OpenWrt Project

User Tools

Site Tools

You are here: Welcome to the OpenWrt Project » Documentation » User guide » Additional Services » VPN (aka Virtual Private Network) » WireGuard
en
 ?

Sidebar

Learn about OpenWrt

Contributing

Project

docs:guide-user:services:vpn:wireguard:start

Table of Contents

WireGuard

This article relies on the following:

WireGuard is an open-source software application and protocol that implements virtual private network (VPN) techniques to create secure point-to-point connections in routed or bridged configurations. It is run as a module inside the Linux kernel and aims for better performance than the IPsec and OpenVPN tunneling protocols. It is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. It uses UDP.

VPN peers

WireGuard is a peer-to-peer VPN service which may be configured depending on your use case. The protocol itself treats all peers equally, so there is nothing that distinguishes a server from a client. That said, this VPN protocol is highly flexible and can be used as a direct peer-to-peer communications channel, server-client type relationship or in a site-to-site configuration.

Key management

WireGuard generally relies on relies on public-key cryptography. This means you should generate private keys on the respective peers and exchange only their public keys. In addition for better security, you can also generate and exchange a pre-shared key. Each 2 peers should use a common pre-shared key.

Time synchronization

WireGuard is time sensitive. If the peer's clock is out of sync, the VPN tunnel may refuse to pass traffic. The issue could be caused by incorrect NTP configuration, or race conditions between netifd and sysntpd services, or related to specific hardware. Setting time forward on the client side can work around the problem.

Instructions

1. Installing packages

Navigate to LuCI → System → Software and install the packages luci-proto-wireguard and luci-app-wireguard to manage WireGuard using LuCI.

2. Generating keys

Generate a key pair of private and public keys. 

wg genkey | tee wg.key | wg pubkey > wg.pub
  • Use the wg.key file to configure the WireGuard interface on this router.
  • Use the wg.pub file to configure peers that will connect to this router through the WireGuard VPN.

3. Restarting services

Navigate to LuCI → System → Startup → Initscripts and click to network → Restart.

4. Setting up network

To create a new WireGuard interface go to LuCI → Network → Interfaces → Add new interface… and select WireGuard VPN from the Protocol dropdown menu.

5. Monitoring connection status

The menu LuCI → Status → WireGuard Status shows information about the WireGuard VPN.

See also:

This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
docs/guide-user/services/vpn/wireguard/start.txt · Last modified: 2020/11/12 04:19 by vgaetera

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki