.

1 files changed, 119 insertions, 0 deletions

diff --git a/Wireguard Client.md b/Wireguard Client.md
new file mode 100644
index 0000000..9cb7d7a
--- /dev/null
+++ b/Wireguard Client.md
@@ -0,0 +1,119 @@
+1.  **Create the WireGuard interface:**
+   
+    
+/interface wireguard add name=wg1 private-key="6JZgG9OmOZJ/8KU2CnmTOUYMy05IcmEusoFjuQv6eG4=" listen-port=51820
+    
+2.  **Assign an IP address to the WireGuard interface:**
+   
+
+/ip address add address=10.8.0.4/24 interface=wg1
+    
+3.  **Set the DNS server:**
+    
+/ip dns set servers=1.1.1.1
+    
+
+### Step 2: Add the Peer Configuration
+
+1.  **Add the peer configuration:**
+
+/interface wireguard peers add interface=wg1 public-key="P2MPrD7vvp+YsyoDvLmTNz6BukiAMs1lWnnyUq3aXUE=" preshared-key="FUZoZx+xD1uhwGQhDBOYpPHUtETDSmAwltHgQN/+2J4=" allowed-address=0.0.0.0/0 endpoint-address=202.61.253.193 endpoint-port=51820 persistent-keepalive=1s
+    
+
+### Step 3: Configure Firewall Rules
+
+1.  **Allow WireGuard traffic (UDP 51820):**
+    
+/ip firewall filter add chain=input protocol=udp dst-port=51820 action=accept comment="Allow WireGuard"
+    
+2.  **Allow traffic from the WireGuard interface to the LAN:**
+    
+/ip firewall filter add chain=forward in-interface=wg1 out-interface=bridge action=accept comment="Allow WireGuard to LAN"
+    
+3.  **Masquerade traffic from the WireGuard interface:**
+    
+/ip firewall nat add chain=srcnat src-address=10.8.0.0/24 out-interface=ether1 action=masquerade comment="Masquerade WireGuard traffic"
+    
+
+### Step 4: Enable the WireGuard Interface
+
+1.  **Enable the WireGuard interface:**
+
+/interface wireguard set wg1 disabled=no
+    
+
+### Step 5: Verify the Configuration
+
+1.  **Check the WireGuard interface status:**
+    
+/interface wireguard print
+    
+2.  **Check the peer status:**
+    
+/interface wireguard peers print
+    
+3.  **Check the firewall rules:**
+    
+/ip firewall filter print
+/ip firewall nat print
+    
+
+### Summary of Commands:
+
+    /interface wireguard add name=wg1 private-key="6JZgG9OmOZJ/8KU2CnmTOUYMy05IcmEusoFjuQv6eG4=" listen-port=51820
+    /ip address add address=10.8.0.4/24 interface=wg1
+    /ip dns set servers=1.1.1.1
+    /interface wireguard peers add interface=wg1 public-key="P2MPrD7vvp+YsyoDvLmTNz6BukiAMs1lWnnyUq3aXUE=" preshared-key="FUZoZx+xD1uhwGQhDBOYpPHUtETDSmAwltHgQN/+2J4=" allowed-address=0.0.0.0/0 endpoint-address=202.61.253.193 endpoint-port=51820 persistent-keepalive=1s
+    /ip firewall filter add chain=input protocol=udp dst-port=51820 action=accept comment="Allow WireGuard"
+    /ip firewall filter add chain=forward in-interface=wg1 out-interface=bridge action=accept comment="Allow WireGuard to LAN"
+    /ip firewall nat add chain=srcnat src-address=10.8.0.0/24 out-interface=ether1 action=masquerade comment="Masquerade WireGuard traffic"
+    /interface wireguard set wg1 disabled=no
+    /interface wireguard print
+    /interface wireguard peers print
+    /ip firewall filter print
+    /ip firewall nat print
+
+This configuration will set up a WireGuard VPN on your MikroTik RouterOS v7, including the necessary firewall rules to allow traffic through the VPN. Make sure to replace  `ether1`  with the actual interface name that connects to your WAN.
+
+
+6. Enable masquerade for that interface
+
+Note: This setup assumes that you are using the default local network address used by MikroTik. If you have changed this, use that address for scr-address=  instead.
+
+```
+/ip firewall nat
+add action=masquerade chain=srcnat out-interface=wireguard-inet src-address=192.168.88.0/24
+7. Redirect all internet traffic through WireGuard
+```
+```
+/ip route
+add disabled=no distance=1 dst-address=0.0.0.0/1 gateway=10.2.0.1 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
+add disabled=no distance=1 dst-address=128.0.0.0/1 gateway=10.2.0.1 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
+```
+
+8. Configure DNS settings
+```
+/ip dns
+set servers=10.2.0.1
+/ip dhcp-client
+set 0 use-peer-dns=no
+```
+
+Duhet me kriju edhe Routing > Tables::
+
+```
+/routing table add comment=percka disabled=no fib name=emri
+```
+
+Mangle ::::
+```
+/ip firewall mangle add chain=prerouting src-address=192.1
+68.88.0/24 action=mark-routing new-routing-mark=emri passthrough=no
+```
+
+After::
+```
+/ip route add dst-address=0.0.0.0/0 gateway=40.44.44.1 rou
+ting-mark=emri
+```
+