In this tutorial, I’ll explain how to use the WireGuard VPN as a site to site VPN across the Internet. I’ve also tried to write this tutorial in such a way that these steps will work across the Internet or can be easily setup on your test bench. Currently, the WireGuard VPN is only available in RouterOS 7.1beta2 and as the beta designation clearly suggests, using this in a production environment is something that should be weighed very carefully. That being said, in the approximately two weeks that this version has been available, I’ve grown very excited about this particular feature and in some (carefully contemplated) circumstances I would consider using this feature right now. I should also point out that even though I have been using it everyday since it came out, and my test environment is something that would make many people jealous, I have not truly lived with this in a production environment yet. WireGuard itself is well established though.
WireGuard is a simple, fast, and modern VPN that utilizes state-of-the-art cryptography. Its aims to be a better choice than IPSEC or OpenVPN. That being said, the “buttonology” of WireGuard is unlike any other tunnel. In fact, the only true comparisons between WireGuard and any other tunnel are purely conceptual. WireGuard does literally everything better than all other tunnels before it, but there is one really profound use case for WireGuard… We’ve had “secure” tunnels; we’ve had complicated tunnels; we’ve had tunnels with many choices, but where WireGuard really shines is that they took some incredibly complex mechanisms and packaged them in a way that is effective and usable by normal people. By the way, in the testing I’ve done, it blows all the other tunnels out of the water from a performance perspective. This tunnel is a huge win for the entire world and in my humble opinion, we should strongly consider abandoning all other Layer 3 tunnels and switching over to WireGuard as often as the situation allows. This tunnel is really that profound.