Help with Wireguard

Installing and Using OpenWrt
1

Looking for help with setting up Wireguard.
Looking to have all devices connected to this router use the vpn.
I had openvpn running with my Protonvpn account. Now trying to switch it to using Wireguard.

If someone can point me to a guide or walk me through it.

Thanks in advance

2

Tried the wiki?

https://openwrt.org/docs/guide-user/services/vpn/wireguard/all-traffic-through-wireguard
https://openwrt.org/docs/guide-user/services/vpn/wireguard/start

3

I saw those but I was hoping to find a guide using the web interface.
The wiki also does not explain what is the preshared key?
I got a public and private key from Proton.

Thanks for your help

4

Preshared keys are an optional extra layer of security. If the other peer (Proton) is not using a preshared key, simply leave the preshared key box blank.

1 Like
5

It is optional, if Proton does not supply any you do not need one

2 Likes
6

Could you at least clarify

  • what you're trying to achieve,
  • what you did so far and
  • what's not working?

I've spent probably 30 minutes with my WireGuard configuration. I use the LuCI web UI exclusively for the WireGuard part. The one thing I failed to do right on first try is the "allowed IPs" part, but once you read up on it in the documentation, that's quite a nice idea.

  • create a new network device of type WireGuard
  • let the "general" section auto-create private and public keys for the server
  • set up a local IP address (can be any rfc1918 really, doesn't need to form a proper subnet with your clients either, just use non-conflicting /32 addresses)
  • go to "peers" tab and add a par
  • let the new peer create a new private and public key for the client
  • add the server IP to the clients allow list
  • pick a personal IP address for the client
  • put that IP address in the allowed list for the server
  • allow routing through firewall just as you would with non-VPN networking
  • copy the settings (there's a "get configuration" button in the peer section) to your client
  • profit
7

OK. Thanks for clarifying.
For when creating the interface, Im not clear what to put in IP Addresses?

8

@NetwrkNoob just clarifying: Are you switching away from proton (that's what thought) or are you trying to use proton but with Wireguard instead of OpenVPN (that's what everyone else here seems to be assuming)?

9

IMO it is much easier to just edit /etc/config/network directly. Here is a template:

config interface 'wg0'
	option proto 'wireguard'
	option listen_port '51820'
	list addresses '10.200.200.200/24'
	option private_key 'xxx'
	option delegate '0'

config wireguard_wg0
	option description 'peer 1'
	list allowed_ips '10.200.200.201/32'
	option route_allowed_ips '1'
	option public_key 'yyy'
	option preshared_key 'zzz'

You can change the address to anything, the above is just want I am using. Same for port.

Once you get the interface up, you can use PBR to get traffic flowing through it. See: Create a SSID/Interface that will use a commercial VPN

10

Private key goes in the main interface section. Ideally you would choose a private key and keep it secret (register the corresponding public key with the VPN service), but most VPN services tell you what private key you must use.

The public key they provide is their public key and goes in the Peer tab.

11

I just noticed there is a window to import the Wireguard config to create the interface.
I'll see if i can go from there.

Thanks again

12

Thanks for everyones help

Found the following guide which seemed to work

13

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.