There are two ways we can go from here. You might have generated a key pair, and you'll be able to use it. Or, we will have to generate one.
If you have a key pair already, continue the tutorial as usual. If you do not, you should move on to theI don’t have a key pair section.
I have a key pair
Go to Surfshark's login page and log in. Then, visit VPN > Manual setup. Choose the Routeroption and click onWireGuard.
In the next window, click on I have a key pair.
Name your key pair and clickNext.
Enter your public key and hitSave.
I don't have a key pair
Go to Surfshark's login page and log in. Then, visit VPN > Manual setup. Choose the Router option and click on WireGuard.
In the next window, click onI don't have a key pair.
Name your new key pair.
Click onGenerate a new key pair.
NOTE: Copy and store the generated key pairs on your device. You will not be able to check them here again.
Choose a Surfshark server
Once you have your key pair, you should see a Choose a location button. Click on it. Here, you'll find the list of available locations to connect to. Select one and hit the download button.
Install and configure WireGuard
Access your router by typing one of the following websites on your browser:
Routers flashed with OpenWRT firmware image initially accept connections only through the telnet protocol, so you should connect to telnet with the following IP address: 192.168.1.1
Change the root password with the command "passwd".
Once logged in, click on System and select Software.
On this page, you will download the WireGuard package. To do so, click on Update lists.
Once the lists are updated, in the search field type WireGuard, and install the WireGuardpackage first, following with luci-app-wireguard.
Restartthe router. To do so, click on Systemand then click Reboot. After the reboot is done, log in to your router again.
Configure the interface
Install the WireGuard interface. Click on Network >Interfaces. At the bottom of the page, select Add new interface.
Fill in the following information:
Name: wg0 Protocol: WireGuard VPN
Select Create Interface.
Enter the Private key (refer toGet your key pairsections in this article). Copy and paste it into the Private Key area.
In the IP Address box, enter the IP address from the Surfshark WireGuard server file.In our case, it's 10.14.0.2/16.
Click on the Advanced Settings tab and uncheck Use DNS servers advertised by peer and enter Surfshark DNS addresses, which are:
162.252.172.57
149.154.159.92
Assign a firewall zone. To do so, click on Firewall settings.Here click on unspecified, and then in the bottom field, enter vpn.
Now click on the Peers tab and select Add peer.
Add the following information:
Description: Name it whatever you like Public key: Paste your public key (refer toGet your key pairsections in this article) Allowed IPs: 0.0.0.0/0 Route allowed IPs: check the box Endpoint host: enter the endpoint IP address of the configuration file (note that it should end with surfshark.com) Endpoint port: Enter the last 5 digits from the IP address of the configuration file
Click Save.
You will notice that the WG0 interface has 7 pending changes. Click on Save & Apply here to confirm them.
Configure the VPN zone
Go to the Network tab and select Firewall at the bottom.
You will find various zones on your network. At the bottom, you will find the VPN zone you created earlier. We need to change the input, output, forward, and masquerading options to match the “wan” zone.
Change the input fromAccept to Reject and check themasqueradingbox. After doing so, clickSave.
lan to wan zone needs to be edited, so click on Edit.
EnableMSS clamping in the new window.
In theAllow forward to destination zones section, click on this little arrow and select the VPN zone that we created.
Click Save.
Next to Zones, make sure to click onSave & Apply andrebootyour router.
To verify your connection, click on Network >Interfaces. The WG0 interface we created should be receiving and sending packets.
Ensure the connection is successful
We always recommend checking if Surfshark VPN is working after setting it up for the first time. You can easily do it by performing Surfshark IP leak test and a DNS leak test. For your convenience, both are available on our website.
You may also be interested in:
How to make sure if Surfshark VPN is working
How to set up OpenVPN on OpenWRT router
How to set up OpenVPN on OpenWRT using the router's web interface
Once logged in, click on System and select Software. On this page, you will download the WireGuard package. To do so, click on Update lists. Once the lists are updated, in the search field type WireGuard, and install the WireGuard package first, following with luci-app-wireguard.
Go to [VPN] > [VPN Server] > enable and click [WireGuard® VPN] > click add button. 4. For general devices like laptops or phones, you can just click the Apply button.
Check the wireguard status by running wg with no parameters. If you see that handshakes are occurring, the basic setup with keys and endpoint address is working then you would look at routing and firewall.
On APU routers pfSense and OPNsense achieve about 100Mbit/s throughput. OpenWRT achieves about 140Mbit/s. APU delivers more than 600Mbit/s with Wireguard VPN. If you have a choice between OpenVPN and Wigeguard, choose the latter.
The biggest notable differences between WireGuard and OpenVPN are speed and security. While WireGuard is generally faster, OpenVPN provides heavier security. The differences between these two protocols are also their defining features. We've taken a closer look at each so you can really understand how they work.
Introduction. This how-to describes the method for setting up OpenVPN server on OpenWrt. Follow OpenVPN client for client setup and OpenVPN extras for additional tuning. It requires OpenWrt 21.02+ with OpenVPN 2.5+ supporting tls-crypt-v2 .
To check if WireGuard Server is working properly, we can use another device connected to another network and use the WireGuard configuration we exported earlier to connect and see whether it connects properly and whether the IP address is the IP of WireGuard Server.
Introduction: My name is The Hon. Margery Christiansen, I am a bright, adorable, precious, inexpensive, gorgeous, comfortable, happy person who loves writing and wants to share my knowledge and understanding with you.
We notice you're using an ad blocker
Without advertising income, we can't keep making this site awesome for you.