From DD-WRT Wiki

(Difference between revisions)
Jump to: navigation, search
Revision as of 21:17, 18 July 2018 (edit)
Liverpoolatnight (Talk | contribs)
(Methord 2 - If Double NATed (DONT USE, WIP))
← Previous diff
Revision as of 21:54, 18 July 2018 (edit) (undo)
Liverpoolatnight (Talk | contribs)

Next diff →
Line 25: Line 25:
*[http://svn.dd-wrt.com/ticket/6219 show private key in gui] - Done *[http://svn.dd-wrt.com/ticket/6219 show private key in gui] - Done
*[http://svn.dd-wrt.com//ticket/6217#comment:1 add option to set a DNS in gui] *[http://svn.dd-wrt.com//ticket/6217#comment:1 add option to set a DNS in gui]
-=Methord 2 - If Double NATed (DONT USE, WIP)= 
- wg set oet1 fwmark 51820 
- # This sets the Firewall Mark of the wireguard interface called oet1 to 51820 
- # 51820 is attached to outgoing packets and can be used in firewall rules 
- # SSH into the Router and use wg to see it applyed. 
- ip route add dev oet1 table 51820 
- ip rule add not fwmark 51820 table 51820 
=Reference= =Reference=
Line 40: Line 31:
[https://lists.zx2c4.com/mailman/listinfo/wireguard/ WireGuard Mailing Lists]<br> [https://lists.zx2c4.com/mailman/listinfo/wireguard/ WireGuard Mailing Lists]<br>
[https://svn.dd-wrt.com/search?q=wireguard&noquickjump=1&changeset=on DD-WRT SVN Changesets]<br> [https://svn.dd-wrt.com/search?q=wireguard&noquickjump=1&changeset=on DD-WRT SVN Changesets]<br>
-[https://www.dd-wrt.com/phpBB2/viewtopic.php?t=312522 Forum thread, Broadcom]<br>+[https://www.dd-wrt.com/phpBB2/viewtopic.php?t=312522 Forum]<br>
-[https://www.dd-wrt.com/phpBB2/viewtopic.php?t=315874 Forum thread, Atheros]<br>+ 
[[VPN|Virtual Private Network (VPN)]] (DD-WRT wiki) [[VPN|Virtual Private Network (VPN)]] (DD-WRT wiki)
[[Category:Tunneling]] [[Category:Tunneling]]

Revision as of 21:54, 18 July 2018

"WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it plans to be cross-platform and widely deployable. It is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and simplest VPN solution in the industry."[1]


How it works

Quick Start (from the developer site)

Firewall rules

Add firewall rules to successfully communicate through the tunnel on each unit:

#for reaching the unit in/out
iptables -I INPUT -i oet1 -j ACCEPT
iptables -I OUTPUT -o oet1 -j ACCEPT
#for forwarding packets to the networks behind in/out
iptables -I FORWARD -i oet1 -j ACCEPT
iptables -I FORWARD -o oet1 -j ACCEPT	

Also set routes for the networks to reach:

#to connect and via put on the gateway
route add -net gw

This firewall functionality may eventually get integrated into DD-WRT. SVN tickets:


Conceptual Overview
Git Repository
WireGuard Mailing Lists
DD-WRT SVN Changesets

Virtual Private Network (VPN) (DD-WRT wiki)