Zum Inhalt

OpenWrt - WireGuard Peer Configuration

The installation of the WireGuard server was successfully accomplished on the OpenWrt device. Now connect your devices, so-called peers, to your WireGuard server.

All articles of the OpenWrt series

The WireGuard peer configuration is done within the WG0 interface.

OpenWrt - WireGuard Peer Configuration

Got to Peers tab in WireGuard interface to add, modify or delete peers.

OpenWrt - WireGuard Peer Configuration

Add peer

OpenWrt Setup

OpenWrt - WireGuard Peer Configuration

  • Description = Name of the peer device
  • Öffentlicher Schlüssel = Public key of WireGuard peer
  • Private Key = Create private key with click on button Generate new key pair
  • Preshared Key = Optional to make the connection more secure with an additional password
  • Erlaubte IP-Adressen = IP range 10.200.250.0 - 10.200.250.250; enter in format 10.200.250.xxx/32
  • Route Allowed IPs = yes
  • Endpoint Host = empty
  • Endpoint Port = empty
  • Persistent Keep Alive = 25
  • Configuration Export = generate QR code to scan on peer device

The interface needs to be restarted to make the changes active.

OpenWrt - WireGuard Peer Configuration

Peer Setup - Manually

To setup the VPN on the client the WireGuard app needs to be installed on the device.

Interface Configuration

OpenWrt - WireGuard Peer Configuration

Peer Configuration (Peer = OpenWrt)

OpenWrt - WireGuard Peer Configuration

  • Name = Name of wireGuard server
  • Öffentlicher Schlüssel = Generate key pair on peer and copy public key on the WireGuard server
  • Adressen = IP address configured on WireGuard server for that peer (= Erlaubte IP-Adressen)
  • DNS-Server = IP address of Pi-hole (192.168.xxx.xxx) or OpenWrt device (192.168.35.8)
  • Öffentlicher Schlüssel = Public key of Wireguard server (see WireGuard-Status site in LuCi )
  • Endpunkt = mydomain.de:51820
  • Zulässige IPs = 0.0.0:0/0

Peer Setup - QR Code

The easiest way to setup WireGuard on a mobile device is to use QR code.

LuCi Configuration

OpenWrt - WireGuard Peer Configuration

QR Code

OpenWrt - WireGuard Peer Configuration

You need to restart the WireGuard interface to apply the configuration changes!

On the smartphone you have to edit the configuration and add

  • IP address
  • DNS server

The setup with QR code is the easiest option and less prone to typing errors.

OpenWrt - WireGuard Peer Configuration

Peer Setup - Client

Next to the QR code WireGuard shows the configuration in plain text.

The following example shows what you have to enter so get a handshake with the OpenWrt WireGuard.

[Interface]
PrivateKey = <the-private-key-of-the-client>
Address = 10.200.250.3/24
ListenPort = 51820
DNS = <ip-of-your-dns-server

[Peer]
PublicKey = <the-private-key-of-the-OpenWrt>
PresharedKey = <the-preshared>
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = mydomain.de:51820
PersistentKeepAlive = 25

All articles of the OpenWrt series

Gib mir gerne einen Kaffee ☕ aus ❗️

Wenn dir meine Beiträge gefallen und geholfen haben, dann kannst du mir gerne einen Kaffee ☕️ ausgeben.

Donation via PayPalDonation via LiberaPay

Donation via Bitcoin
Bitcoin Address: bc1qfuz93hw2fhdvfuxf6mlxlk8zdadvnktppkzqzj

Source

Image: Official OpenWrt Logo - https://OpenWrt.org/_media/docs/guide-graphic-designer/OpenWrt-logo-usage-guidelines.pdf