Joined: 18 Mar 2014
|Posted: Fri May 01, 2020 15:52 Post subject: WireGuard (client) Setup guide (commercial providers)
|WireGuard (client) setup guide
You can only see and download the WireGuard setup guide below if you are logged in!
This guide covers the setup of a WireGuard client to a commercial WireGuard VPN Provider.
Set up of WireGuard as a server(i.e. for connecting to your home from outside) is covered here: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=322206 .
Advanced WireGuard setup: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324787
WireGuard is a BETA/WIP open-source VPN solution written in C by Jason Donenfeld and others, aiming to fix many of the problems that have plagued other modern server-to-server VPN offerings like IPSec/IKEv2, OpenVPN, or L2TP.
It can be seen as a replacement for OpenVPN although it does not have the versatility, possibilities and track record of OpenVPN.
However, it has two advantages over OpenVPN, it is much faster especially on lower-spec hardware such as Soho routers (my own R7800 goes from 90 Mb/s on OpenVPN to 240 Mb/s with Wireguard) and is easy to setup if you know how, but it is not yet mature and there are sometimes frustrating hiccups.
What makes it so much faster then OpenVPN is not the cryptography, this is more or less the same (use of PKI to calculate/exchange a key with PFS for symmetric encryption). It is the fact that all is done in Kernel space while OpenVPN has to constantly switch between User and Kernel space.
Inherently the executing in Kernel space is less secure, if security is broken than you are compromised big time.
Another disadvantage is that it only supports static routing, so if you use WireGuard to connect to a commercial VPN provider (Mullvad is one of them) they keep track of your IP address. Mullvad implements some NAT'ting and is not tracking your IP address but still it is more insecure then OpenVPN.
Other providers also take measures to counter this problem ( https://www.azirevpn.com/docs/security ) but be sure to look into it.
To work with this guide you need a DDWRT build of 43045 or higher (see: https://svn.dd-wrt.com/changeset/43029 )
I will try to keep the guide updated, but your help, remarks and recommendations are crucial in getting this done so please notify me of any errors or inconsistencies or other things which are noteworthy.
Routers:Netgear R7800, R6400v1, R6400v2, Linksys EA8500, EA6900 (XvortexCFE), E2000 (converted WRT320N), WRT54GS v1.
OpenVPN Policy Based Routing: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Wireguard Server setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1183135
Wireguard Client setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324624
Wireguard Advanced setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324787
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Last edited by egc on Fri Oct 30, 2020 11:42; edited 15 times in total