WireGuard® VPN Client Setup for OpenWrt router

for KeepSolid VPN Unlimited® users

WireGuard® is a new open-source VPN protocol that provides bulletproof privacy and security. With our detailed instructions, you’ll learn how to configure WireGuard® VPN client on your OpenWrt router.

TP-Link TL-WR841N router with OpenWrt 19.07 firmware was taken as an example. 

 

Note: To set up a WireGuard® VPN Client on your router you should install the latest OpenWrt firmware.

Important! Please note that you will need to configure your device using the generated settings by yourself at your own risk.

 

I. Get manual configurations for your OpenWrt router

 

1. Sign in to your User Office, select the VPN Unlimited® application, and click Manage.

2. Pick a device from the list or create a new one. Then choose the appropriate location of the Server and select the WireGuard® protocol from the dropdown menu. 

3. Press Generate and you will get all the data required to set up a VPN connection.

II. Configure WireGuard® VPN Client on your OpenWrt router

 

1. Install the Wireguard® packages

 

1. Connect your device to the OpenWrt router and type the IP-address of the admin panel in the address line of the browser. The default IP-address of the router is 192.168.1.1.

2. Go to the System > Software.

3. Press Update Lists and wait for a moment. Scroll down the page and press Dismiss.

4. Paste luci-i18n-wireguard-en in the Search field and press Install.

5. Click Install. Scroll down the page and press Dismiss.

6. Go to the Installed tab, print wireguard in the Search field, and check if the following packages were successfully installed: 

  • wireguard-tools
  • kmod-wireguard
  • luci-app-wireguard
  • luci-i18n-wireguard-en
  • luci-proto-wireguard

2. Create the WireGuard® interface

 

1. Go to the Network tab > Interfaces > Add New Interface

2. Set it’s custom name, for example VPNUnlimited and choose the Wireguard® protocol. Press Create Interface.

3. Select General Settings and paste the details of the manual configuration settings you’ve generated before:

  • PrivateKey = paste the PrivateKey from your User Office 
  • ListenPort =  paste the ListenPort details
  • IP Addresses = paste Address information and press +

4. Go to the Peers tab and add the following details: 

  • PublicKey = paste PublicKey from the User Office
  • PresharedKey = paste PresharedKey details
  • AllowedIPs = paste two AllowedIPs which are separated by a comma and press +
  • Endpoint Host = paste Endpoint information before the colon sign
  • Endpoint Port = paste Endpoint information after the colon sign
  • Persistent Keep Alive = paste PersistentKeepalive from the User Office

5. Select the Firewall Settings tab. For Create / Assign firewall-zone, select WAN and press Save.

6. Press Save & Apply.

3. Add Static DNS server

 

1. Go to the Interface tab > WAN > click Edit > select Advanced Settings tab. Uncheck the Use DNS servers advertised by Peers option, paste the DNS details from the User Office, and press + sign.

2. Click Save.

3. Press Save & Apply

That's it. Now you have a VPN connection running through the WireGuard® VPN protocol.

If you have other questions or comments, feel free to contact our customer support team at [email protected].

 

“WireGuard” is a registered trademark of Jason A. Donenfeld.