In a recent article I already showed the configuration of a Wireguard setup for Mikrotik routers and Android(EN) devices. With RouterOS version v7.12, this is now even easier to do, as Mikrotik has announced in a forum post the new “Back to Home VPN” feature, which builds on a standalone app for Android and iOS as support, making setup much easier.
Requirements
- RouterOS version required: v7.12
- Hardware requirements: ARM/ARM64/TILE architecture devices
- Packages required: routeros
(Source)
Answers to common questions (FAQ):
- It uses Wireguard and is a secure VPN
- (If used) Relay does not decrypt your tunnel and has no access to your data
- It secures your router with firewall, it does not open up full access to your router in any way
- It is not a feature for anonymity, it is a home user feature for maximum ease of use.
- If you wish, after you have enabled it with our BTH app, you can also connect using Wireguard on your computer. You can use the QR code in Winbox IP CLOUD menu to get the needed config to your computer
(Source)
Configuration using the companion app
To show the installation with the app (tested with app version 0.18 on Android), I recorded the setup and provided it as a video here:
Manual configuration in RouterOS
- Connect to router
- Enable DDNS Cloud service:
/ip/cloud/set ddns-enabled=yes - Enable Back To Home:
/ip/cloud/set back-to-home-vpn=enabled - Print tunnel configuration:
/ip/cloud/print - Scan QR Code
vpn-wireguard-client-config-qrcodeor Copy configvpn-wireguard-client-configand enter in preferred WireGuard® client. Only one client at a time will be available to use this config. To create more clients, you will need to manually create more peers:/interface/wireguard/peers/add interface=freevpn-wg public-key=<public_key> allowed-address=192.168.216.x/32
(Source)