Install MikroWizard WireGuard docker server

MikroWizard WireGuard is a lightweight Docker-based WireGuard VPN server with a built-in RESTful API. It serves as an official addon for the MikroWizard ecosystem, enabling peer management, real-time bandwidth monitoring, QR code generation, and seamless integration with your MikroWizard installation.

Main Benefits & Use Cases: #

• Cloud Installations (VPS / Public IP): Deploy MikroWizard on a cloud server with a public IP and connect all your MikroTik devices securely over the internet via WireGuard. This provides better security, easier remote management, and protects the devices from direct exposure to the public internet.
• Local / On-Premise Networks: Create a separate, isolated management network for your MikroTik devices even inside your local infrastructure. This improves security by keeping management traffic away from the main production network.
• Centralized Management: Manage all your MikroTik devices from a single dashboard regardless of their physical location (cloud, office, branch, or remote sites).
• Enhanced Security: All management communication happens through encrypted WireGuard tunnels instead of exposing management ports (Winbox, SSH, API) directly to the internet.
• Simplified Network Architecture: Avoid complex port forwarding, firewall rules, and security risks while maintaining full control and visibility over your devices.

If you manage multiple MikroTik devices across different locations and want a cleaner, more secure, and easier way to monitor and configure them, this WireGuard addon is the ideal solution.

Prerequisites #

• A fully installed and running MikroWizard server Pro License ONLY (the main MikroWizard directory must exist at `/opt/mikroWizard`).
• Docker installed and running on the host.
• Root / sudo access.
• Linux kernel with WireGuard support (the installer automatically handles module loading).
• Recommended OS: Ubuntu 22.04 / 24.04 LTS (Debian-based systems are fully supported).

Important: The WireGuard addon requires the main MikroWizard to be installed first. The installer will exit if it is not found.

Network Requirements #

• UDP port for WireGuard (**default: 51820**). This port must be open in your firewall and forwarded from the internet to the server.
• Public Endpoint/Private: Your server’s public/Private IP address or a working DDNS hostname. accecible from where MikroTik or client wants to connect .Clients will connect using this address.
• The API listens only on localhost (`127.0.0.1:8000`) for security reasons.
• The container uses `–network=host` and requires `NET_ADMIN` + `SYS_MODULE` capabilities.
• Outbound internet access is needed during installation to pull the Docker image.

Installation steps #

Make sure your server has an active internet connection.
1.Just Copy and Paste then execute the following code in the terminal in MikroWizard Host.

curl -sSL https://raw.githubusercontent.com/MikroWizard/MikroWizard_wireguard/refs/heads/master/install.sh | sudo bash

curl -sSL https://raw.githubusercontent.com/MikroWizard/MikroWizard_wireguard/refs/heads/master/install.sh | sudo bash

2.The installer will prompt you for the following settings (defaults shown in brackets):

• Listen Port[51820]
  UDP port the WireGuard server will listen on.
• VPN Subnet[10.8.0.0/24]
  Private IP range for WireGuard clients.
• Public Endpoint (IP/DDNS) (required)
  Your public IP or DDNS hostname (e.g., vpn.example.com or 203.0.113.50).
  This is critical — clients use this value to connect.
• DNS[1.1.1.1]
  DNS server(s) pushed to clients (comma-separated if multiple).
• MTU[1420]
  WireGuard interface MTU (1420 is recommended for most VPS/cloud providers).

Post-Installation #

You will see a success message similar to this:

Success! MikroWG is running.
API Token: xxxxxxxxxxxxxxxxxxxx
Public Key: xxxxxxxxxxxxxxxxxxxx

Success! MikroWG is running.
API Token: xxxxxxxxxxxxxxxxxxxx
Public Key: xxxxxxxxxxxxxxxxxxxx

Firewall configuration (example for UFW):

sudo ufw allow 51820/udp

sudo ufw allow 51820/udp

Troubleshooting
#