WireGuard on OpenWRT

This guide is for setting up WireGuard VPN connections with our service on OpenWRT 18.06  

  1. Login to your OpenWRT's LuCI Web Interface
  2. Go to System > Software > Update list to ensure it's up to date
    -- Search for "wireguard" and install the following packages: wireguard, luci-proto-wireguardluci-app-wireguard
  3. Go to Network > Interfaces > Add new interface > select a name for the interface such as WireGuard, select WireGuard VPN from the Protocol of new interface menu
  4. Use our WireGuard key management tool to generate the .conf file for the location you want to connect to
  5. download and open the .conf file, open it with a text editor (on Windows use WordPad) and fill the corresponding parameters into the WireGuard General Setup page on OpenWRT, as follows:

Private key - value of PrivateKey from .conf file
Listen Port - leave unchanged (random)
IP Addresses - value of Address from .conf file

Under Peers, add the following:

Public Key - value of PublicKey from .conf file Allowed IPs - add and ::/0 (each on its own field)
Route Allowed IPs - checked
Endpoint Host - the Endpoint value from .conf file (server hostname)
Endpoint Port - leave default (51820)
Persistent Keep Alive - 25

Screenshot example with the correct interface settings. 

Open the Firewall Settings tab for the WireGuard Interface and for Create / Assign firewall-zone field select the WAN zone

Static DNS servers must be set on the WAN interface so there would be no DNS leaks. In Network > Interfaces > WAN (edit) > in 'Use custom DNS servers' add at least one public DNS resolver such as,,

Save & Apply and reboot the router. After reboot, check the status of the WireGuard connection in Status > WireGuard Status


Other tutorials: