VPN Accounts

Dedicated IP VPN 1:1 Dedicated IP VPN Shared IP VPN Compare All Accounts

Setup Guides

Windows Mac OS iPhone & iPad Android Amazon Fire TV Routers All Guides →

Orders

Order Free Trial Order Dedicated IP Order Shared IP Order 1:1 Dedicated IP View Your Cart Checkout Now →

Support

Knowledge Base Submit a Ticket Members Area

Tools

Speed Test Server Status IP & Reverse DNS Lookup All Tools →
Start Free Trial
ROUTER SETUP — MIKROTIK

MikroTik WireGuard® VPN Setup

Step-by-step guide to setting up VPNUK on MikroTik routers using WireGuard®. Protect your entire network with one VPN connection.

WireGuard®
Dedicated IP required
24/7 live support

Setting up WireGuard® VPNUK on MikroTik Routers

WireGuard® is a modern, high-performance VPN protocol known for its blazing-fast speeds, strong security, and low resource usage. MikroTik routers running RouterOS 7.0 or later have native WireGuard® support, allowing seamless integration with VPNUK for a secure and encrypted connection.

WireGuard® configuration download

Please login using the VPN login username and password from the vpn account you would like to configure.
Click Here to download your WireGuard® configuration file, which is compatible with all devices.

1: Open your configuration file.

  1. Click Here to download the WireGuard® configuration file (.conf).
  2. Open the .conf file in Notepad or a text editor and take note of the following details:
    • Private Key
    • Public Key
    • Allowed IPs
    • Endpoint (VPNUK Server Address)
    • Port

 

2. Enable WireGuard® on MikroTik Router

  1. Log in to your MikroTik router via WinBox or SSH.
  2. Navigate to Interfaces.
  3. Click Add (+) > WireGuard®.
  4. Enter the following details:
    • Name: wg-vpn
    • Listen Port: 59851
    • Private Key: (Paste your Private Key from the WireGuard® .conf file)
  5. Click OK.

 

3. Add Peer (VPNUK Server)

  1. Go to Interfaces > WireGuard®.
  2. Click Peers > Add (+).
  3. Enter the following details:
    • Interface: wg-vpn
    • Public Key: (Paste the Public Key from your .conf file)
    • Allowed Address: 0.0.0.0/0
    • Endpoint: (Enter the VPNUK server address from your .conf file)
    • Port: 59851
  4. Click OK.

 

4. Configure IP Address for WireGuard® Interface

  1. Go to IP > Addresses.
  2. Click Add (+).
  3. Enter the following:
    1. Address: (Use the Address provided in your WireGuard® .conf file)
    2. Interface: wg-vpn
  4. Click OK.

 

5. Configure IP Address for WireGuard® Interface

  • Go to IP > Routes.
  • Click Add (+).
  • Enter the following:
    • Dst. Address: 0.0.0.0/0
    • Gateway: wg-vpn
  • Click OK.

 

6. Configure Firewall & NAT Rules

  • Go to IP > Firewall > NAT.
  • Click Add (+) and enter the following:
    • Chain: srcnat
    • Out Interface: wg-vpn
    • Action: masquerade
  • Click OK.

 

7. Connect & Verify VPN Status

  1. Go to Interfaces and ensure wg-vpn is running.
  2. Go to Log to check the WireGuard® handshake.
  3. To confirm the connection, check your new IP address by visiting: https://www.ipaddress.com/
    Your IP should now match your unique VPNUK IP.

 

Enjoy Secure VPN Access with VPNUK & WireGuard® on MikroTik Routers

Did this guide help? Please provide us with feedback here or share it with others looking for a secure VPN setup on MikroTik Routers!

 

Optional WireGuard® Settings for MikroTik Routers

1. Enable Auto-Start for WireGuard® VPN

To ensure your MikroTik router automatically connects to VPNUK’s WireGuard® VPN after reboot or network failure:

  1. Log in to MikroTik via WinBox or SSH.

  2. Go to System > Scheduler.

  3. Click Add (+).

  4. Enter the following:

    • Name: WireGuard-AutoConnect
    • Start Date: (Leave default)
    • Start Time: 00:00:00
    • Interval: 00:05:00 (Runs every 5 minutes, adjust as needed)

  5. In the On Event box, enter the following script:

    :if ([/interface wireguard get [find name="wg-vpn"] running] = false) do={ /interface enable wg-vpn }

  6. Click OK to save.

This ensures WireGuard® reconnects automatically if it disconnects due to network issues or router reboots.

2. Selective Routing (Policy-Based Routing for Specific Devices)

By default, all devices connected to your MikroTik router use the VPN tunnel. If you want only certain devices to use VPNUK WireGuard®, follow these steps:

Create a Separate Routing Table for WireGuard® VPN

  1. Go to IP > Routes.
  2. Click Add (+).
  3. Enter the following:
    • Dst. Address: 0.0.0.0/0
    • Gateway: wg-vpn
    • Routing Table: VPN
  4. Click OK.

Assign Specific Devices to VPN

  1. Go to IP > Firewall > Mangle.
  2. Click Add (+) and enter:
    • Chain: prerouting
    • Src. Address: (Enter the IP address of the device you want to route through VPN, e.g., 192.168.1.100)
    • Action: mark-routing
    • New Routing Mark: VPN
  3. Click OK.

Only selected devices will now route through the VPN, while all others remain on the normal internet connection.

Troubleshooting Common Issues

Cannot connect to VPNUK servers?

Ensure the WireGuard® server address and keys are correct.
We recommend downloading a new config file if the connection stops working.
Restart your MikroTik router and try again.
Verify that UDP Port 51820 is open on your network.

VPN is connected, but no internet?

Go to Firewall NAT rules and ensure masquerade is enabled.
Check IP Routes to confirm wg-vpn is set as the default gateway.

 

“WireGuard” and the “WireGuard” logo are registered trademarks of Jason A. Donenfeld. WireGuard® is available and should always be updated from the developers website at wireguard.com

Config File Generator

Generate your VPN config file from the Members Area — pre-configured for this setup.