OpenWrt Project

User Tools

Site Tools

You are here: Welcome to the OpenWrt Project » Documentation » User guide » Additional Services » VPN (aka Virtual Private Network) » WireGuard
en
 ?

Sidebar

Learn about OpenWrt

Contributing

Project

docs:guide-user:services:vpn:wireguard:start

Table of Contents

WireGuard

WireGuard is an open-source software application and protocol that implements virtual private network (VPN) techniques to create secure point-to-point connections in routed or bridged configurations. It is run as a module inside the Linux kernel and aims for better performance than the IPsec and OpenVPN tunneling protocols. It is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. It uses UDP.

VPN Peers

WireGuard is a peer-to-peer VPN service. The protocol itself treats all peers equally, so there is nothing that distinguishes a server from a client. That said, this VPN protocol is highly flexible and can be used as a direct peer-to-peer communications channel, server-client type relationship or in a site-to-site configuration. Wireguard as a VPN Server or Client provides some examples of the various contexts in which WireGuard may be configured.

Installation

WireGuard can be installed through the package wireguard and luci-app-wireguard for integration with LuCI. You'll need to reboot the router.

Creating a WireGuard interface

To create a new WireGuard interface go to Network > Interfaces > Add new interface… and select “WireGuard VPN” from the “Protocol” dropdown menu.

Generate a key pair

Generate a key pair of private and public keys, and store them in /etc/wireguard for easy reference. From a terminal, enter: 

mkdir -p /etc/wireguard
cd /etc/wireguard
wg genkey | tee ./privatekey | wg pubkey > ./publickey

This saves two files in /etc/wireguard:

  • Use the privatekey file to configure the Wireguard interface on this router. Keep it secret: there is never a need to send the private key anywhere else. (You could, of course, record both keys in your password manager program.)
  • Use the publickey file to configure peers that will connect to this router through the WireGuard VPN.

The LuCI menu Status → WireGuard Status shows information about the WireGuard VPN.

See also:

This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
docs/guide-user/services/vpn/wireguard/start.txt · Last modified: 2020/08/03 11:19 by vgaetera

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki