[Solved] WGCF cloudflare Setup instructions

Hey Guys

Can some please Guide me to setup wgcf cloudflare vpn i did search on internet and by reading I'm able to create wg cloudflare interface but im unable to configure firewall some one please guide me into this.

I only want to use vpn to bypass regional restrictions and for that i tried to use stubby but stubby isn't bypassing the regional restrictions.

I do have the cloudflare wg config file which i created by the help of github cli client.

Thnx

Well, since CloudFlare connects you to their closest regional data center, how would that work?

Have you tested the config on a laptop or PC to ensure that the VPN bypasses the restrictions?

It would be a shame to set this up and realize afterwards it not bypassing as you desire.

I manage to make interface for cloudflare by watching tutorial on YouTube and internet.

10000848301220×2712 146 KB

I set us firewall by this method is it Good?

Because sometimes i noticed Website not loading giving error.

And for me i tested both cloudflare and proton vpn Netherlands server.

Cloudflare giving me around 140 to to 160ms and proton vpn Netherlands giving me 70 to 80ms.

I live in KSA.

• That didn't answer my question

Yes, but

What other configurations did you make?

Then CloudFlare may be father away?

Oh...wow.

Bro maybe i asked wrong...

Basically i need instructions to set Wg vpn for cloudflare.

I searched on internet but I'm unable to find any proper instructions for setting up wireguard.

Thanks

لقد فهمت أسئلتك.

I understood the question, but you haven't answered the questions needed to assist you.

Yes.

• Feel free to answer the other questions
• Feel free to provide the configuration (omitting the keys). We can then verify it's correct and ypu route traffic via the tunnel

Wireguard configuration

1. Generate wgcf-profile.conf https://github.com/ViRb3/wgcf
2. Install luci-proto-wireguard.
3. Add/create WireGuard interface. e.g. Name: wg | Protocol: WireGuard VPN.
4. Import configuration wgcf-profile.conf in General Settings tab.
5. Change MTU to 1280.
6. Change firewall zone on Firewall Settings tab to wan.
7. Edit Peers tab.
   7a. Check Route Allowed IPs.
   7b. Change Endpoint Host (engage.cloudflareclient.com) to 162.159.192.1
   7c. Change Persistent Keep Alive to 25.
8. Change WAN INTERFACE (Not WireGuard interface!) Use gateway metric to 1024.

Resolve race conditions

1. Replace NTP servers with IP.

#time.cloudflare.com
162.159.200.1
162.159.200.123

#time.google.com
216.239.35.0
216.239.35.4
216.239.35.8
216.239.35.12

#time.apple.com
17.253.34.131
17.253.60.125
17.253.60.253

#time.windows.com
52.148.114.188

2. Create file /etc/hotplug.d/ntp/90-wireguard.

Fill with this:

#!/bin/sh

[ "$ACTION" = stratum ] || exit 0
ubus call network.interface.wg up

And uncheck Bring up on boot WireGuard interface on General Settings tab.

Thanks bro this what i was looking for.

Thank You so much

i missed some of things while setting up the wireguard
Like endpoint host and gateway metric.

Now All configured as per your instructions.

Also what and where i have to do with Resolve Race conditions I'm too inexperienced for it.

As I quoted from wiki:

WireGuard is time sensitive and can refuse to pass traffic if the peer's clock is out of sync. It's recommended to rely on NTP for all peers. The issue could be caused by incorrect NTP configuration, or race conditions between netifd and sysntpd services, specifically when RTC is missing.

1. System -> System -> Time Synchronization -> NTP server candidates (replace x.openwrt.pool.ntp.org with the above IPs).
2. You need to ssh into your router first then create file /etc/hotplug.d/ntp/90-wireguard.
   Then copy and paste:

#!/bin/sh

[ "$ACTION" = stratum ] || exit 0
ubus call network.interface.wg up

And don't forget to uncheck Bring up on boot WireGuard interface on General Settings tab.

BusyBox v1.36.1 (2024-07-15 22:14:18 UTC) built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt 23.05.4, r24012-d8dd03c46f
 -----------------------------------------------------
root@OpenWrt:~# /etc/hotplug.d/ntp/90-wireguard
-ash: /etc/hotplug.d/ntp/90-wireguard: not found
root@OpenWrt:~# Create file /etc/hotplug.d/ntp/90-wireguard
-ash: Create: not found
root@OpenWrt:~# /etc/hotplug.d/ntp/90-wireguard
-ash: /etc/hotplug.d/ntp/90-wireguard: not found
root@OpenWrt:~#

giving error not found

lol
create it using vi/vim or nano.
I hope you understand how to use vi/vim or nano.

really don't have any knowledge about it

Sorry!

image745×460 25.5 KB

you made me to learn it

i uncheck the option bring up on boot now interface isnot running

image1523×174 19.9 KB

Reboot your router first.

Edit:

Your WireGuard interface is cloudflare.

Replace

#!/bin/sh

[ "$ACTION" = stratum ] || exit 0
ubus call network.interface.wg up

With

#!/bin/sh

[ "$ACTION" = stratum ] || exit 0
ubus call network.interface.cloudflare up

image567×190 5.14 KB

rebooted still it is not running.

also check the ip for time sync is it correct.

image938×799 37 KB

edit.
it is showing this

image872×293 21.5 KB

I'm sorry I made a mistake.
Made it not so clear.

6. Change Use gateway metric to 1024.

Should be

6. Change WAN INTERFACE Use gateway metric to 1024.

Not WireGuard interface.

Edit:

I've changed the order.

yes bro thankyou so much now its up and running

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.