How to setup the wire-guard Nordvpn on openwrt router?

  1. Firstly you need to generate the wire-guard configuration file for the Nordvpn.
    i) For that check it out in this link
    And [Instruction] Config NordVPN wireguard (Nordlynx) on OpenWrt
    And follow until your nordvpn is up and running in Linux PC.
    ii) After that use this bash script
    to generate that configuration file for the respective nordvpn server that you are connected to.
  2. Go to System  Software and install luci-proto-wireguard, it will also install the other related software needed to run the wireguard.
  3. Reboot your router.
  4. Now that you got the nordvpn configuration file and software installed, Head on to the router page and click on Networkinterface.
     Click on add new interface it should be like this image and click create interface.
     Put private and public key along with the ip addresses in the respective field.
     Click in advance tab and put the MTU value to 1500.
     Click on Firewall Settings tab and create a wgfirewall.
     Click on peers tab and create a new peer.
     Finally click save.
  5. Now go to Network  Firewall.
     In zones section of firewall page, make it like this image.
     Click in edit button of wgfirewall and make it like this image.
    And click save.
     Click in edit button of lan and make it like this image.
    And click save.
  6. That’s it for now you are all set.
    Go to networkinterfaces and click Restart for the wireguard interface.
    Now, your openwrt router should be running wireguard.
    To verify that go to Status WireGuard and you should see the wireguard details with the handshake time.

If there is any other thing that I can do to improve the performance of the VPN. I find my internet a bit slower than the regular OVPN way.

1 Like

MTU for the WireGuard interface of 1500 seems too high.
Your regular MTU is 1500 but there has to be room for the wg overhead which is 60 for ipv4 and 80 for ipv6.

So a much used MTU for the WG interface is 1420.

Reagarding firewall you can simply add the WG interface to the WAN zone if you want easy :wink:

Edit: but thanks for the nice write up :+1:


But this configuration is for using NordLynx protocol on openwrt firmware?

All other configurations settings for openwrt is at nordvpn website.