Connecting Android and IOS to WireGuard VPN hosted in MikroTik
In our previous tutorial we showed how to set up a WireGuard server in MikroTik CHR.
If you still did not set up a WireGuard server on your CHR, you can set up one in just a couple of minutes.
In this tutorial we will show you three ways on how to connect your Android or Apple phone to your newly created WireGuard VPN server.
For this tutorial we reccommend using the latest version of WinBox, which can be downloaded here, or WebFig, which can be accessed via a web browser. This way we can easily use the configuraion generated by RouterOS.
Downloading the WireGuard Client
We will start by downloading a WireGuard client from the App store. You can use any VPN client with WireGuard. In our tutorial, we will use the official clients provided by the WireGuard team.
The official Android WireGuard client in Google Play Store
The official iOS WireGuard client in Apple Appstore
Creating the Peers
We will start by going to Wireguard>Peers on our CHR. From there click on “+” and enter the following settings:
Interface: The Wireguard interface you will connect to(if you have more than one Wireguard interface)
Private Key: auto – this will let RouterOS to generate the key pair for you
Endpoint port: the Listening port of your Wireguard interface, configured in the previous tutorial, default 13231
Allowed Address and Client Address: An address that will be assigned to your device, it must be from the same network as the Wireguard interface.
Client DNS: The DNS server that the client will use, You can also set the address of a local DNS that you run locally in the MikroTik as container.
Client Endpoint: The IP address/domain of your CHR
Then click on OK to save the peer.
You can also add a comment to the peer to distinguish it more easily from the other ones. Click on Comment and enter the comment, click on “OK” to save it.
After everything is entered and saved, the configuration should be generated from your CHR. To find it scroll a little bit down on the peer window.
Method 1: Importing configuration by scanning the QR code
Open the WireGuard app tap on "+" in the bottom left corner (Android) or the upper left corner (iOS). Then tap on "Scan from QR code".
After that allow the Wireguard to use the camera and point your phone to the generated QR code. After a successful detection, it asks you to name the tunnel. Name it as you like and save it.
iOS users might be asked to allow Wireguard to create VPN configurations. Tap on Allow to proceed.
After that the tunnel is imported successfuly and you can test the connection by tapping on the toggle next to the imported tunnel.
Android users might be asked to to accept the VPN connection. Tap on OK to proceed
If the connection is successful, you should have internet access and a full traffic redirection to your VPN server. If you do not have internet access, you have to recheck your settings and try again.
Method 2: Importing configuration from a file
In this method, you will need to know your WireGuard interface's public key, you can either use keys generated from the wireguard app or RouterOS. In this example we will use a peer generated from RouterOS.
After the peer is created in RouterOS, or you have keypair generated. Copy this example configuration into a .conf file, using your favourite text editor, and change it with your data:
[Interface]
PrivateKey= #<Key generated from the WireGuard App>
Address = #The Allowed address that you configured in your CHR, E.g.192.168.34.2/32
DNS = #The DNS that the peer will use, E.g. 1.1.1.1
[Peer]
Public Key = #<The Public key, copied from the MikroTik WireGuard Interface>
AllowedIPs = 0.0.0.0/0, ::/0 #This allows full traffic redirect, if you want redirect for specific addresses only, change this.
Endpoint = yourmchr.ip:13231 #Your CHR’s public IP address with WireGuard Listening port
After that, save and transferre the tunnel configuration to your phone. Then open the app and tap on "+" in the bottom left corner (Android) or the upper left corner (iOS). Then tap on "Import from file or archive".
Then locate the configuration file and open it.
iOS users can also open the file directly by going to the file and tapping on Share. after that choose the WireGuard app.
The tunnel will be imported with the filename as the tunnel name. To test the connection, tap on the toggle next to the imported profile.
You can now connect to your new Wireguard server. You can check these articles to see how to connect other devices or how to create your Wireguard server hosted in your CHR.
Setting up WireGuard VPN in MikroTik CHR
Connecting your computers to the WireGuard VPN server
You can also check our powerful MikroTik CHR plans and choose a suitable plan to get started.
