Jump to content
TorGuard
  • 0

Torguard + Wireguard + DD-WRT

Rate this question


Redback813

Question

Redback813

I would like torguard operating from the DD-WRT router through wireguard and not openvpn given that the openvpn is both resource and CPU intensive. There are plenty of articles on how to setup a wireguard on a router but without the proper configuration procedure it next to impossible to setup the wireguard so when do does Torguard think they will have the configuration setup method ready for those who wish to run VPN system from their routers as oppose to desktop.

Link to post
Share on other sites

12 answers to this question

Recommended Posts

  • 0
19807409

hello, there are indeed already now many guides about wireguard. Most of them have to be split into basic usage which involves simply steps for proper installation. By that, it actually does not matter which device, os or architecture you use as long as wireguard is available for that architecture.

I do see that you specifically ask about DD-WRT as you are probably already have it installed, I do not use dd-wrt, but anoher wrt, openwrt. If you run dd-wrt your device is probably compatible with openwrt. Then you can simply download stable image, install with opkg any package that you need. There is also snapshot (latest/current version, unstable) which in fact gives you ability to customizte it in a way you want.

in openwrt, if you use web interface, then install wireguard app withy:

	opkg update
	opkog install luci-app-wireguard
	

that is it, now create new interface, choose Wireguard then configure the interface. From there on you simply put settings from your torguard config into those fields. When you add torguard peer, you can add 0.0.0.0/0 to allowed addresses and mark checboxs to route all allowed clients. That would snd whole WAN traffic over torguards wireguard.

Next, add another peer (yourself) or additional wireguard interface, I would assume that torguard one is added to wan zone and with your own server you would like to have access to your local network as well as you would like to use even then torguard. Normally, one would do it with simply one interface , but having two does not really impact ressourcesa as well as it makes the setup simple because you do not have to deal with isolating torguard network from access to your local network.

I highly recommend to build your own openwrt image from snapshot, you can build it with kernel 5 (currently 5.4.60), when you are finished with configuring it and when everything works, create backup of your settings in luci and build your image with those settings. That would mean, that each time you do hard/soft reset of your firmware, your initial settings/setup would be those which you already have configured, sparing you a lot of time, especially if you have more than one device

What exactly will be and will not be possible to do with wireguard, we will see, now it is still unclear about few things, but one is for sure, peopel want and will use it in main line to encrypt their outer communication, not many do encrypt internal network communication.

As I speak about number, here are some of old device, test from local network within the network:

iperf3: 220Mbits max

wan over tg: 80Mbits

wg client over wiregiard from internet: 30Mbits

iperf3 from local net to wg interface: 80Mbits

The conclusion is that this specific device can reach 80Mbits max. with wireguard, regardless if you use torgaurd or any other. 30Mbits value fro the client has simply to do with max upload speed of the ISP, which is actually 30Mbits, and your router sending data to you is upload which is maxed at 30Mbits.

I maybe will write some guide for torguard how to build openwrt images, but knowing that if you need to cover bright range of router models, then you will probably pickup openwrt and build with image builder and that gives torguard great ability to create their own version of openwrt, I already did write it years ago but never published, I lacked on time to do it back then which included openvpn app which was capable of updating automatically server lists and could use several connections at the same time.

Currently, if torguard would build own version, they actually would simply require to include luci-app-openvpn and luci-app-wireguard as well maybe other protocols which they offer, then add a config for them all with dummy values or emty, thats it, users then flash their router and put simply their login data.Due to the fact that torguard sells hardware with only dd-wrt, I do not believe they will be interested to make that switch for some time, but you as a user are not restricted and nobody except yourself can prevent you from building your own, just for you, by yourself customized image.

Link to post
Share on other sites
  • 0
Redback813

Thank you 19807409 for your responses.
 There is plenty to play with here and you have given me some thoughts in evaluating the merit of the O/S after so many years, I will play around with Openwrt in a VM machine to get a handle on the basic of the O/S and then play with the advanced features there after. I did play around with Openwrt some years back and found it not so user friendly and confusing to some extent. However I have invested much time into DD-WRT O/S given that the O/S now come with a builtin Wireguard program that I'll be hard press to convert to Openwrt, I do understand that both O/S do come with there Pros and Cons and I'm aware that DD-WRT has some short comings and stability issues from time to time but these a minor issue that can be solved both through Cons jobs or other means. My issue is still the Torguard configuration setup for the inbuilt Wireguard program.

Link to post
Share on other sites
  • 0
19807409

you are welcome.

Openwrt is not really more complicated than dd-wrt, both are wrt based. As I mentioned in begin, I do not know if I can help you out with dd-wrt, as the only thing I could tell you would be the config as that one should be same for any OS and working on any device. I also mentioned that I do believe you will want to stay with DD-WRT as you already have it installed, why should you waste more time to achieve same result.

I do not know how dd-wrt handles routes etc.., but in openwrt this is resolved really user friendly especially if we speak about routing beetwen wireguard clients which is kinda very important when one realizes what it means with wireguard, especially when we come to the point of sharing your VPN access, torguard currently neither can control it nor they can find out if you do it, by that leaving quite a lot free room for enthusiasts to play with. I am also not sure how torguard could restrict it by keeping no log policies, but thats why wireguard (despite officialy now being in stable stage) should not be considered by companies who use it as stable, torguard has same issue, they luckily made it available, lets see how it envelops, for now I can only see huge spike in wirguard users.

I hope you get a reply for dd-wrt, but if you tell me which router model you have, I will gladly share the config/image with you which will build it for you from snapshot with latest kernel and wireguard version, just let me know I might be not that frequent here in next few months.

 

Link to post
Share on other sites
  • 0
19807409

well, that looks good then as it is compatible with openwrt like expected.

Stable releases include always web interface (luci with httpd), snapshots do not, if you try snapshot, you will have to install luci first if you want to configure it over browser.

Is there anything else that you actually use so that I include it in image if there is enough space for it, however, you can install it all also afterwards over pkg. I will start a compilation for bcm53xx later tonight and will upload here build config, you should not trust images built by users, build it yourself then ;).

Link to post
Share on other sites
  • 0
Redback813

Question, thinking it would be best to reinstall the netgear r8000 firmware to clear all for a clean restart for Openwrt. Privoxy,  VPN, both openvpn and wireguard, Dnsmasq and unbound. Best to do everything through the browser, cleaner and easier for user. If I need to go advances then that I could later.

Cheers

Link to post
Share on other sites
  • 0
19807409

If you have dd-wrt, you do not need to revert back to original firmware from my thoughs, but please refer to this on information page, I did not have time to look up for your model. You can flash with full image from openwrt stable if you are unsure.

In the attachment is the config with which I build right now, I included you everything that you wanted, where all those applications you can configure in web browser. I included privoxy, wireguard, openvpn and ubound with dnsmasq (not dnsmasq-full).

If anything is missing you should be able to install it over web interface.

I did not include any setting, all is openwrt's default and no password is set.

I started a build of the config in the attachment and will upload the result if successfull

 

.config.zip

Link to post
Share on other sites
  • 0
Redback813

Thanks, will let you know the outcome but it will take time since Im backing the DD-WRT backup.

P.S the .config.zip is unavailable.

Cheers

Link to post
Share on other sites
  • 0
19807409

compilation completed successfully, I can not upload the image here as the size is too big, here it would be if you want to test it: https://anonymousfiles.io/JhwYXMRd/

it was built on debian, Linux dev 5.7.0-0.bpo.2-amd64 #1 SMP Debian 5.7.10-1~bpo10+1 (2020-07-30) x86_64 GNU/Linux

In the attachment are hashes and other build info like config and feets, etcfeeds.buildinfoversion.buildinfo

 

 

config.buildinfo openwrt-bcm53xx-generic.manifest sha256sums

Link to post
Share on other sites
  • 0
19807409

just before you flash it make sure that you can follow flashing procedure, however, please better build it by yourself, point of me posting a link to the image is simply that you can compare hashes in sha256sums file, point was to see if this config will compile which it does. Hope it helps you, and might be a path for other users here who were not aware of openwrt.

BTW, I included not only lui but also luci-ssl, you can access it by https. I do not know how much free space you have, you will then combine it by yourself, now you have some example config included everything that you said you require. I still hope you get reply for DD-WRT ;), but I also think that when you once switch to openwrt from dd-wrt, you will probably not come back unless it offers some better hardware support for your model.

Link to post
Share on other sites
  • 0
19807409
19 minutes ago, Redback813 said:

Thanks, will let you know the outcome but it will take time since Im backing the DD-WRT backup.

P.S the .config.zip is unavailable.

Cheers

.config is meant for openwrt building, not your dd-wrt, sorry if I confused you.

What I also said is, when you have setup your openwrt to work including wireguard etc.. then backup there your setting just like you can do with dd-wrt, and extract them into folder calles "files" in your openwrt sources folder. Those will be then included in image, meaning that after you have built it, when you restore to factory defaults those are then :) your factory defaults which you have preset with all the tools as you included them in image.

What I did not ask you as Ii do not have your router model is if you use some other access points or mesh etc.., sadly I cant know it for your device as I dont own any, but in general not all routers have all required packages installed for things like 802.11r,w,s and so on, those you normally install manually. You have to check it as well if you need it all, your router should have pretty good wlan if it is not big area that you need to cover.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...