This guide is for setting up WireGuard VPN connections with our service on OpenWRT 18.06
- Login to your OpenWRT's LuCI Web Interface
- Go to
System > Software > Update list to ensure it's up to date
-- Search for "wireguard" and install the following packages: wireguard, luci-proto-wireguard, luci-app-wireguard
- Go to
Network > Interfaces > Add new interface > select a name for the interface such as WireGuard, select WireGuard VPN from the Protocol of new interface menu
- Use our WireGuard key management tool to generate the .conf file for the location you want to connect to
- download and open the .conf file, open it with a text editor (on Windows use WordPad) and fill the corresponding parameters into the WireGuard General Setup page on OpenWRT, as follows:
Private key - value of PrivateKey from .conf file
Listen Port - leave unchanged (random)
IP Addresses - value of Address from .conf file
Under Peers, add the following:
Public Key - value of PublicKey from .conf file Allowed IPs - add 0.0.0.0/0 and ::/0 (each on its own field)
Route Allowed IPs - checked
Endpoint Host - the Endpoint value from .conf file (server hostname)
Endpoint Port - leave default (51820)
Persistent Keep Alive - 25
Screenshot example with the correct interface settings.
Open the Firewall Settings tab for the WireGuard Interface and for Create / Assign firewall-zone field select the WAN zone
Static DNS servers must be set on the WAN interface so there would be no DNS leaks. In Network > Interfaces > WAN (edit) > in 'Use custom DNS servers' add at least one public DNS resolver such as 1.1.1.1, 9.9.9.9, 208.67.222.222
Save & Apply and reboot the router. After reboot, check the status of the WireGuard connection in Status > WireGuard Status
