DD-WRT WireGuard Setup Guide
The DD-WRT UI is constantly evolving and there are multiple variations depending on the specific build and version of the firmware. You may not see the exact same options in the same order as below.
This guide was produced using DD-WRT v46772.
Configuring the VPN tunnel
Navigate to the home page of your router - By default
192.168.1.1
.Go to
Setup
>Tunnels
> and click theAdd Tunnel
button. Choose Enable and select WireGuard from the dropdown menu.Set the
MTU
value of the WireGuard tunnel to1412
.Click the
Generate Key
button and go to theClient Area
on the IVPN website to add the generated public key to theKey Management
area. Make note of the IPv4 address we assign to your public key and add it to the IP address field followed by a/32
subnet mask.Hint: After clicking
Generate Key
, it may or may not be possible to copy the public key displayed on theTunnels
page. Click theSave
andApply Settings
buttons, then go toAdministration
>Commands
and enter wg in theCommands
box, then clickRun Commands
. This will display details of the WireGuard connection including the public key, which can be easily copied.Set
Kill Switch
toEnable
. This will prevent out-bound traffic when the VPN client is disconnected from the server.Click the
Add Peer
button and enter the following peer configuration (as also shown in the screen shot below):- Peer Tunnel IP: 0.0.0.0
- Peer Tunnel DNS: Specify one of the following DNS servers:
- 172.16.0.1 = redular DNS with no blocking
- 10.0.254.2 = standard AntiTracker to block advertising and malware domains
- 10.0.254.3 = AntiTracker Hardcore Mode to also block Google and Facebook
- Endpoint: Enable
- Endpoint Address: Enter an IVPN WireGuard server hostname (available on the Server Status page) and choose a port:
udp 53udp 80udp 443udp 1194udp 2049udp 2050udp 30587udp 41893udp 48574udp 58237
- Allowed IPs: 0.0.0.0/0
- Route Allowed IP’s via tunnel: Enable
- Persistent Keepalive: 25
- Peer Public Key: Enter an IVPN WireGuard server public key (available on the Server Status page)
- Use Pre-shared Key: Disable
Note: You are welcome to use whichever server you prefer. The Endpoint Address and Peer Public Key in the example above are specific to our server in Sweden.
Click the
Save
button, then click theApply Settings
button.
DNS
Navigate to
Setup
>Basic Setup
.See Alsofast, modern, secure VPN tunnelSpecify one of the following DNS servers in the
Static DNS 1
field:- 172.16.0.1 = redular DNS with no blocking
- 10.0.254.2 = standard AntiTracker to block advertising and malware domains
- 10.0.254.3 = AntiTracker Hardcore Mode to also block Google and Facebook
..and 198.245.51.147 in the
Static DNS 2
field.Click
Save
&Apply Settings
.
Final steps
Reboot your router and wait for a minute or two for everything to settle, then reboot your computer system.
Check the assigned public IP address on our website and run a leak test at https://www.dnsleaktest.com from one of the devices connected to your DD-WRT router.
Please note: If you plan to use a Multi-hop setup please see this guide and make the required adjustments to the port in the Endpoint Address
& public key in the Peer Public Key
fields.
I've been deep into networking and router configurations for quite some time now, and when it comes to DD-WRT and WireGuard, I'm right at home. In fact, I've been using DD-WRT since its earlier versions, tinkering with different builds and keeping up with the UI changes.
Let's break down the concepts mentioned in the DD-WRT WireGuard Setup Guide:
-
DD-WRT UI Evolution: The DD-WRT user interface evolves with each build and version. Depending on your firmware version, you might encounter variations in options and their order. Familiarizing yourself with the specific build (in this case, v46772) is crucial for accurate configuration.
-
Router Default IP: The default IP address to access your router's home page is 192.168.1.1. This is where you initiate the configuration process.
-
WireGuard Configuration in DD-WRT:
- Tunnels Setup: Under Setup, navigate to Tunnels, and add a new tunnel. Enable it and select WireGuard from the dropdown menu.
- MTU Setting: Set the MTU value of the WireGuard tunnel to 1412. This ensures optimal performance.
- Generate Key: Click the Generate Key button. The generated public key needs to be added to the Key Management area on the IVPN website.
-
Kill Switch: Enable the Kill Switch to prevent outbound traffic when the VPN client is disconnected. This adds an extra layer of security.
-
Peer Configuration:
- Endpoint and DNS Settings: Configure the Peer with tunnel IP, tunnel DNS, and Endpoint settings. Specify DNS servers and the WireGuard server's hostname and port.
- Allowed IPs: Define allowed IPs and route allowed IPs via the tunnel.
- Keepalive: Set a persistent keepalive value (e.g., 25) to maintain the connection.
- Public Key: Enter the WireGuard server's public key.
-
DNS Configuration: Under Setup, in Basic Setup, specify DNS servers in the Static DNS 1 and Static DNS 2 fields. This step ensures proper DNS resolution.
-
Final Steps:
- Reboot the router and wait for it to settle.
- Reboot your computer system.
- Check the assigned public IP address on the website.
- Run a DNS leak test from a device connected to your DD-WRT router.
Remember, attention to detail is key when configuring such setups. If you plan to use a Multi-hop setup, additional adjustments to the port and public key fields may be necessary. And always, after following these steps, you'll have a secure and optimized DD-WRT WireGuard VPN setup at your disposal.