Skip to content

Latest commit

 

History

History
88 lines (76 loc) · 3.52 KB

client-openwrt-router-wireguard.md

File metadata and controls

88 lines (76 loc) · 3.52 KB

Using Router with OpenWRT as a Client with WireGuard

This scenario is useful in case you want to use vpn with devices which has no vpn capability like smart tv, or make vpn connection available via router for multiple devices. This is a tested, working scenario with following environment:

Router setup

Make sure that you have

  • router with openwrt installed,
  • router is connected to internet,
  • router and device in front of router does not have same ip . By default openwrt have 192.168.1.1 if so change it to something like 192.168.2.1

Install required packages(WebUI)

  • Open router web UI (mostly http://192.168.1.1 )
  • Login. (by default username: root, password:
  • System -> Software, click "Update lists"
  • Install following packages wireguard-tools, kmod-wireguard, luci-app-wireguard, wireguard, kmod-crypto-sha256, kmod-crypto-sha1, kmod-crypto-md5
  • restart router

Alternative Install required packages(ssh)

  • Open router web UI (mostly http://192.168.1.1 )
  • ssh [email protected]
  • opkg update
  • opkg install wireguard-tools, kmod-wireguard, luci-app-wireguard, wireguard, kmod-crypto-sha256, kmod-crypto-sha1, kmod-crypto-md5
  • reboot

Create an Interface(WebUI)

  • Open router web UI
  • Navigate Network -> Interface
  • Click "Add new interface"
  • Give a Name. e.g. AlgoVpn
  • Select Protocol. Wireguard VPN
  • click Create Interface
  • In General Settings tab
  • Bring up on boot checked
  • Private key: Interface -> Private Key from algo config file
  • Ip Address: Interface -> Address from algo config file
  • In Peers tab
  • Click add
  • Name algo
  • Public key: [Peer]->PublicKey from algo config file
  • Preshared key: [Peer]->PresharedKey from algo config file
  • Allowed IPs: 0.0.0.0/0
  • Route Allowed IPs: checked
  • Endpoint Host: [Peer]->Endpoint ip from algo config file
  • Endpoint Port: [Peer]->Endpoint port from algo config file
  • Persistent Keep Alive: 25
  • Click Save & Save Apply

Configure Firewall(WebUI)

  • Open router web UI
  • Navigate to Network -> Firewall
  • Click Add configuration:
  • Name: e.g. ivpn_fw
  • Input: Reject
  • Output: Accept
  • Forward: Reject
  • Masquerading: Checked
  • MSS clamping: Checked
  • Covered networks: Select created VPN interface
  • Allow forward to destination zones - Unspecified
  • Allow forward from source zones - lan
  • Click Save & Save Apply
  • Reboot router

There may be additional configuration required depending on environment like dns configuration.

You can also verify the configuration using ssh. /etc/config/network. It should look like

config interface 'algo'                 
    option proto 'wireguard'                                                                                             
    list addresses '10.0.0.2/32'         
    option private_key '......'  # The private key generated by itself just now        

config wireguard_wg0
    option public_key '......' # Server's public key
    option route_allowed_ips '1'
    list allowed_ips '0.0.0.0/0'
    option endpoint_host '......' # Server's public ip address
    option endpoint_port '51820'
    option persistent_keepalive '25'