Site-to-Site VPN with Mikrotik router using wg plugin

Router 1 (Site A) configuration

Step 1 — Access Mikrotik Router

Log in to the Mikrotik router.

Step 2 — Create WireGuard Interface

• Go to Interfaces > Add New > WireGuard.

• Configure the following: Name, Listen Port. Private and public keys will be generated automatically.

Click Apply and OK.

Router 1 — Step 3: Set IP Address for WireGuard Interface

• Navigate to IP > Addresses.

• Add a new IP address for the WireGuard interface (wg-client).

Router 1 — Step 4: Add WireGuard Peer

• Go to WireGuard > Peers.

• Add a new peer for Site A.

Router 1 — Step 5: Configure Routes

• Go to IP > Routes.

• Add a route to Site B’s local network through the WireGuard interface.

Router 1 — Step 6: Add a NAT Rule

• Navigate to IP > Firewall > NAT tab.

• Add a new NAT rule as required.

Router 2 (Site B) configuration

Step 1 — Access Mikrotik Router

Log in to the Mikrotik router.

Router 2 — Step 2: Create WireGuard Interface

• Go to Interfaces > Add New > WireGuard.

• Configure Name, Listen Port. Private and public keys will be generated automatically.

Click Apply and OK.

Router 2 — Step 3: Set IP Address for WireGuard Interface

• Navigate to IP > Addresses.

• Add a new IP address for the WireGuard interface (wg-plugin).

Router 2 — Step 4: Add WireGuard Peer

• Go to WireGuard > Peers.

• Add a new peer for Site B which is Site A using its public key.

Router 2 — Step 5: Configure Routes

• Go to IP > Routes.

• Add a route to Site A’s local network through the WireGuard interface.

Router 2 — Step 6: Add a NAT Rule

• Navigate to IP > Firewall > NAT tab.

• Add a new NAT rule as required.