- opkg install wireguard luci-app-wireguard
- Reboot router
- Generate server keys (one-liner)
- wg genkey | tee mywgserver.privatekey | wg pubkey > mywgserver.publickey
- Generate a new client key (one-liner)
- wg genkey | tee [NAME].privatekey | wg pubkey > [NAME].publickey
- Add new interface wg0 in LuCI (Network->Interfaces->Add new interface)
- Proto: Wireguard VPN
- Private Key: Fill with content of mywgserver.privatekey
- IP Addresses and Listening Port: 192.168.9.1/24 Port 51820
- Add a Wireguard peer
- Fill in public key with contents of [NAME].publickey
- Allowed IP: 192.168.9.x/32 (x is any unassigned decimal representation of 8-bit number)
- Persistent Keep Alive: 25
- Create new Firewall zone in LuCI (Network->Firewall->Add)
- Name: wg
- Covered network: wg0
- Destination forward: lan, wan
- Source forward: lan
- Add new traffic rule in LuCI (Network->Firewall->Traffic Rules)
- Proto: UDP only
- Source: wan
- Destination zone: Device (input)
- Destination port: 51820
- Save config changes and reboot router
- Set up the client from scratch:
- Private Key: Fill with contents of [NAME].privatekey
- Addresses: Fill with what you did in line 14 (/24 instead of /32)
- DNS server: Fill with router's local IP
- Peer Public Key: Fill with contents of mywgserver.publickey
- Endpoint: Router Public IP or DDNS address with Port 51820 (ex: a.ddns.net:51820)
- Allowed IPs: 0.0.0.0/0, ::/0
Last active
March 15, 2024 17:23
-
-
Save franklinmoy3/b1a94f20e6b3e51b18ab3b1923226b26 to your computer and use it in GitHub Desktop.
OpenWRT Wireguard setup
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment