPUQ=
   
9. AllowedIPs = 0.0.0.0/0
   
10. Endpoint = xyz.abc.com:19991
    
11. PersistentKeepalive = 25

複製代碼

..

MikroTik RB951G-2HnD，Line 12=10.3.0.5/32

1. #################################################
   
2. # Step one
   
3. #################################################
   
4. /interface wireguard
   
5. add listen-port=13231 mtu=1420 name=wg-hk private-key=\
   
6. "uLxOU/qK69xmEiryFoqZ2Z9IaeoDb6E2p9fn4R7CcUU=" \
   
7. comment="WG HK"
   
8. 
   
9. #######################
   
10. # Assign address to the router on the new interface.
    
11. /ip address
    
12. add address=10.3.0.5/32 comment="Wireguard" interface=wg-hk \
    
13.     network=10.3.0.0
    
14. 
    
15. #/ip firewall filter
    
16. #add action=accept chain=input comment="Wireguard" dst-port=13231 \
    
17. #   protocol=udp
    
18. 
    
19. # Set up HK peer
    
20. /interface wireguard peers      
    
21. add name=hk allowed-address=0.0.0.0/0 comment="hk" \
    
22.     endpoint-address=abc.xyz.com endpoint-port=19991 \
    
23.     interface=wg-hk public-key=\
    
24.     "1WhizDkvtctaL6Ob/HNOPxvgwgHELlBRlQL/rEwTMGs=" \
    
25.     preshared-key="qAnHo8uMf5CrgqFP0XzyFHsG1EZW8+BWG8I3GW/rPUQ=" \
    
26.     persistent-keepalive=25
    
27. 
    
28. #################################################
    
29. # Step Two
    
30. #################################################
    
31. # On China MikroTik
    
32. /routing table
    
33. add comment="For use by local clients" disabled=no fib name=wg-vpn
    
34. 
    
35. /routing rule
    
36. add action=lookup-only-in-table \
    
37.     comment="Local clients should use (only) Wireguard routing table" \
    
38.     disabled=no interface=bridge src-address=192.168.88.0/24 table=wg-vpn
    
39. 
    
40. /ip route
    
41. add dst-address=0.0.0.0/0 gateway=wg-hk routing-table=wg-vpn
    
42. 
    
43. /ip firewall nat \
    
44. add chain=srcnat out-interface=wg-hk action=masquerade
    
45. 
    
46. ### Open MSDOS  window input "curl http://myip.dnsomatic.com" to display HK IP address ###
    
47. 
    
48. #################################################
    
49. # Step Three
    
50. #################################################
    
51. /ip dns
    
52. set allow-remote-requests=yes servers=1.1.1.1,8.8.8.8
    
53. 
    
54. /ip dhcp-server network
    
55. set 0 dns-server=1.1.1.1,8.8.8.8
    
56. 
    
57. #must reboot once
    
58. # /system reboot
    
59. 
    
60. #################################################
    
61. # Step Four
    
62. #################################################
    
63. /ip firewall mangle
    
64.   add action=change-mss chain=forward new-mss=clamp-to-pmtu passthrough=yes protocol=tcp tcp-flags=syn
    
65.   add action=change-mss chain=output new-mss=clamp-to-pmtu passthrough=no protocol=tcp tcp-flags=syn
    
66. 
    
67. /system reboot

複製代碼

..


References:
[1] Mainland China VPN Hong Kong via MikroTik and WireGuard
[2] https://dimitrije.website/posts/ ... -and-wireguard.html