make sure you have dynamic dns set up or a static ip from your isp. this will not be covered in this tutorial
1. go to system-software
2. click update lists
3. install wireguard-tools, luci-app-wireguard, luci-proto-wireguard, qrencode
4. reboot your router at system-reboot
5. go to network-interfaces
6. add new interface name VPN, protocol WireGuardVPN
7. generate new key pair, set listen port to 51820, set ip addresses to chosen vpn subnet
8. go to firewall settings, set zone to lan
9. go to peers, click add peer, name of device you will be connecting with, generate new key pair, generate psk, set allowed ip in the same subnet, route allowed ips enabled
10. click generate configuration
11. on the device you’re adding the vpn, open the wireguard app and scan the qr code
12. edit the newly created profile and enter the address you added in the peer
13. back on the firewall, go to network-firewall, then port forwards, and add a port forward
14. name it VPN and set the protocol to UDP. external port should be 51820, internal ip address should be first in subnet, internal port should be 51820
luci-app-wireguard is now gone in openwrt v23.05 (merged with luci-proto-wireguard)
unfortunately does not work for me. i tried to connect from mobile and it does not show handshake status. Did everything as instructed. not sure whats wrong
Man thank you so much it turned out that Wireguard is so much simpler that OpenVpn!!
what a fucking niiiiiiice tutorial!!!!!!!!!!!!!!!!!!it helps me a looooot !!!!!!
There is no need to create "port forward" just need to create firewall rule like this:
uci -q delete firewall.wg
uci set firewall.wg="rule"
uci set firewall.wg.name="Allow-WireGuard"
uci set firewall.wg.src="wan"
uci set firewall.wg.dest_port="51820"
uci set firewall.wg.proto="udp"
uci set firewall.wg.target="ACCEPT"
uci commit firewall
service firewall restart
and /etc/config/firewall will have those lines:
config rule
option name 'Allow-Wireguard'
list proto 'udp'
option src 'wan'
option dest_port '51820'
option target 'ACCEPT'
thanks sir.. tried another tutorials and it wasnt working. Your tutorial worked right away.
Thanks. Simple tutorial but rich of important informations only.
Thnx 🙏
Thanks man, it's actually worked, I've spent months and months trying to solve this
If you can, could you setup this VPN on OPNSense as well ?
I'm really looking forward to that, just subscribed after this video.
i have done exactly as in video, it works only inside the local wifi network, but when i change endpoint to my public local ip, it suddenly works only on mobile network, what gives?
Great help, thanks. What if I don't want to forward internet traffic of the connected phone via the home router but only to access the private IPs of my home lab?
Nice and simple, THX
Doesnt work on my Turris Omnia + Iphone 13