Connecting OpenWRT to a WireGuard VPN

Connecting OpenWRT to a WireGuard VPN involves several steps, including installing the WireGuard packages, obtaining the VPN configuration details, and configuring both the WireGuard interface and firewall rules on your OpenWRT router. Here’s a detailed guide to help you set up WireGuard on OpenWRT:

Prerequisites

• An OpenWRT router with internet access.
• A valid WireGuard VPN configuration from your VPN provider.

Step 1: Install WireGuard Packages

1. Log in to OpenWRT:

   • Open your web browser and navigate to your router's web interface (typically 192.168.1.1).
   • Log in with your username and password.

2. Update Package Lists:

   • Go to System > Software.
   • Click Update lists.

3. Install WireGuard Packages:

   • In the same System > Software section, use the search bar to find the following packages:
     • wireguard
     • luci-proto-wireguard
   • Install both packages by clicking Install next to each package.

Step 2: Obtain WireGuard Configuration from Your VPN Provider

1. Log in to Your VPN Provider:

   • Access your account on your VPN provider’s website.

2. Generate WireGuard Configuration:

   • Navigate to the VPN configuration section and select WireGuard as the VPN type.
   • Download the configuration file or note down the necessary details (Public Key, Private Key, Endpoint, Allowed IPs, and DNS).

Step 3: Configure WireGuard Interface on OpenWRT

1. Navigate to Network Interfaces:

   • Go to Network > Interfaces.

2. Add a New Interface:

   • Click Add new interface.
   • Name: Enter a name for the interface (e.g., wg0).
   • Protocol: Select WireGuard VPN.

3. Configure the Interface:

   • Private Key: Enter the private key from your VPN configuration.
   • Listen Port: Leave as default or set a specific port if required.
   • Addresses: Enter the IP address assigned by your VPN provider (e.g., 10.0.0.2/24).

4. Add Peers:

   • Click Add peer.
   • Description: Name the peer (e.g., VPN Server).
   • Public Key: Enter the public key provided by your VPN provider.
   • Allowed IPs: Enter 0.0.0.0/0 to route all traffic through the VPN.
   • Endpoint Host: Enter the VPN server address (e.g., vpn.example.com).
   • Endpoint Port: Enter the server port (e.g., 51820).

5. Save and Apply:

   • Click Save & Apply.

Step 4: Configure Firewall Rules

1. Create a New Firewall Zone:

   • Go to Network > Firewall.
   • Click Add to create a new firewall zone.
   • Name: Enter a name for the zone (e.g., wg_zone).
   • Input: Accept
   • Output: Accept
   • Forward: Reject
   • Masquerading: Enable
   • MSS clamping: Enable

2. Assign Interface to Zone:

   • In the Covered networks section, select the wg0 interface.

3. Save and Apply:

   • Click Save & Apply.

Step 5: Route Traffic Through the VPN

1. Configure Traffic Routing:

   • Go to Network > Interfaces.
   • Edit the WAN interface.
   • In the Advanced Settings tab, uncheck Use gateway metric.
   • Edit the wg0 interface.
   • In the Advanced Settings tab, set the Use gateway metric to a lower value than the WAN interface (e.g., 10).

2. Update Routing Table:

   • Go to Network > Routing.
   • Ensure that the default route is through the WireGuard interface.

Step 6: Test the VPN Connection

1. Check Interface Status:

   • Go to Network > Interfaces.
   • Ensure the wg0 interface is up and running.

2. Verify VPN Connection:

   • Use an external service like whatismyip.com to confirm that your public IP address matches the VPN server.

Conclusion

By following these steps, you should have successfully connected your OpenWRT router to a WireGuard VPN. This setup enhances your network security and ensures your traffic is securely routed through the VPN.

If you encounter any issues, refer to your VPN provider’s support documentation or the OpenWRT forums for additional troubleshooting tips.