yradunchev/mikrotik wg vpn

## mikrotik wg vpn
/interface wireguard add listen-port=51820 mtu=1420 name=vpn

/interface wireguard peers add allowed-address=0.0.0.0/0 comment=vpn-peer endpoint-address=<replace_with_vpn_server_ip> \
    endpoint-port=51820 interface=vpn persistent-keepalive=25s \
    public-key="<replace_with_endpoint_public_key>"

/ip address \
add address=<replace_with_vpn_client_address> interface=vpn network=<replace_with_vpn_client_address>

/ip firewall nat \
add action=masquerade chain=srcnat out-interface=vpn

/routing table add name=wg-vpn fib

/ip firewall mangle \
add action=mark-routing chain=prerouting comment="Device based VPN" \
    new-routing-mark=wg-vpn passthrough=yes src-address-list=device-based-vpn

/ip firewall address-list \
add address=192.168.88.72 list=device-based-vpn

/ip route
add check-gateway=none comment="wg-vpn mark" disabled=no distance=10 \
    dst-address=0.0.0.0/0 gateway=vpn pref-src="" routing-table=wg-vpn \
    scope=30 suppress-hw-offload=no target-scope=10
	/interface wireguard add listen-port=51820 mtu=1420 name=vpn

	/interface wireguard peers add allowed-address=0.0.0.0/0 comment=vpn-peer endpoint-address=<replace_with_vpn_server_ip> \
	endpoint-port=51820 interface=vpn persistent-keepalive=25s \
	public-key="<replace_with_endpoint_public_key>"

	/ip address \
	add address=<replace_with_vpn_client_address> interface=vpn network=<replace_with_vpn_client_address>

	/ip firewall nat \
	add action=masquerade chain=srcnat out-interface=vpn

	/routing table add name=wg-vpn fib

	/ip firewall mangle \
	add action=mark-routing chain=prerouting comment="Device based VPN" \
	new-routing-mark=wg-vpn passthrough=yes src-address-list=device-based-vpn

	/ip firewall address-list \
	add address=192.168.88.72 list=device-based-vpn

	/ip route
	add check-gateway=none comment="wg-vpn mark" disabled=no distance=10 \
	dst-address=0.0.0.0/0 gateway=vpn pref-src="" routing-table=wg-vpn \
	scope=30 suppress-hw-offload=no target-scope=10