=== Wireguard VPN - Windows client to Mikrotik ===

{{  :networking:mikrotik:wg_cli2srv.png?1200  }}


  * If your router is on dynamic public IP (ADSL...) you can substitute <fc #ff0000>Endpoint IP</fc> in windows client with your routers Cloud DNS Name...
  * For <fc #ff0000>AllowedIPs</fc> in your windows client you have to put all networks behind your router you would like to access through WG. You will automatically setup a "split tunnel".
  * If you dont want "split tunnel" or you don't know all the subnets behind router, you can put 0.0.0.0/0 instead, and all your traffic will go through WG.

Don't forget to put a following rule in your firewall
<code>
ip firewall filter add chain=input dst-port=13231 protocol=udp action=accept comment="Allow WireGuard"
</code>

Wireguard client for windows works only for "administrators" but there is nice workaround…

  * [[:networking:misc:wireguard_01|Wireguard for non Administrators]]