WireGuard VPN client running on DDWRT

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Author Message
ersterhernd
DD-WRT Novice


Joined: 30 Dec 2018
Posts: 5

PostPosted: Sat Jan 05, 2019 17:50    Post subject: WireGuard VPN client running on DDWRT Reply with quote
Hello,

I have posted this information as an additional resource to the two following threads:

https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318016&sid=532d73d9879b44d65b74ca35deecca61

https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=312522&start=30&sid=52d6e075fb31df770da602e0ee487bcc

Special thanks to @Shinzu and @Pandora-Box for their posts.

I have WireGuard server running on a VPS in the USA, and 2 DDWRT routers, ASUS RT-AC68U and Netgear R7000 running as WireGuard clients on the latest Kong firmware (Sept 23/18). Many devices are using the VPN, including Chromecast, Roku, Google Home Mini, several MacOS machines, Samsung Tablets and Samsung Phones. The setup has been rock stable for several days now. The WG client routers are each on their own separate LAN subnet. My main router is also an R7000 running a recent Kong firmware, but minus the WG client software. I previously used Algo VPN client software, which was terrific and first introduced me to WireGuard last summer when TrailofBits included it in their Algo install scripts.

Server Setup

I run the minimum IPV4 instance available at Vultr. Its 20gb/1vcpu/512mb/500GB combo @ 3.50 per month is a winner. We're on 50mbit DSL about 150km from the server, we get no speed loss or packet loss whatsoever running through the WG server at such a close distance. There is zero speed/ping difference between the VPN connection and our regular ISP connection. I keep a WG base install (with all security settings in place) backup up as a snapshot, so destroying and redeploying a WG server instance is literally a 5 minute operation. At home, a couple of IP changes in the router NVRAM and everything is back up really quickly. I like that.

Just like @Pandora-Box, my WireGuard server setup was done by following the guide on the following site:

https://www.ckn.io/blog/2017/11/14/wireguard-vpn-typical-setup/



DDWRT WG Client Setup

I've been running DDWRT for over a decade, and am partial to the Kong builds. I purchase my routers based on compatibility with his releases. After reading Shinzu's post about modding the Kong firmware via the commandline to run WireGuard, I went out and purchased two compatible routers on a Boxing Day sale. I didn't want to risk compromising my main R7000, as I knew this could be a challenging and time consuming venture before all was running to plan. Besides that, I wanted WireGuard on separate deeper subnets anyway, not directly facing the internet.

The fresh out-of-the-box Netgear R7000 was chosen first for the operating table. I saw the @liverpoolatnight post on https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=312522&postdays=0&postorder=asc&start=30 (Thanks!) and noticed the 'WireGuard' option in a pulldown menu portion of the graphic that he included in the post. I decided (like @Pandora-Box) that installing the BS firmware would allow me to grab the required WG files and nvram settings directly off the router before reinstalling DDWRT with a Kong build. I kept a list of steps as I went through the process. This list may seem redundant for experienced users, but I wrote is so as even a newcomer to DDWRT may find this useful.


Netgear R7000 Wireguard Client Installation

1. Install BrainSlayer r37860 first
2. Mount /JFFS to USB storage and share it via Samba
3. Moved all required files (as per Shinzu's post) to /JFFS and grab with MacOS
4. Copiy all oet1 settings from nvram to a text file in MacOS
5. Save all files in a secure location for later use

Install Kong DDWRT on R7000

1. Flash dd-wrt.K3_R7000.chk from http://www.desipro.de/ddwrt/K3-AC-Arm/
2. Enable SSH and set RSA Authorized Key
3. SSH into root@192.168.1.1 and 'erase nvram' / Reboot
4. Flash dd-wrt.v24-K3_AC_ARM_STD.bin from http://www.desipro.de/ddwrt/K3-AC-Arm/
5. Reboot / Enable SSH / Set RSA Authorized Key
6. SSH into root@192.168.1.1 and 'erase nvram' / Reboot
7. Set up WiFi / Enable SSH / Set RSA Authorized Key

Create Linux USB Stick for external storage

1. Use a small USB stick <= 8GB
2. Follow instructions at:
https://wiki.dd-wrt.com/wiki/index.php/How_to_-_Format_and_Partition_External_Storage_Device
(Make sure to include the JFFS partition on the USB)
3. Plug USB into R7000
4. Services/USB -
enable Core USB Support / enable USB Storage Support / enable Automatic Drive Mount
5. Disk Info - /opt and swap should now both be mounted
6. Administration/JFFS2 Support - enable Internal Flash Storage / enable Clean Internal Flash Storage
7. Reboot R7000

Required Software Installation

1. SSH into R7000
2. Install Entware -
cd /opt
wget http://bin.entware.net/armv7sf-k3.2/installer/generic.sh
sh generic.sh
3. Install Nano - opkg install nano
4. Install SFTP - opkg install openssh-sftp-server
5. Test SFTP - sftp root@192.168.1.1 (SSH Authorized Key must be properly configured)

Install Wireguard Binaries & Scripts
(Please note that all Supporting Code for scripts/firewall is at the end of this post)

1. Use SSH connected to ddwrt
cd /opt/etc
mkdir wireguard
cd /jffs/etc
mkdir config
mkdir wireguard
2. Use sftp connected to ddwrt as in (5) above (using binaries stored on local filesystem)
put <local binaries folder>/wg /opt/bin/wg
put <local binaries folder>/libmnl.so /opt/lib/libmnl.so
put <local binaries folder>/libmnl.so.0 /opt/lib/libmnl.so.0
put <local binaries folder>/libmnl.so.0.2.0 /opt/lib/libmnl.so.0.2.0
put <local binaries folder>/wireguard.ko /opt/etc/wireguard/wireguard.ko
put <local binaries folder>/eop-tunnel.firewall
put <local binaries folder>/eop-tunnel.startup /jffs/etc/config/eop-tunnel.startup
put <local binaries folder>/wireguard-init.sh /jffs/etc/wireguard/wireguard-init.sh
put <local binaries folder>/wireguard-nvram.sh /jffs/etc/wireguard/wireguard-nvram.sh
put <local binaries folder>/wireguard-firewall.txt /jffs/etc/wireguard/wireguard-firewall.txt
3. SSH into ddwrt and use Nano to edit eop-tunnel.startup
cd /jffs/etc/config
nano eop-tunnel.startup
Change line 27 that says 'insmod wireguard' to 'insmod /opt/etc/wireguard/wireguard.ko'
CTRL-X and Save file
4. SSH into ddwrt and use Nano to edit wireguard-nvram.sh
cd /jffs/etc/wireguard
nano wireguard-nvram.sh
Change all variables to match the current WireGuard configuration
CTRL-X and Save file
5. Copy the content of wireguard-firewall.txt to the clipboard
6. Paste the clipboard into the DDWRT GUI Administration Commands box and Save Firewall
7. Execute the nvram script in /jffs/etc/wireguard
sh wireguard-nvram.sh
reboot
8. Execute init and route fix scripts in /jffs/etc/wireguard
sh wireguard-init.sh
wg
(Cross fingers and verify that WireGuard is running and handshake with server has occurred)


Supporting Code for Scripts and Firewall


wireguard-init.sh

Code:

#!/bin/sh
echo "Configuring WireGuard tunnel..."
nvram set oet1_en="1"
sleep 2
/jffs/etc/config/eop-tunnel.startup
sleep 2
echo "Configuring Firewall..."
/jffs/etc/config/eop-tunnel.firewall
sleep 2
echo "Modifying Route tables..."
WGSERVER=$(/usr/sbin/nvram get oet1_rem0)
WANGWY=$(/usr/sbin/nvram get wan_gateway)
/sbin/route add -host $WGSERVER gw $WANGWY dev vlan2
/sbin/route del default
/sbin/route add default dev oet1
echo "Completed WireGuard Setup."



firewall.txt (paste this into DDWRT GUI Firewall)

Code:

iptables -t nat -A POSTROUTING -j MASQUERADE
iptables -I FORWARD 1 --source 'nvram get oet1_ipaddr'/24 -j ACCEPT
iptables -t nat -A POSTROUTING -s 'nvram get oet1_ipaddr'/24 -o br0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 'nvram get oet1_ipaddr'/24 -j MASQUERADE
iptables -I FORWARD -i br0 -o oet1 -j ACCEPT
iptables -I FORWARD -i oet1 -o br0 -j ACCEPT
iptables -I FORWARD -s 'nvram get lan_ipaddr'/16 -j ACCEPT



wireguard-nvram.sh

Code:

#!/bin/sh

echo "Write variables"

# number of tunnel my case only 1
nvram set oet_tunnels="1"
# if you want to use a preshared key set 1
nvram set oet1_usepsk0="0"
nvram set oet1_txq="1"
nvram set oet1_shaper="0"
nvram set oet1_rem0="*** SERVER PUBLIC IP GOES HERE ***"
nvram set oet1_rem="192.168.90.1"
# pub key of local endpoint
nvram set oet1_public="***   CLIENT PUBLICKEY GOES HERE   ***"
nvram set oet1_pt="0"
# set here the pre shared key if you want to use one
nvram set oet1_psk0=""
# proto 2 is wireguard
nvram set oet1_proto="2"
# private key of local endpoint
nvram set oet1_private="***   CLIENT PRIVATEKEY GOES HERE   ***"
# public port where wireguard tunnel is reachable
nvram set oet1_port="51821"
# number of peers
nvram set oet1_peers="1"
nvram set oet1_peerport0="51820"
nvram set oet1_peerkey0="***   SERVER PUBLICKEY GOES HERE   ***"
# netmask of the wireguard network
nvram set oet1_netmask="255.255.255.0"
nvram set oet1_nat="1"
nvram set oet1_multicast="0"
nvram set oet1_mtu="1500"
nvram set oet1_mssfix="0"
nvram set oet1_local="0.0.0.0"
nvram set oet1_ka0="25"
nvram set oet1_isolation="0"
# ipaddress of the endpoint on the dd-wrt device
nvram set oet1_ipaddr="10.19.51.3 *** CHANGE THIS IP TO SUIT ***"
nvram set oet1_id="1"
nvram set oet1_hwaddr="00:00:00:00:00:00"
nvram set oet1_fragment="0"
nvram set oet1_endpoint0="1"
# for now leave the tunnel disabled
nvram set oet1_en="0"
nvram set oet1_dns_redirect="0"
nvram set oet1_dns_ipaddr="0.0.0.0"
nvram set oet1_comp="0"
# set bridge to 0 otherwise the iptables rules are not added
nvram set oet1_bridged="0"
# ipaddress of the peer
nvram set oet1_aip0="0.0.0.0/0"
# Commit variables
echo "Save variables to nvram"
nvram commit



This is the complete WG setup onto Kong DDWRT that worked for me. Hopefully others will find this information helpful. The WireGuard VPN has worked flawlessly for several days already connected through both routers, no additional software or settings on any client devices required. WG shows a ton of promise for DDWRT users running the hardware to support it.


Cheers!
Ersterhernd
Sponsor
liverpoolatnight
DD-WRT User


Joined: 29 May 2008
Posts: 243
Location: United Kingdom

PostPosted: Thu Feb 07, 2019 6:14    Post subject: Reply with quote
You dont need to go though all this as the DD-WRT GUI now dos the job and heres how to.

1st) Setup the WG info (see attachments, May need to login to see this)

2nd) traceroute to make sure the pockets is working correctly
Quote:
traceroute -i oet1 www.google.nl

if you see something like this

root@ddwrt:~# traceroute -i oet1 www.google.nl
traceroute to www.google.nl (216.58.206.67), 30 hops max, 38 byte packets
1 ** *** ***

something wrong with configuration

if you see something like this

root@ddwrt:~# traceroute -i oet1 www.google.nl
traceroute to www.google.nl (216.58.206.67), 30 hops max, 38 byte packets
1 172.16.0.1 12ms 14ms 11ms 13ms 13ms 12ms
2 1.1.1.1 12ms 14ms 11ms 13ms 13ms 12ms

etc, then you can add the following into the DD-WRT GUI

Go to administration > commands

Save Startup

Quote:
sleep 30
WGSERVER=$(/usr/sbin/nvram get oet1_rem0)
WANGWY=$(/usr/sbin/nvram get wan_gateway)
route add -host $WGSERVER gw $WANGWY dev vlan2
route del default
route add default dev oet1


I put in a 30 second sleep so the WAN interface has time to come up before the command executes

Save Firewall

Quote:
iptables -t nat -A POSTROUTING -j MASQUERADE
iptables -I FORWARD 1 --source 'nvram get oet1_ipaddr'/20 -j ACCEPT
iptables -t nat -A POSTROUTING -s 'nvram get oet1_ipaddr'/20 -o br0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 'nvram get oet1_ipaddr'/20 -j MASQUERADE
iptables -I FORWARD -i br0 -o oet1 -j ACCEPT
iptables -I FORWARD -i oet1 -o br0 -j ACCEPT


Reboot, then test http://zx2c4.com/ip to see if your routed to your VPS/VPN IP

also note the following

Quote:
iptables -I FORWARD 1 --source 'nvram get oet1_ipaddr'/20 -j ACCEPT
iptables -t nat -A POSTROUTING -s 'nvram get oet1_ipaddr'/20 -o br0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 'nvram get oet1_ipaddr'/20 -j MASQUERADE


Double check the CIDR subnets are correct, Im using an /20 subnet https://www.aelius.com/njh/subnet_sheet.html

using build r38581



WGClient.png
 Description:
 Filesize:  32.6 KB
 Viewed:  18121 Time(s)

WGClient.png



_________________
TP-Link TL-WDR3600 v1 [EU]: r36330 (07/16/18 )
D-Link DIR-615 D2 [EU]: r36330 (07/16/18 )
Mikrotik RB750r2 (OpenWrt 17.01.4)
EE BrightBox 1 aka A4001N (OpenWrt 17.01.4)
Sagemcom FAST@5364 (VDSL2,FTTC (Fibre to the Cabinet) Synced 65/17

Twitter: @francisuk1989
---------------------------------
Found a bug? Report it http://svn.dd-wrt.com
DD-WRT Official FB Group: https://www.facebook.com/groups/493762527744455
rainin
DD-WRT Novice


Joined: 04 Dec 2016
Posts: 8

PostPosted: Sat Feb 16, 2019 8:39    Post subject: Reply with quote
Thanks for your detailed explanation on how to get Wireguard running on DD-WRT.

Personally, for me, the wg interface handshakes correctly, traceroute also working perfectly, the only issue is that the Internet is routed through WAN IP Address instead of OET1, despite saving and implementing the required Firewall settings.

What seems to be the issue? How can I redirect all the Internet traffic to OET1 tunnel?
audia3
DD-WRT Novice


Joined: 10 Mar 2018
Posts: 41

PostPosted: Thu Mar 28, 2019 21:14    Post subject: Reply with quote
Brilliant instructions, liverpoolatnight! I finally have Wireguard working on my Asus RT-N66U! Thanks so much!
audia3
DD-WRT Novice


Joined: 10 Mar 2018
Posts: 41

PostPosted: Sun Mar 31, 2019 12:09    Post subject: Reply with quote
Thanks, eibgrad, for a very educational post. I am a complete novice when it comes to firewall rules and the ones that I used from this thread did have me scratching my head for the reasons that you have detailed.

One issue that I have been dealing with is although these settings "work" for my router when the internet is coming in through the ethernet WAN port, they do not work when I use an iPhone USB tether for internet access (iph0). I can connect to the internet when tethering, but not through the WireGuard tunnel. Your post has provided a direction for me to follow to try and sort this out.

Update -- I think the iPhone tether is not working because the startup script is running before the iPhone connection is established.


Last edited by audia3 on Mon Apr 01, 2019 13:02; edited 1 time in total
Hellakenut
DD-WRT Novice


Joined: 22 Mar 2019
Posts: 27
Location: Gamma Quadrant

PostPosted: Mon Apr 01, 2019 5:46    Post subject: Reply with quote
@eibgrad This is interesting insight. I'll be honest though, I don't fully grasp all the details of the concepts you're describing because I am new to advanced networking. I will be educating myself more about iptables/firewall rules and NAT. But your logic about the port forwarding does make sense, as I have no interest in accessing my network remotely through the tunnel. Thus, that rule should not apply to setting up a Wireguard client. However, forwarding would apply for a Wireguard server setup, correct?

I went ahead and tested your rule and it worked just fine. The results were identical to the previous block of firewall rules suggested in liverpoolatnight's guide, for my purposes at least. So not only is this simpler, but cutting out any redundancy is always a plus. And of course, none of my comments are meant to throw liverpoolatnight under the bus and undermine his efforts. I love seeing the progress being made here and this community acts in the interest to help one another. It's not like you said "you dummy, THIS is the right way" or something. Laughing

With your logic in mind, I would like your input on the firewall rules that are suggested in the DD-WRT Wireguard wiki here. Are these rules also superfluous and/or redundant?

Looking forward to your findings when you setup Wireguard yourself.

Oh, and as a final note, you mentioned that Kong builds should have the Wireguard GUI available. I can't speak for other hardware, but when I downloaded the latest K3-AC-Arm build for my EA6900 (which was about 2 weeks ago), the Wireguard GUI was NOT present. It *might* be implemented via the command line, but I personally didn't check. I switched to a Brainslayer build specifically for the Wireguard GUI natively being available.
rainin
DD-WRT Novice


Joined: 04 Dec 2016
Posts: 8

PostPosted: Mon Apr 01, 2019 20:45    Post subject: Reply with quote
audia3 wrote:
Brilliant instructions, liverpoolatnight! I finally have Wireguard working on my Asus RT-N66U! Thanks so much!


Hi Audia3, hope you're doing well. Could you please help me out in how you got the Wireguard client working? I did try liverpoolatnight's instructions above but still can't redirect all my Internet traffic to the Wireguard tunnel.

Can you please help out, possibly with screenshots of your Wireguard config? I'm using Brainslayer's build on my Netgear R7000.
Hellakenut
DD-WRT Novice


Joined: 22 Mar 2019
Posts: 27
Location: Gamma Quadrant

PostPosted: Fri Apr 05, 2019 9:11    Post subject: Reply with quote
rainin wrote:
audia3 wrote:
Brilliant instructions, liverpoolatnight! I finally have Wireguard working on my Asus RT-N66U! Thanks so much!


Hi Audia3, hope you're doing well. Could you please help me out in how you got the Wireguard client working? I did try liverpoolatnight's instructions above but still can't redirect all my Internet traffic to the Wireguard tunnel.

Can you please help out, possibly with screenshots of your Wireguard config? I'm using Brainslayer's build on my Netgear R7000.


See if audia3's post here may help you:

https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1160842#1160842

It helped me with what you're specifically trying to accomplish.
inevcr
DD-WRT Novice


Joined: 15 Sep 2016
Posts: 2

PostPosted: Fri May 03, 2019 10:42    Post subject: Reply with quote
I'm attempting to get DDWRT Wireguard working via Mullvad and I'm in the same boat as rainin it seems.

traceroute -i seems to show that traffic can be routed via the WG tunnel, however I can't figure out how to route all traffic through said tunnel.

Running the start up script manually via SSH shows that the
Code:
route add -host $WGSERVER gw $WANGWY dev vlan2

command returns the following error:
Code:
route: ioctl 0x890b failed: Network unreachable

(both WGSERVER and WANGWY are set appropriately it seems).

Any ideas what I could be doing wrong?
Cheers
inevcr
DD-WRT Novice


Joined: 15 Sep 2016
Posts: 2

PostPosted: Fri May 03, 2019 11:02    Post subject: Reply with quote
I've only now encountered Hellakenut's superb post here:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=319319&highlight=mullvad

Works perfectly! Thanks a lot Hellakenut!
jberlet
DD-WRT Novice


Joined: 14 Apr 2011
Posts: 13

PostPosted: Thu Aug 15, 2019 0:59    Post subject: eop-tunnel.startup runtime error - wireguard.ko Reply with quote
Hi,
I tried following the steps here with my Netgear R7000 router running Kong's 39960M build.

When I tried to test/run the startup script referenced here:
eop-tunnel.startup


I am getting the following output:
>>>>>>>
rmmod: eoip: No such file or directory
Invalid instance identifier br0

ip: can't find device 'oet1'
Key is not the correct length or format: `remove'
insmod: cannot insert '/jffs/lib/modules/4.4.180/wireguard.ko': unknown symbol in module
ip: RTNETLINK answers: Not supported
Unable to modify interface: Protocol not supported
Unable to modify interface: Protocol not supported
ifconfig: ioctl 0x8913 failed: No such device
Key is not the correct length or format: `<pub'
ip: can't find device 'oet1'
>>>>>>>>>>

NOTE: I do not see the oet1 interface showing in ifconfig output.

I copied/extracted the wireguard.ko from BS' 39956 build here:
https://download1.dd-wrt.com/dd-wrtv2/downloads/betas/2019/06-06-2019-r39956/netgear-r7000/

not sure if that is the issue and I have tried several different wireguard.ko but they all return that same insmod error.

I also noted that the oet1 interface does come up when issuing the ifconfig command after selecting 'RFC 3378...." Protocol Type under Setup-->Tunnels in Admin. menu (there is no Wireguard dropdown in this build still).

Thank you for any help/guidance you can provide!



J
patrickmau
DD-WRT Novice


Joined: 01 Dec 2016
Posts: 15

PostPosted: Mon Mar 23, 2020 10:57    Post subject: Reply with quote
liverpoolatnight wrote:
You dont need to go though all this as the DD-WRT GUI now dos the job and heres how to.

1st) Setup the WG info (see attachments, May need to login to see this)

2nd) traceroute to make sure the pockets is working correctly
Quote:
traceroute -i oet1 www.google.nl

if you see something like this

root@ddwrt:~# traceroute -i oet1 www.google.nl
traceroute to www.google.nl (216.58.206.67), 30 hops max, 38 byte packets
1 ** *** ***

something wrong with configuration

if you see something like this

root@ddwrt:~# traceroute -i oet1 www.google.nl
traceroute to www.google.nl (216.58.206.67), 30 hops max, 38 byte packets
1 172.16.0.1 12ms 14ms 11ms 13ms 13ms 12ms
2 1.1.1.1 12ms 14ms 11ms 13ms 13ms 12ms

etc, then you can add the following into the DD-WRT GUI

Go to administration > commands

Save Startup

Quote:
sleep 30
WGSERVER=$(/usr/sbin/nvram get oet1_rem0)
WANGWY=$(/usr/sbin/nvram get wan_gateway)
route add -host $WGSERVER gw $WANGWY dev vlan2
route del default
route add default dev oet1


I put in a 30 second sleep so the WAN interface has time to come up before the command executes

Save Firewall

Quote:
iptables -t nat -A POSTROUTING -j MASQUERADE
iptables -I FORWARD 1 --source 'nvram get oet1_ipaddr'/20 -j ACCEPT
iptables -t nat -A POSTROUTING -s 'nvram get oet1_ipaddr'/20 -o br0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 'nvram get oet1_ipaddr'/20 -j MASQUERADE
iptables -I FORWARD -i br0 -o oet1 -j ACCEPT
iptables -I FORWARD -i oet1 -o br0 -j ACCEPT


Reboot, then test http://zx2c4.com/ip to see if your routed to your VPS/VPN IP

also note the following

Quote:
iptables -I FORWARD 1 --source 'nvram get oet1_ipaddr'/20 -j ACCEPT
iptables -t nat -A POSTROUTING -s 'nvram get oet1_ipaddr'/20 -o br0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 'nvram get oet1_ipaddr'/20 -j MASQUERADE


Double check the CIDR subnets are correct, Im using an /20 subnet https://www.aelius.com/njh/subnet_sheet.html

using build r38581


Hi,
following up on this, I have a router running 2 SSIDS, one on 2.4ghz and one on 5ghz. I would like to do one of the following:

a) route all traffic from ssid my_internet_2.4 through WireGuard
b) route a specific IP Range through WG: eg. 192.168.0.110-120

Can this be done? Option b) would be fantastic, but I dont know how to configure the firewall for that.

Thank you!
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Mon Mar 23, 2020 11:31    Post subject: Reply with quote
Sure no problem, have a look at my signature (bottom of this post) for the Wireguard setup guide, in that thread also posts with scripts for policy based routing.

This post is old a lot is changed and setup is easier see the guide.

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum