Joined: 18 Mar 2014
|Posted: Sat Dec 05, 2020 10:22 Post subject: WireGuard guides and documentation
|Upgrading to build 44980 and over, take note
Starting with build 44980 WireGuard has had a major update and rework.
Your WireGuard settings are retained except for the IP address and Net mask of the WG tunnel.
Old builds have e.g. 10.4.0.5 with netmask 255.255.255.0, new builds will use CIDR notation e.g. 10.4.0.5/24 (this as a preparation for IPv6, and normally your provider will also use this notation)
You have to refresh your browser cache with CTRL+F5 and enable the tunnel, but as said settings should be retained except for the IP address/netmask.
The most important updates:
• Interface with Advanced option to hide advanced options and make it cleaner.
• Set DNS server with routing via tunnel
• Use CIDR notation for address/netmask so it could also work IPv6 (not tested and no routing rules)
• Upgraded PBR so to also allow things like "iif" and "from to" and if we get Kernel 4.17 or later port routing
• Firewall settings the same as for OpenVPN i.e. no extra rules for normal client behaviour (the client can initiate outbound traffic by default) and accepting new inbound traffic for server'
• Added possibilities for route-up, route down scripts and Firewall mark settings
• Added detection if there is no WAN (like in a Wireless Access Point) to set default route via the LAN
• Instead of setting a fixed wait time (35 seconds) variable wait time waiting for time server to come up
• If a route up script is present wait for usb /jffs to be accessible with is-mounted.sh utility (usr/bin/is-mounted.sh)
WireGuard client setup guide
Setup instructions to use your DDWRT router as WireGuard client.
The second post contains a watchdog script to restart WireGuard or reboot the router when a connection is lost (usually WireGuard reconnects by itself):
WireGuard server setup guide
Setup your router as WireGuard server including instructions to setup clients like phone, windows PC and other DDWRT routers, this thread also contains scripts for earlier versions of WireGuard:
WireGuard Advanced setup
examples of advanced setup like using a WAP, multiple tunnels and Bridging solution:
For questions just open a thread in the Advanced Networking forum or
Send me a Personal Mail (PM)
The Built-in PBR can be used in cases where you are using a VPN (Wireguard or OpenVPN) and want to "free" some ports or protocols from the VPN.
This can be useful if you want to port forward via the WAN to a client on your LAN which is using the VPN or use a server and client simultaneously and not wanting to use the standard PBR. See:
• Killswitch now works on a WAP. Because of the changing of the killswitch code it is recommended to check if your killswitch is still working, see page 11 of the WireGuard Client setup guide
• Status Window now adequately reflects the status of peers with the same key
• Import Tunnel/Config added. This lets you import a config file from your provider or from your own server and adds a tunnel with it.
Not perfect yet, when deleting the tunnel make sure to disable all the tunnels first, Save and Apply. then delete the tunnel, Save/Apply and then Enable the tunnels again and Save/Apply.
Alternatively reboot the router after deleting a tunnel.
Problem can be in the DNS setting of the tunnel, DNS is not moved to the new tunnel number yet. It is on the todo list.
Routers:Netgear R7800, R6400v1, R6400v2, Linksys EA8500, EA6900 (XvortexCFE), E2000 (converted WRT320N), WRT54GS v1.
WireGuard Documents & Guides:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327397
OpenVPN Documents & Guides: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327398
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087