WireGuard (client) Setup guide (commercial providers)

Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Forum Index -> Advanced Networking
Author Message
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 6626
Location: Netherlands

PostPosted: Fri May 01, 2020 15:52    Post subject: WireGuard (client) Setup guide (commercial providers) Reply with quote
WireGuard (client) setup guide

You can only see and download the WireGuard setup guide below if you are logged in!

This guide covers the setup of a WireGuard client to a commercial WireGuard VPN Provider.

Set up of WireGuard as a server(i.e. for connecting to your home from outside) is covered here: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=322206 .

Advanced WireGuard setup: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324787

WireGuard is a BETA/WIP open-source VPN solution written in C by Jason Donenfeld and others, aiming to fix many of the problems that have plagued other modern server-to-server VPN offerings like IPSec/IKEv2, OpenVPN, or L2TP.
It can be seen as a replacement for OpenVPN although it does not have the versatility, possibilities and track record of OpenVPN.
However, it has two advantages over OpenVPN, it is much faster especially on lower-spec hardware such as Soho routers (my own R7800 goes from 90 Mb/s on OpenVPN to 240 Mb/s with Wireguard) and is easy to setup if you know how, but it is not yet mature and there are sometimes frustrating hiccups.

What makes it so much faster then OpenVPN is not the cryptography, this is more or less the same (use of PKI to calculate/exchange a key with PFS for symmetric encryption). It is the fact that all is done in Kernel space while OpenVPN has to constantly switch between User and Kernel space.
Inherently the executing in Kernel space is less secure, if security is broken than you are compromised big time.
Another disadvantage is that it only supports static routing, so if you use WireGuard to connect to a commercial VPN provider (Mullvad is one of them) they keep track of your IP address. Mullvad implements some NAT'ting and is not tracking your IP address but still it is more insecure then OpenVPN.
Other providers also take measures to counter this problem ( https://www.azirevpn.com/docs/security ) but be sure to look into it.


To work with this guide you need a DDWRT build of 43045 or higher (see: https://svn.dd-wrt.com/changeset/43029 )

I will try to keep the guide updated, but your help, remarks and recommendations are crucial in getting this done so please notify me of any errors or inconsistencies or other things which are noteworthy.

_________________
Routers:Netgear R7800, R6400v1, R6400v2, Linksys EA8500, EA6900 (XvortexCFE), E2000 (converted WRT320N), WRT54GS v1.
OpenVPN Policy Based Routing: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Wireguard Server setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1183135
Wireguard Client setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324624
Wireguard Advanced setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324787
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087


Last edited by egc on Sun Nov 29, 2020 9:13; edited 16 times in total
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 6626
Location: Netherlands

PostPosted: Fri May 01, 2020 15:53    Post subject: WireGuard Watchdog script Reply with quote
Attached a WireGuard watchdog script which will restart WireGuard or reboot the router if the connection is lost.

WireGuard has robust roaming (from client and server side) so normally you should not need this at all.

There could be special circumstances (e.g.: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=326767&postdays=0&postorder=asc&start=0 ) where it could be useful.

You need permanent storage e.g. jffs/usb to use the script.

Setup instructions are in the script.

You can only see and download the WireGuard watchdog script below if you are logged in!

_________________
Routers:Netgear R7800, R6400v1, R6400v2, Linksys EA8500, EA6900 (XvortexCFE), E2000 (converted WRT320N), WRT54GS v1.
OpenVPN Policy Based Routing: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Wireguard Server setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1183135
Wireguard Client setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324624
Wireguard Advanced setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324787
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087


Last edited by egc on Tue Nov 17, 2020 11:00; edited 2 times in total
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 6626
Location: Netherlands

PostPosted: Fri May 01, 2020 15:54    Post subject: Reply with quote
for future use
_________________
Routers:Netgear R7800, R6400v1, R6400v2, Linksys EA8500, EA6900 (XvortexCFE), E2000 (converted WRT320N), WRT54GS v1.
OpenVPN Policy Based Routing: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Wireguard Server setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1183135
Wireguard Client setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324624
Wireguard Advanced setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324787
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Display posts from previous:    Page 1 of 1
Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum