Remélem nem hagytam ki semmi relevánsat. Egyébként az itthoni hálózatom két másik helyre is csatlakozik a mikrotikon keresztül linux szerverekkel kommunikálva és azok a kapcsolatok is hibátlanul működnek (az egyik site dyndns-el van megoldva, oda kell egy netwatch script, hogy automatikusan újracsatlakozzon IP csere esetén).

[admin@MikroTik] > /interface/wireguard export hide-sensitive
# jan/12/2022 16:44:58 by RouterOS 7.1.1
# software id = SBPW-I6QN
#
# model = RB4011iGS+
# serial number = D4440D4E0521
/interface wireguard
add listen-port=13231 mtu=1420 name=wireguard-server
/interface wireguard peers
add allowed-address=192.168.9.2/32,fdf1:e8a1:8d3f:9::2/128 comment=desktop interface=wireguard-server public-key="xxx"
add allowed-address=192.168.9.3/32,fdf1:e8a1:8d3f:9::3/128 comment=mobile interface=wireguard-server public-key="xxx"

[admin@MikroTik] > /ip/address export hide-sensitive
# jan/12/2022 16:47:07 by RouterOS 7.1.1
# software id = SBPW-I6QN
#
# model = RB4011iGS+
# serial number = D4440D4E0521
/ip address
add address=192.168.9.1/24 interface=wireguard-server network=192.168.9.0

[admin@MikroTik] > /ip/firewall export hide-sensitive
# jan/12/2022 16:47:58 by RouterOS 7.1.1
# software id = SBPW-I6QN
#
# model = RB4011iGS+
# serial number = D4440D4E0521
/ip firewall filter
add action=accept chain=input comment="accept wireguard" dst-port=13231 protocol=udp

Mobil konfig (minden keresztül megy a VPN-en):

[Interface]
Address = 192.168.9.3/32, fdf1:e8a1:8d3f:9::3/128
PrivateKey = xxx
DNS = 192.168.9.1
[Peer]
PublicKey = xxx
PresharedKey = xxx
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = wg.xxx.hu:13231

Desktop konfig (split tunnel):

[Interface]
Address = 192.168.9.2/32, fdf1:e8a1:8d3f:9::2/128
PrivateKey = xxx
DNS = 192.168.9.1
[Peer]
PublicKey = xxx
PresharedKey = xxx
AllowedIPs = 192.168.2.0/24, 192.168.5.0/24, 192.168.9.0/24, fdf1:e8a1:8d3f:9::0/64
Endpoint = wg.xxx.hu:13231