Connecting Android and IOS to WireGuard VPN hosted in MikroTik

In our previous tutorial we showed how to set up a WireGuard server in MikroTik CHR.
If you still did not set up a WireGuard server on your CHR, you can set up one in just a couple of minutes.

In this tutorial we will show you three ways on how to connect your Android or Apple phone to your newly created WireGuard VPN server.

For this tutorial we reccommend using the latest version of WinBox, which can be downloaded here, or WebFig, which can be accessed via a web browser. This way we can easily use the configuraion generated by RouterOS.

 

Downloading the WireGuard Client

We will start by downloading a WireGuard client from the App store. You can use any VPN client with WireGuard. In our tutorial, we will use the official clients provided by the WireGuard team.

Official Wireguard client in Google Play store
The official Android WireGuard client in Google Play Store

Official WireGuard client for iOS in Apple Appstore
The official iOS WireGuard client in Apple Appstore

Creating the Peers

We will start by going to Wireguard>Peers on our CHR. From there click on “+” and enter the following settings:

Interface: The Wireguard interface you will connect to(if you have more than one Wireguard interface)
Private Key: auto – this will let RouterOS to generate the key pair for you
Endpoint port: the Listening port of your Wireguard interface, configured in the previous tutorial, default 13231
Allowed Address and Client Address: An address that will be assigned to your device, it must be from the same network as the Wireguard interface.
Client DNS: The DNS server that the client will use, You can also set the address of a local DNS that you run locally in the MikroTik as container.
Client Endpoint: The IP address/domain of your CHR

Then click on OK to save the peer.
Configuring the Peer in WireGuard MikroTik interface

 

You can also add a comment to the peer to distinguish it more easily from the other ones. Click on Comment and enter the comment, click on “OK” to save it.
Commenting the peer to find it easier later

 

After everything is entered and saved, the configuration should be generated from your CHR. To find it scroll a little bit down on the peer window.
WireGuard tunnel configuration and QR code

Method 1: Importing configuration by scanning the QR code

Open the WireGuard app tap on "+" in the bottom left corner (Android) or the upper left corner (iOS). Then tap on "Scan from QR code".
Tapping the plus and choosing Scan from QR code

After that allow the Wireguard to use the camera and point your phone to the generated QR code. After a successful detection, it asks you to name the tunnel. Name it as you like and save it.
naming the WireGuard tunnel

iOS users might be asked to allow Wireguard to create VPN configurations. Tap on Allow to proceed.
iOS warning for creating VPN configurations

After that the tunnel is imported successfuly and you can test the connection by tapping on the toggle next to the imported tunnel.
Activating the WireGuard connection

Android users might be asked to to accept the VPN connection. Tap on OK to proceed
Android VPN connection warning

If the connection is successful, you should have internet access and a full traffic redirection to your VPN server. If you do not have internet access, you have to recheck your settings and try again.



Method 2: Importing configuration from a file

 

In this method, you will need to know your WireGuard interface's public key, you can either use keys generated from the wireguard app or RouterOS. In this example we will use a peer generated from RouterOS.

After the peer is created in RouterOS, or you have keypair generated. Copy this example configuration into a .conf file, using your favourite text editor, and change it with your data:

[Interface]
PrivateKey= #<Key generated from the WireGuard App>
Address = #The Allowed address that you configured in your CHR, E.g.192.168.34.2/32
DNS = #The DNS that the peer will use, E.g. 1.1.1.1

[Peer]
Public Key = #<The Public key, copied from the MikroTik WireGuard Interface>
AllowedIPs = 0.0.0.0/0, ::/0 #This allows full traffic redirect, if you want redirect for specific addresses only, change this.
Endpoint = yourmchr.ip:13231 #Your CHR’s public IP address with WireGuard Listening port

After that, save and transferre the tunnel configuration to your phone. Then open the app and tap on "+" in the bottom left corner (Android) or the upper left corner (iOS). Then tap on "Import from file or archive".
tapping on the plus and choosing Import from file or archive

Then locate the configuration file and open it.

iOS users can also open the file directly by going to the file and tapping on Share. after that choose the WireGuard app.
Tapping on share and then on WireGuard

The tunnel will be imported with the filename as the tunnel name. To test the connection, tap on the toggle next to the imported profile.
Activating the imported profile



You can now connect to your new Wireguard server. You can check these articles to see how to connect other devices or how to create your Wireguard server hosted in your CHR.

Setting up WireGuard VPN in MikroTik CHR
Connecting your computers to the WireGuard VPN server


You can also check our powerful MikroTik CHR plans and choose a suitable plan to get started.

Experience a powerful MikroTik CHR VPS with unlimited traffic & get more from your VPS with our unlimited traffic option.

Get Started!
icon knowledge

Related Articles

MikroTik CHR: How to set up OpenVPN server for your IoT devices (+ video)

In this article, we will show you how to configure an OpenVPN server in your MikroTik Cloud...

Connecting your computers to WireGuard VPN hosted in MikroTik

In our previous tutorial we showed how to set up a WireGuard server in our MikroTik CHR.If you...

Set up L2TP over IPSec / PPTP VPN client in Android

In this article, we will show you how to set up a PPTP/L2TP VPN connection to your Android device...

How to: Connecting Windows Device to OpenVPN Access Server

In this guide we will show you all the steps for connecting your Windows device to your new...