[SOLVED] Wireguard - Help Configuring Client on Router

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking
Author Message
Hellakenut
DD-WRT Novice


Joined: 22 Mar 2019
Posts: 27
Location: Gamma Quadrant

PostPosted: Fri Mar 22, 2019 8:01    Post subject: [SOLVED] Wireguard - Help Configuring Client on Router Reply with quote
*I apologize in advance if this question is in the wrong forum.

I'm first going to preface this by saying I am completely new to the firmware flashing scene. A lot of info on this site honestly goes over my head and I need a good amount of it to be spoon fed to me. Thus, I'm sorry if I ask really stupid questions. Embarassed

I am currently attempting to establish a Wireguard client/tunnel on my router to route all my LAN traffic through. This is my setup:

Linksys EA6900 Router
Brainslayer build r39230 (03/19/2019)
Mullvad VPN


- Side note for the EA6900: I have mitigated the 32k bug, so we're good there.

However, I'm honestly lost on how to do this. I've searched the forum for specifics, but the results are really mixed and/or haven't been consistent (e.g. some pointers are only command lines, while others vaguely show the GUI interface). Additionally, explanations for what each setting pertains to is very unclear to me and leave loose ends that I don't know what to do with. I'll go into further detail below.

I have read through the following and am still confused on what I need to do to setup Wireguard:

https://wiki.dd-wrt.com/wiki/index.php/Wireguard

https://wiki.dd-wrt.com/wiki/index.php/The_Easiest_Tunnel_Ever

https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=312522

https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318134

To be clear, I completely understand that this info will be varied as Wireguard is still in development and isn't a fully deployed protocol yet, so obviously how-to's will vary as future DD-WRT builds are released. But at this point in time, a "for dummies" explanation on how to do this would be forever appreciated on my part. Other people have been able to get this working, so I know there's hope for me!

Alright, now let me break down the specific parts I'm lost on...

I'm loosely trying to follow Mullvad's tutorial for setting this up on a router, only they use OpenWrt instead. Now, I understand the peer portion of the setup, but what I can't figure out is how certain info translates to DD-WRT. For example, when I need to create a private/public key pair, there is a clear place to find the private key in the Wireguard settings in OpenWrt. But in DD-WRT, there's this:



Is this the equivalent to the private key field in OpenWrt? I don't know what to do with this. I was able to generate a private/public key config file on Mullvad's website using the above as a private key, but I don't know if that's what I'm supposed to be doing. I know it clearly says "Local Public Key," but when I follow Mullvad's tutorial to create a private/public key pair in the SSH terminal and try to run the curl command to fetch an IP from Mullvad, I get a "curl: (60) ssl certificate problem: unable to get local issuer certificate" error and I have no clue how to resolve it. So I'm pretty lost here.

As for the peer info, like I mentioned I understand what's being asked here and I can find this info from the generated config file and Mullvad's Wireguard server list. But again, I don't know if that info is valid since I'm not sure if my private/public key pairing is correct.

Next, there is this section in the Wireguard GUI in DD-WRT:



What do I put here? Is this asking for my router's external IP (from my ISP)? Do I leave it at default? Again, totally unsure of what to do with this.

EDIT: I previously mentioned that I didn't know where to find in the GUI to add firewall parameters. I did manage to locate it under Administration > Commands (there's a button that says "Save Firewall"). I still don't want to make any changes to iptables until I know the rest of my Wireguard setup is correct. I've already had to reset my router a few times from dinking around the WG UI.

I'm sorry if any of my questions have been covered previously or are in the links I provided. Since this is uncharted territory for me, I wouldn't be surprised if all the answers are staring dead on at me and I'm completely blind to them. I just need a good, detailed kick in the ass to make progress with this.

Let me know if I forgot to include more information. Any and all help is appreciated!


Last edited by Hellakenut on Sun Mar 31, 2019 2:49; edited 2 times in total
Sponsor
Hellakenut
DD-WRT Novice


Joined: 22 Mar 2019
Posts: 27
Location: Gamma Quadrant

PostPosted: Sun Mar 24, 2019 4:59    Post subject: Reply with quote
Bumping this to also inform that setting Wireguard up on my Android device was a breeze. Granted my phone isn't a router, but configuring the settings made perfect sense in relation to the public/private key pairing.

So there's a disconnect in DD-WRT that I'm not understanding. Neutral
Hellakenut
DD-WRT Novice


Joined: 22 Mar 2019
Posts: 27
Location: Gamma Quadrant

PostPosted: Fri Mar 29, 2019 21:18    Post subject: Reply with quote
No luck? I still haven't been able to figure this out. Sad

I did manage to find where to put firewall parameters though, so that's one less question to pile on top of my mountain of others.
audia3
DD-WRT Novice


Joined: 10 Mar 2018
Posts: 41

PostPosted: Sat Mar 30, 2019 13:33    Post subject: Reply with quote
I was able to get WireGuard working on my Asus RT-N66U, running BS r39267. My WireGuard VPN provider is IVPN, but the basics should be the same. I used the instructions that liverpoolatnight wrote in one of the threads in your post.

Quote:
For example, when I need to create a private/public key pair, there is a clear place to find the private key in the Wireguard settings in OpenWrt. But in DD-WRT, there's this:




This step creates the local public key that you need to pass on to your VPN provider (Mullvad in your case). Your VPN provider will then generate a VPN IP address. You then put that address here:
Quote:
Next, there is this section in the Wireguard GUI in DD-WRT:




You'll need to set the correct subnet mask for Mullvad. For IVPN, their instructions mention that they use a 32 CIDR subnet, so I entered 255.255.255.255 for my subnet mask. I also made sure my firewall settings reflected a 32 CIDR subnet:
Quote:

iptables -t nat -A POSTROUTING -j MASQUERADE
iptables -I FORWARD 1 --source 'nvram get oet1_ipaddr'/32 -j ACCEPT
iptables -t nat -A POSTROUTING -s 'nvram get oet1_ipaddr'/32 -o br0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 'nvram get oet1_ipaddr'/32 -j MASQUERADE
iptables -I FORWARD -i br0 -o oet1 -j ACCEPT
iptables -I FORWARD -i oet1 -o br0 -j ACCEPT


You've probably already figured out that the startup script and firewall settings should go in Administration > Commands.

Everything else should be self-explanatory. Of course the endpoint address and the peer public key will come from your VPN provider.

Good luck!
Hellakenut
DD-WRT Novice


Joined: 22 Mar 2019
Posts: 27
Location: Gamma Quadrant

PostPosted: Sun Mar 31, 2019 2:20    Post subject: Reply with quote
THANK YOU SO MUCH!


If I could reach through the screen and kiss you, I would. I KNEW I was missing something simple to get this working. As someone who's never worked with tunnel interfaces, DD-WRT, SSH/Telnet, and all the other stuff involved, I was almost ready to give up from how annoyingly vague these guides were to me. But I get it. All of the information you need is implied if you are already experienced with what's being discussed, so I understand why it comes off that way. In contrast, setting up OpenVPN was FAR easier in terms of being noob-friendly.

I got it working and my internet speeds are insanely better using Wireguard over OpenVPN. Cool

You've inspired me to make an "idiot's guide" for setting up Wireguard on DD-WRT now (with credit to you and liverpoolatnight of course). There's currently so little information on Wireguard for DD-WRT that I'd love to make a tutorial that's palatable for complete beginners.

Thank you again for your help!!
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum