WireGuard setup guide for DD-WRT routers (2024)

Table of Contents
DD-WRT WireGuard Setup Guide Configuring the VPN tunnel DNS Final steps FAQs

DD-WRT WireGuard Setup Guide

The DD-WRT UI is constantly evolving and there are multiple variations depending on the specific build and version of the firmware. You may not see the exact same options in the same order as below.

This guide was produced using DD-WRT v46772.

Configuring the VPN tunnel

  1. Navigate to the home page of your router - By default 192.168.1.1.

  2. Go to Setup > Tunnels > and click the Add Tunnel button. Choose Enable and select WireGuard from the dropdown menu.

  3. Set the MTU value of the WireGuard tunnel to 1412.

  4. Click the Generate Key button and go to the Client Area on the IVPN website to add the generated public key to the Key Management area. Make note of the IPv4 address we assign to your public key and add it to the IP address field followed by a /32 subnet mask.

    Hint: After clicking Generate Key, it may or may not be possible to copy the public key displayed on the Tunnels page. Click the Save and Apply Settings buttons, then go to Administration > Commands and enter wg in the Commands box, then click Run Commands . This will display details of the WireGuard connection including the public key, which can be easily copied.

    WireGuard setup guide for DD-WRT routers (1)

    See Also
    Can you be tracked if you use a VPN? - SurfsharkpfSense® software Configuration Recipes — WireGuard Remote Access VPN Configuration ExampleInstalling VPN on LinuxWireGuard Endpoints and IP Addresses

  5. Set Kill Switch to Enable. This will prevent out-bound traffic when the VPN client is disconnected from the server.

  6. Click the Add Peer button and enter the following peer configuration (as also shown in the screen shot below):

    • Peer Tunnel IP: 0.0.0.0
    • Peer Tunnel DNS: Specify one of the following DNS servers:
      • 172.16.0.1 = redular DNS with no blocking
      • 10.0.254.2 = standard AntiTracker to block advertising and malware domains
      • 10.0.254.3 = AntiTracker Hardcore Mode to also block Google and Facebook
    • Endpoint: Enable
    • Endpoint Address: Enter an IVPN WireGuard server hostname (available on the Server Status page) and choose a port:
      udp 53udp 80udp 443udp 1194udp 2049udp 2050udp 30587udp 41893udp 48574udp 58237
    • Allowed IPs: 0.0.0.0/0
    • Route Allowed IP’s via tunnel: Enable
    • Persistent Keepalive: 25
    • Peer Public Key: Enter an IVPN WireGuard server public key (available on the Server Status page)
    • Use Pre-shared Key: Disable

    WireGuard setup guide for DD-WRT routers (2)

    Note: You are welcome to use whichever server you prefer. The Endpoint Address and Peer Public Key in the example above are specific to our server in Sweden.

  7. Click the Save button, then click the Apply Settings button.

DNS

  1. Navigate to Setup > Basic Setup.

    See Also
    fast, modern, secure VPN tunnel

  2. Specify one of the following DNS servers in the Static DNS 1 field:

    • 172.16.0.1 = redular DNS with no blocking
    • 10.0.254.2 = standard AntiTracker to block advertising and malware domains
    • 10.0.254.3 = AntiTracker Hardcore Mode to also block Google and Facebook

    ..and 198.245.51.147 in the Static DNS 2 field.

  3. Click Save & Apply Settings.

Final steps

  1. Reboot your router and wait for a minute or two for everything to settle, then reboot your computer system.

  2. Check the assigned public IP address on our website and run a leak test at https://www.dnsleaktest.com from one of the devices connected to your DD-WRT router.

Please note: If you plan to use a Multi-hop setup please see this guide and make the required adjustments to the port in the Endpoint Address & public key in the Peer Public Key fields.

I've been deep into networking and router configurations for quite some time now, and when it comes to DD-WRT and WireGuard, I'm right at home. In fact, I've been using DD-WRT since its earlier versions, tinkering with different builds and keeping up with the UI changes.

Let's break down the concepts mentioned in the DD-WRT WireGuard Setup Guide:

  1. DD-WRT UI Evolution: The DD-WRT user interface evolves with each build and version. Depending on your firmware version, you might encounter variations in options and their order. Familiarizing yourself with the specific build (in this case, v46772) is crucial for accurate configuration.

  2. Router Default IP: The default IP address to access your router's home page is 192.168.1.1. This is where you initiate the configuration process.

  3. WireGuard Configuration in DD-WRT:

    • Tunnels Setup: Under Setup, navigate to Tunnels, and add a new tunnel. Enable it and select WireGuard from the dropdown menu.
    • MTU Setting: Set the MTU value of the WireGuard tunnel to 1412. This ensures optimal performance.
    • Generate Key: Click the Generate Key button. The generated public key needs to be added to the Key Management area on the IVPN website.

  4. Kill Switch: Enable the Kill Switch to prevent outbound traffic when the VPN client is disconnected. This adds an extra layer of security.

  5. Peer Configuration:

    • Endpoint and DNS Settings: Configure the Peer with tunnel IP, tunnel DNS, and Endpoint settings. Specify DNS servers and the WireGuard server's hostname and port.
    • Allowed IPs: Define allowed IPs and route allowed IPs via the tunnel.
    • Keepalive: Set a persistent keepalive value (e.g., 25) to maintain the connection.
    • Public Key: Enter the WireGuard server's public key.

  6. DNS Configuration: Under Setup, in Basic Setup, specify DNS servers in the Static DNS 1 and Static DNS 2 fields. This step ensures proper DNS resolution.

  7. Final Steps:

    • Reboot the router and wait for it to settle.
    • Reboot your computer system.
    • Check the assigned public IP address on the website.
    • Run a DNS leak test from a device connected to your DD-WRT router.

Remember, attention to detail is key when configuring such setups. If you plan to use a Multi-hop setup, additional adjustments to the port and public key fields may be necessary. And always, after following these steps, you'll have a secure and optimized DD-WRT WireGuard VPN setup at your disposal.

WireGuard setup guide for DD-WRT routers (2024)

FAQs

How to setup WireGuard on DD-WRT router? ›

DD-WRT WireGuard Setup Guide
  1. Navigate to the home page of your router - By default 192.168. ...
  2. Go to Setup > Tunnels > and click the Add Tunnel button. ...
  3. Set the MTU value of the WireGuard tunnel to 1412 .

Read On
How to set up WireGuard on router? ›

I don't have a key pair
  1. Go to Surfshark's login page and log in. Then, visit VPN > Manual setup. Choose the Router option and click on WireGuard.
  2. In the next window, click on I don't have a key pair.
  3. Name your new key pair.
  4. Click on Generate a new key pair. NOTE: Copy and store the generated key pairs on your device.
Sep 25, 2023

Discover More Details
How do I setup a WireGuard on OpenWRT router? ›

How to set up WireGuard® on OpenWRT router
  1. Get your key pair.
  2. I have a key pair.
  3. I don't have a key pair.
  4. Choose a Surfshark server.
  5. Install and configure WireGuard.
  6. Configure the interface.
  7. Configure the VPN Zone.
  8. Ensure the connection is successful.
Jan 26, 2024

Continue Reading
How do I configure and configure OpenVPN on my DD-WRT router? ›

Using the Web Interface, go to the "Services" tab and then the "VPN" tab (for older versions of dd-wrt go to the "Administration" tab and then the "Services" sub-tab). Enable OpenVPN Daemon or OpenVPN Client. If further options do not appear, click Apply Settings. Click Apply Settings.

See Details
What are the best router settings for DD-WRT? ›

Default Setting: ddwrt

Best practice is to name both 2.4GHz and 5Ghz the same SSID and use the same password for both bands. This helps "improve coverage" because your client will switch over to 2.4GHz from 5Ghz faster than if you used a separate 5GHz SSID; you're already authenticated on both radios.

Find Out More
Which ports to forward for WireGuard? ›

Port Forwarding
  • Http on port 80.
  • Https on port 443.
  • Postfix SMTP on port 25.
  • Postfix SMTPS on port 465.
  • Postfix Submission on port 587.
  • Dovecot IMAP on port 143.
  • Dovecot IMAPS on port 993.
  • Dovecot POP3 on port 110.

Tell Me More
Which is more secure, WireGuard or OpenVPN? ›

There are no known security flaws in either protocol. If security is your topmost priority, the conservative option is OpenVPN. It has simply been around much longer than WireGuard, gone through more third-party security audits, and has a far longer track record than WireGuard.

Show Me More
How to setup VPN on OpenWrt router? ›

OpenWrt OpenVPN Setup Guide
  1. In your router's webUI, navigate to System - Software , click Update lists.
  2. In the Filter field, type OpenVPN, locate and install openvpn-openssl & luci-app-openvpn packages.
  3. Restart your router.

Explore More
Which router support WireGuard? ›

What Are The Best WireGuard-Supporting Wi-Fi Routers?
  • Mesh Routers. $229.99 Regular Price $284.99.
  • TP-Link Archer BE800 WiFi 7 FlashRouter.
  • Asus ROG Rapture GT6 Mesh FlashRouter. $599.99 Regular Price $699.99.

Continue Reading
Is OpenWrt better than DD-WRT? ›

DD-WRT is mostly available on older routers with more up-to-date software than the manufacturers provide. If you're ready to take the next step in customization or just want to use hardware that doesn't make sense for DD-WRT, such as using a thin client PC as a router, OpenWrt is the answer.

Show Me More

Does DD-WRT support VPN? ›

Among other benefits, most DD-WRT distributions allow users to configure OpenVPN server connections directly from the router. Some providers sell DD-WRT routers pre-configured for their VPNs, saving you the headache of setting it up yourself.

Read The Full Story
What ports to open on router for OpenVPN? ›

By default, Access Server comes configured with OpenVPN daemons listening on UDP port 1194 and TCP port 443. Access Server's web services also use TCP 443 for the web interfaces.

See Details
How do I set up a WireGuard Tunnel? ›

Configure a WireGuard Tunnel
  1. Navigate to VPN > WireGuard > Tunnels.
  2. Click. ...
  3. Fill in the WireGuard Tunnel settings as described in WireGuard Package Settings.
  4. Click Save Tunnel.
  5. Add firewall rules on Firewall > Rules, WAN tab to allow UDP traffic to the port for this WireGuard tunnel (WireGuard and Rules / NAT)
May 1, 2023

Get More Info Here
Top Articles
Can You Get a Job When You are Blacklisted? - Fincheck Academy
how to remove followers
Sprinter Tyrone's Unblocked Games
Cold Air Intake - High-flow, Roto-mold Tube - TOYOTA TACOMA V6-4.0
Lexi Vonn
Katmoie
Valley Fair Tickets Costco
Mama's Kitchen Waynesboro Tennessee
How To Get Free Credits On Smartjailmail
Volstate Portal
Tcu Jaggaer
Beebe Portal Athena
Gemita Alvarez Desnuda
Craigslist In Flagstaff
Zalog Forum
H12 Weidian
Fort Mccoy Fire Map
FDA Approves Arcutis’ ZORYVE® (roflumilast) Topical Foam, 0.3% for the Treatment of Seborrheic Dermatitis in Individuals Aged 9 Years and Older - Arcutis Biotherapeutics
Pecos Valley Sunland Park Menu
How many days until 12 December - Calendarr
Babbychula
1973 Coupe Comparo: HQ GTS 350 + XA Falcon GT + VH Charger E55 + Leyland Force 7V
Valic Eremit
8000 Cranberry Springs Drive Suite 2M600
Foolproof Module 6 Test Answers
Move Relearner Infinite Fusion
Dtm Urban Dictionary
DIY Building Plans for a Picnic Table
Springfield.craigslist
Craigslist Free Puppy
Capital Hall 6 Base Layout
How to Play the G Chord on Guitar: A Comprehensive Guide - Breakthrough Guitar | Online Guitar Lessons
THE 10 BEST Yoga Retreats in Konstanz for September 2024
Pillowtalk Podcast Interview Turns Into 3Some
Imperialism Flocabulary Quiz Answers
Midsouthshooters Supply
19 Best Seafood Restaurants in San Antonio - The Texas Tasty
Mckinley rugzak - Mode accessoires kopen? Ruime keuze
What Does Code 898 Mean On Irs Transcript
Telugu Moviez Wap Org
Electronic Music Duo Daft Punk Announces Split After Nearly 3 Decades
Entry of the Globbots - 20th Century Electro​-​Synthesis, Avant Garde & Experimental Music 02;31,​07 - Volume II, by Various
Low Tide In Twilight Manga Chapter 53
Payrollservers.us Webclock
UWPD investigating sharing of 'sensitive' photos, video of Wisconsin volleyball team
Victoria Vesce Playboy
303-615-0055
Craiglist.nj
Buildapc Deals
Ippa 番号
Latest Posts
Yes, It's Possible to Get Free Samples Without Surveys—Here's How
Data Privacy Definition, Explanation & Examples
Article information

Author: Duncan Muller

Last Updated:

Views: 6472

Rating: 4.9 / 5 (79 voted)

Reviews: 86% of readers found this page helpful

Author information

Name: Duncan Muller

Birthday: 1997-01-13

Address: Apt. 505 914 Phillip Crossroad, O'Konborough, NV 62411

Phone: +8555305800947

Job: Construction Agent

Hobby: Shopping, Table tennis, Snowboarding, Rafting, Motor sports, Homebrewing, Taxidermy

Introduction: My name is Duncan Muller, I am a enchanting, good, gentle, modern, tasty, nice, elegant person who loves writing and wants to share my knowledge and understanding with you.