In your router’s webUI, navigate to System - Software, click Update lists.
In the Filter field, type WireGuard, locate and install the wireguard-tools, kmod-wireguard, and luci-proto-wireguard packages.
Restart your router.
Creating an Interface
Generate a WireGuard config file with the preferred server and parameters. Extract the archive, open the file with any text editors and copy its contents.
WireGuard config file generator is only available for accounts that were created after November 2020 (account ID format: i-XXXX-XXXX-XXXX). If you have an IVPN subscription created before this date (account ID format: ivpnXXXXXXXX) and wish to make use of the feature, contact our customer service to help you make the switch.
In OpenWRT, navigate to Network - Interfaces, click on the Add new interface. Give it any name, e.g. ivpnAustria, set Protocol to WireGuard VPN, then click on the Create interface button.
In the General Settings tab, click on the Load configuration... button, paste the contents of the WireGuard config file from step 1 and click on the Import settings button.
In the Advanced Settings tab, set MTU to 1412.
In the Peers tab, click Edit next to the imported peer configuration, check the Route Allowed IPs option, set Persistent Keep Alive to 25 and click Save.
Click the Add button and enter the following configuration:
Name - Give it any name, e.g. ivpn_fw
Input - Reject
Output - Accept
Forward - Reject
Masquerading - Checked
MSS clamping - Checked
Covered networks - select the previously created VPN tunnel interface, e.g. ivpnAustria
Allow forward to destination zones - Unspecified
Allow forward from source zones - lan
Click Save & Save & Apply
Configuring a Kill-switch (optional)
To ensure the traffic on your LAN devices travels strictly via the VPN tunnel and to prevent any possible leaks if the router disconnects from the VPN server for any reason, edit your lan firewall zone and remove WAN from the Allow forward to destination zones field, then click Save & Save & Apply buttons.
DNS
Navigate to Network - Interfaces
Click on the Edit button next to the WAN interface
In the Advanced Settings tab, uncheck the Use DNS servers advertised by peer and enter the WireGuard regular DNS server IP address (172.16.0.1) or the one associated with the preferred AntiTracker list.
Click Save.
If your ISP additionally provides you with an IPv6 IP address, repeat steps 2 to 4 for the WAN6 interface.
Click Save & Apply.
Final Steps
A device reboot is not required, though it may be useful to confirm that everything behaves as expected.
Run a leak test at https://www.dnsleaktest.com via one of the internal network clients attached to your OpenWRT router.
Once logged in, click on System and select Software. On this page, you will download the WireGuard package. To do so, click on Update lists. Once the lists are updated, in the search field type WireGuard, and install the WireGuard package first, following with luci-app-wireguard.
Once you log into the router panel, go to the Setup tab and select Tunnels. Click on Add Tunnel. Click on Enable next to the Tunnel setting, and select WireGuard as your protocol. Once selected, click Save.
Go to Setup > Tunnels > and click the Add Tunnel button. Choose Enable and select WireGuard from the dropdown menu. Set the MTU value of the WireGuard tunnel to 1412 . Click the Generate Key button and go to the Client Area on the IVPN website to add the generated public key to the Key Management area.
To view the status of one or more WireGuard tunnels, use the show wireguard [<instance>] command. This command prints the status of all WireGuard tunnels and can optionally limit the output to a specific instance.
The goal is to allow all clients connected to OpenWrt by default to use the Main Router's internet, but clients that set the OpenWrt Router as the gateway should have their traffic routed through the VPN client running on the OpenWrt Router. So far I've managed to set up the OpenWrt Router as a VPN Client.
Both OpenVPN and WireGuard are really secure open-source VPN protocols, if properly implemented. However, WireGuard is newer and faster than OpenVPN, because it was designed with modern devices and processors in mind. It is also easier to maintain.
DD-WRT is mostly available on older routers with more up-to-date software than the manufacturers provide. If you're ready to take the next step in customization or just want to use hardware that doesn't make sense for DD-WRT, such as using a thin client PC as a router, OpenWrt is the answer.
Go to [VPN] > [VPN Server] > enable and click [WireGuard® VPN] > click add button. 4. For general devices like laptops or phones, you can just click the Apply button.
Click Add to add a new rule to the top of the list.
Use the following settings: Action. Pass. Interface. WAN. Protocol. UDP. Source. any. Destination. WAN Address. Destination Port Range. (other), 51820. Description. Pass traffic to WireGuard.
Introduction: My name is Kimberely Baumbach CPA, I am a gorgeous, bright, charming, encouraging, zealous, lively, good person who loves writing and wants to share my knowledge and understanding with you.
We notice you're using an ad blocker
Without advertising income, we can't keep making this site awesome for you.