This came in another thread, viewtopic.php?t=215429, about the limit of the "WG Export" for WireGuard peer (i.e. not allowing some customizations).
So I made a function to wrap getting the WG export, putting in a file, then using NEW "back-to-home-file" to share it for 1 day via a URL. It does NOT solve the problem that there are only limited edits in the generated WG remote peer conf – but it YET ANOTHER way to share a WG config from RouterOS.
I had similar test script for the /ip/cloud/file-share (which is renamed /ip/cloud/back-to-home-file in 7.19beta, and used below)... here is some EXAMPLE of using it to share a WG client config:
And if provide that URL to a remote user it will be valid for only 1 day. So even if emailed, the keys/etc would not be persisted to something like gmail/iCloud/etc forever.
On the remote side, once download via Mikrotik's file-share URL, it can be directly imported into a standard WG client. Or at least it worked on macOS with RouterOS 7.19beta4 on RB1100 for ONE peer....
Here is the needed function that does above:
So I made a function to wrap getting the WG export, putting in a file, then using NEW "back-to-home-file" to share it for 1 day via a URL. It does NOT solve the problem that there are only limited edits in the generated WG remote peer conf – but it YET ANOTHER way to share a WG config from RouterOS.
I had similar test script for the /ip/cloud/file-share (which is renamed /ip/cloud/back-to-home-file in 7.19beta, and used below)... here is some EXAMPLE of using it to share a WG client config:
Code:
[forum@thedude] > $wgshare peer1 WireGuard client config for 'peer1' can be downloaded for 1d00:00:00 from:https://fa3efa3e1fa3e.routingthecloud.net/s/fa3eXNbFA3EQaE?dlOn the remote side, once download via Mikrotik's file-share URL, it can be directly imported into a standard WG client. Or at least it worked on macOS with RouterOS 7.19beta4 on RB1100 for ONE peer....
Here is the needed function that does above:
Code:
:global wgshare do={ :local sharedDir "wgshared" :local linkExpiresAfter 1d :if ($1 = "" or $1 = "help") do={ :put " $0 - Creates secure file-share link to WG client config " :put "\tusage:" :put "\t\t$0 <wg-peer-name> [as-value]" } :local peerid [/interface/wireguard/peers/find name=$1] :if ([:len $peerid] = 0) do={ :error " error - peer name $1 not found - see '$0 help' for usage" } :local peerconfig ([/interface/wireguard/peers/show-client-config $peerid as-value]->"conf") # for simplicity use timestamp in config name to make unique :local sharedWgConfigFileName "$sharedDir/$1-$[:tonum [:timestamp]].conf" # the "conf" includes a leading newline, macOS WG does not like that, thus :pick... /file/add name=$sharedWgConfigFileName contents=[:pick $peerconfig 1 [:len $peerconfig]] # file shares will expire, based on a date, not duration thus [:timestamp]+ :local fileShareId [/ip/cloud/back-to-home-file/add comment="" expires=([:timestamp] + $linkExpiresAfter) path=$sharedWgConfigFileName allow-uploads=no] # just in case, wait for share creation to actually finish :delay 5s :local wgconfigUrl [/ip/cloud/back-to-home-file/get $fileShareId direct-url] # if using with another command, provide "as-value" to :return the URL # for example # /tool/email/send ... body="Your WG config can be downloaded here for : '$0 peer1'" ... :if ($2 = "as-value") do={ :return $wgconfigUrl } # no as-value, output to console :put " WireGuard client config for '$1' can be downloaded for $linkExpiresAfter from:" :put $wgconfigUrl}Statistics: Posted by Amm0 — Wed Mar 12, 2025 7:53 pm