As of now the major show-stopper are dependencies of https://github.com/EvilFreelancer/routeros-api-php

To make it easy to use by sys-admins it should be easier to use it when you're not a programmer.

PHAR (or even Docker) build should be provided and possibly automated.

The ff3779e excluded the network address. However this doesn't fully solve the issue as now the first address used will be .1 which is problematic if the interface has an address of .1 like so:

/ip address
    add address=10.100.0.1/24 interface=wireguard1-srv network=10.100.0.0

Beta 3 surprisingly (i.e. without changelog note) removed endpoint field from /interface/wireguard/peers members (previously storing IP:PORT). Instead now ROS has endpoint-address and endpoint-port fields.

Newer macOS and iOS patched a hacky workaround used by WG causing connections to fail with a mysterious error and no logs.

Workaround was posted by the authors and is as simple as adding any DNS to client config:

[Interface]
DNS = 1.1.1.1

Upstream fix in progress: https://git.zx2c4.com/wireguard-apple/commit/?id=20bdf46792905de8862ae7641e50e0f9f99ec946

Thanks for this tool!
One key feature it's missing IMHO is allowing to specify a DNS server.
Even better: As a default it could use either the wireguard interface address assuming/if there's a DNS server running on there, or take what the mikrotik is using for its DNS queries. In my case my mikrotik uses a different DNS server but it also runs its own, caching the other one and I use this own caching DNS server for my wireguard peers: The .1 address.

Thoughts?

When interface has an address set to e.g. 10.0.1.1/24 the first peer will have an address of 10.0.1.0/32 which ROS will not like. It should be excluded.