Wireguard to vpnunlimited via Openwrt wireless AP

I am familiar with Wireguard tunnel/oeers created on my pfSense and have Wireguard peers installed to many of my end-devices. Each device connects via my main AP (connected to my pfSense). However, there are a number of end-devices which can't setup Wireguard peer on, e.g. my Amazon Firestick, Roku stick. If I want to connect through my VPN provider, I just connect them to a specific SSID of another AP which have Wireguard already connected to my VPN provider.

I know I'm supposed to do it on my pfSense and my main AP, but I've tried and it didn't work now. So my solution is to buy another cheap AP which supports Openwrt and hopefully can make it work.

I'm about to buy a new wireless router (Xiaomi AC2100) which can run Openwrt RC release. I intend to use it as a second access point which connects to a VPN provider (vpnunlimited). If my end-devices want to access through such VPN, I just connect it to the second AP ssid.

I may either connect this second AP to my main AP LAN port; or wirelessly (AP+client mode). I'm not sure it can be done as (AP+client mode). If possible, I may use the latter; if not wire connection between two AP.

Has anyone setup Wireguard on Openwrt AP which works as Wireguard client (similar to Openvpn client) and end-devices can connect to its SSIDs to obtain VPN connection? I would like to have some guideline how you do it on Openwrt. My VPN provider already gave me this configuration information.


Here you are

Be aware that when you generate config you can only set and use it on one device and when you generate new one you cannot use a previous config that you generated before

1 Like

Thanks David. I don't know they already have a setup instruction.
I understand that by this setup, my second AP is another peer. Many wireless end-devices can connect through VPN via this AP simultaneously?

Indeed you can try it

I've checked the instruction guide; but the guide is for a router, not a dumb wifi where Wan interface is disabled.
According to the instruction step 5 where I have to go to Wan firewall setting and choose Wan interface, should I choose LAN interface? And any routing setup to be done on my router side?

Convert the dumb AP to a router, or change the default gateway on the clients.

Could you elaborate more on the "changing of the default gateway" option?

A computer needs to know "where 'the internet' is" (or more generically, where's the uplink for a given route), this needs to be set on each computer in the form of the standard gateway (IP address). In this simple (and most common) case, the default route is assigned to the computer by the DHCP lease handed out by your router, inserting its own IP in there (but that's not strictly necessary); this also works just fine if your router is terminating your VPN tunnel.

However if you want another system (e.g. an AP, which is not an uplink device (a 'router'), but merely a peer in your network) terminating the VPN tunnel, you need to diverge from these simple defaults and change your computer's standard gateway setting, thereby telling it that the IP address handling your uplink traffic is no longer the router (via its IP address), but the VPN endpoint (IP) of your AP.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.