Jump to content
TorGuard
  • 0
Morpheus

Wireguard - R7000 - DD-WRT - ANYONE Successfully Install?

Rate this question

Question

Morpheus

DD-WRT Version: DD-WRT v3.0-r36070M kongac (05/31/18)

I have OpenVP working for several years with no problems. I quit updating DD-WRT a couple of years ago when I finally landed on a stable version.

I'm not sure weather I need to upgrade to the latest DD-WRT, but I understand Kong is no longer programming. If so where can I get the latest and greatest stable version if I need to upgrade?

All I did previously was install the DD-WRT firmware on my R7000 router and configure.

I've been told by support to reset DD-WRT to factory defaults and configure for Wireguard using the online generator.

I haven't done anything yet because I don't see a Wireguard option in DD-WRT. I believe I should see the option in Settings/Tunnels, but it is not there.

Will the option for Wireguard become available after preforming a factory reset?

It seems to me that there should be a guide out there for those that would like to upgrade from OpenVPN to Wireguard using DD-WRT.  

Share this post


Link to post
Share on other sites

Recommended Posts

  • 0
Redback813
12 minutes ago, Morpheus said:

If you have successfully got Wireguard to work on DD-WRT, can you post a screen shot of your Wireguard configuration, just obscure the keys.

I'm guessing that I can just disable the OpenVPN connection. Also I have the kill switch and port forwarding in the Firewall. Not sure if I should remove them?   

 

 

Similar setup with killswitch that works with OPVN only and works well, port forwarding under NAT / QoS section only don't forget DD-WRT comes with preconfigured firewall.

Share this post


Link to post
Share on other sites
  • 0
Redback813
13 minutes ago, 19807409 said:

If you want to use the method which torguard app uses, then it is to use their api, explained here: https://github.com/TorGuard/openwrt-scripts#torguards-wireguard-api-v1

173.244.200.119 is new york wireguard server. You need to have created already your private/public keys with wireguard, doesnt matter on which pc or how you get them, considering your public key would be: AAAABBBBCCCCDDDDEEEEFFFFGGGGHHHHIIIIJJJJLLL=

then type in your browser

 

https://173.244.200.119:1443/api/v1/setup?public-key=AAAABBBBCCCCDDDDEEEEFFFFGGGGHHHHIIIIJJJJLLL=

 

You will be then asked for your torguard credentials which you have to enter, you can save it in your password manager too as well save it as bookmarks for later usage if it expires.

You can pass your credentials also directly in the URL, like here:

 

https://User1:[email protected]:1443/api/v1/setup?public-key=AAAABBBBCCCCDDDDEEEEFFFFGGGGHHHHIIIIJJJJLLL=

 

If you want to find all servers, install TorGuard and check their latest json file, here is the one which I used for configs. You need to use IP instead of the URL, to find out which IP's are used for that country/URL, you can run, as example for New York:

 

nslookup us-ny.torguard.org

 

Then use any of those IP's for your your API request. After the moment you have created this request, it is valid for 15 minutes, if you disconnect for longer than 15 minutes, you will have to create new config by simply reopening your API URL, quite easy for mobile phones and other devices.

If you then want to get the fastest of those IP's you can run ping checks and choose the fastest, that question was quite popular here on this forum which everybody actually could perform during their init scripts.

I really do not believe that is is faster and easier to go to torguard, login there with 2fa and captcha, then navigate to the config tool where you might get asked for additional captcha or even logged out, well, adding API URL above is much simpler and you do not need captcha nor 2fa, kinda 100% friendly.

If you want to check it, install official TorGuard client, debug it and you will see that it works exactly that way.

 

I have Torguard install on the desktop and mobile with no issue, just wish to play around on the router.

Share this post


Link to post
Share on other sites
  • 0
19807409
4 minutes ago, Redback813 said:

I have Torguard install on the desktop and mobile with no issue, just wish to play around on the router.

just tried to point out as by reading in different threads I get the feeling that users are confused, having a tool is great and a must, but then you have users who actually claimed how unfriendly captcha's can be etc.., api makes it easier, especially if you run it with a servers that requires api usage, you will probably not want to login and edit your files manually each time you reboot, something like install script which I wrote can be used lets say as a cron job or on each reboot or even on each postup/postdown processes, letting you use your router without any hassle around to reconfigure it in case that it expires.

However, you are not that far to test the API, better download the configs for wireguard servers on your account, which do not expire.

In my guide about openwrt I did not mention a lot things as it would be to much for one guide, one of them would be that my wireguard router is not a dhcp server nor a dns server, to make wireguard work properly, your clients need to know the route to your gateway as well as to your dns, you do it easily in openwrt in passing dhcp options 3, gatewayip 6, dns1,dns2 . If you do have conflicts with your local DNS, then use those DNS servers provided by API instead, however, torguards config is universal and uses cloudflares 1.1.1.1.

By that, you have everything that you need:

1. config files

2. dd-wrt with wireguard

3. information of how it works

Like I said once, I could write you here commands which I believe would be correct, but without to test them, I find it quite useless to tell you commands about which I have no clue if they really work. There are plenty of URLs which duckduckgo throws out: https://duckduckgo.com/?t=canonical&q=wireguard+client+on+dd-wrt&ia=web

https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1152435

https://wiki.dd-wrt.com/wiki/index.php/Wireguard

https://wiki.dd-wrt.com/wiki/index.php/The_Easiest_Tunnel_Ever

https://techiedoodah.com/how-to-configure-your-dd-wrt-wireguard-vpn/

https://www.vpnunlimitedapp.com/help/manuals/dd-wrt-wireguard-setup

 

If I look as example at this: https://techiedoodah.com/how-to-configure-your-dd-wrt-wireguard-vpn/

then it is quite straight clear, just copy the info from your configs.

 

After you have set it successfully, then, if you want to use API, you will have only to change your public key and IP's, considering you use 1.1.1.1 and 1.0.0.1 as your DNS, you will even not need to change DNS.

Share this post


Link to post
Share on other sites
  • 0
Morpheus

OK, so I open DD-WRT and go to Tunnels. I then I Enable the tunnel, select Wireguard as the type, and then add a Peer.

Pic1.thumb.jpg.875d70383eaf66372112fa842deb67e0.jpg

 

Now I go to the config generator. I select Wireguard as my VPN Tunnel Type, I then insert the IP Address that I'm using in OpenVPN (maybe this is where I'm making the mistake), I insert my authentication, and click on the Generate Config button.

# TorGuard WireGuard Config
[Interface]
PrivateKey = REDACTED KEY 1
ListenPort = 51820
DNS = 1.1.1.1
Address = 10.13.68.241/24

[Peer]
PublicKey =
AllowedIPs = 0.0.0.0/0
Endpoint = REDACTED-IP:1443
PersistentKeepalive = 25

There is a little confusion in t5he above because the generator pushes out two windows of configuration, Interface, and Peer. Some of the Interface stuff goes in the Peer on the DD-WRT Wireguard configuration.

I now go to the Wireguard configuration in DD-WRT and insert the information from the config generator shown below.

Pic2.thumb.jpg.f4308bf1506718a8253239f34db90a2b.jpg

I'm not sure what else needs to be done. The config Generator makes it confusing for inserting the information. I know if you are offline over 15 minutes you have to get a new Key, and the IP Address changes.

Share this post


Link to post
Share on other sites
  • 0
James8078

Dd wrt and wireguard work perfectly. 

No problen

Share this post


Link to post
Share on other sites
  • 0
James8078
2 minutes ago, Morpheus said:

OK, so I open DD-WRT and go to Tunnels. I then I Enable the tunnel, select Wireguard as the type, and then add a Peer.

Pic1.thumb.jpg.875d70383eaf66372112fa842deb67e0.jpg

 

Now I go to the config generator. I select Wireguard as my VPN Tunnel Type, I then insert the IP Address that I'm using in OpenVPN (maybe this is where I'm making the mistake), I insert my authentication, and click on the Generate Config button.

# TorGuard WireGuard Config
[Interface]
PrivateKey = REDACTED KEY 1
ListenPort = 51820
DNS = 1.1.1.1
Address = 10.13.68.241/24

[Peer]
PublicKey =
AllowedIPs = 0.0.0.0/0
Endpoint = REDACTED-IP:1443
PersistentKeepalive = 25

There is a little confusion in t5he above because the generator pushes out two windows of configuration, Interface, and Peer. Some of the Interface stuff goes in the Peer on the DD-WRT Wireguard configuration.

I now go to the Wireguard configuration in DD-WRT and insert the information from the config generator shown below.

Pic2.thumb.jpg.f4308bf1506718a8253239f34db90a2b.jpg

I'm not sure what else needs to be done. The config Generator makes it confusing for inserting the information. I know if you are offline over 15 minutes you have to get a new Key, and the IP Address changes.

I can help you , I tried and tested some dd wrt / wireguard build test.

For many routers..

 

 

Share this post


Link to post
Share on other sites
  • 0
Morpheus
19 minutes ago, James8078 said:

Dd wrt and wireguard work perfectly. 

No problen

 

Ok, so I use the config Generator, create a Wireguard tunnel and peer, and put in all the information into the the Wireguard Tunnel and Peer as I did in my reply. That is all I need to do?

It does connect but none of my traffic is going through the VPN.

Share this post


Link to post
Share on other sites
  • 0
19807409
40 minutes ago, Morpheus said:

I now go to the Wireguard configuration in DD-WRT and insert the information from the config generator shown below.

 

I wouldn't be sure about mtu setting 1460, as it may differ from user to user what the best value is, not sure what happens if you leave it empty (or if dd-wrt allows you to keep it empty), default one for wireguard would be 1420.

@Morpheus

Here is how you set it on openwrt in web interface:

1. grafik.png

2. grafik.png

3. If you have no private key, you can click on "Generate key" and it will be pasted automatically into your private key (that is in case you use API, if you use non expiring, then this is the private key from [Interface] Privatekey.). In the screenshot below the fields are red because I left comments: grafik.png

Here without invalid comments: grafik.png

4. Click on tab advanced settings, here you can leave everything empty if you do not know what for they are, in my screenshot I do not use IPv6: grafik.png

5. Click on tab "Firewall settings" and set wg0 to be in WAN zone: grafik.png

6. Click on peers and add a peer: grafik.png, then add peer info, which in your config is to be found under [Peer]: grafik.png

In last screenshot is a typo in Persistent Keep Alive, I wrote 26 seconds in my screenshot, where if you are behind the nat, like the info tells, recommended value is 25.

Share this post


Link to post
Share on other sites
  • 0
19807409
15 minutes ago, Morpheus said:

It does connect but none of my traffic is going through the VPN.

Check if all routes are set properly and if it really is connected, run

wg show wg0

considered that wg0 is your wireguard interface. This show you something like this:

wg0
public key: *******************************************************=
private key: (hidden)
listening port: 62105
peer: **************************************************************=
endpoint: xxx.xxx.xxx.xxx:1443
allowed ips: 0.0.0.0/0
latest handshake: 1 minute, 23 seconds ago
transfer: 187.29 GiB received, 1.79 GiB sent
persistent keepalive: every 15 seconds

Also, make sure that your clients your wireguard knows the route to your gateway.

If there is no handshake, then you are not connected.

Share this post


Link to post
Share on other sites
  • 0
James8078
12 hours ago, Morpheus said:

 

Ok, so I use the config Generator, create a Wireguard tunnel and peer, and put in all the information into the the Wireguard Tunnel and Peer as I did in my reply. That is all I need to do?

It does connect but none of my traffic is going through the VPN.

Send me your config  at [email protected]

Share this post


Link to post
Share on other sites
  • 0
James8078

ive just tested the conf generator with wireguard on dd wrt, no problem , works perfectly

Share this post


Link to post
Share on other sites
  • 0
Morpheus
14 minutes ago, James8078 said:

ive just tested the conf generator with wireguard on dd wrt, no problem , works perfectly

Ok, so I'm guessing you added a new Wireguard tunnel, and created a Peer, correct?

There are two "Ethernet and IP Tunneling" listed, "Tunnel oet1", and "Tunnel oet2"

I used "Tunnel oet1" to create my Wireguard tunnel and Peer. 

Below is my config. I have a dedicated IP

# TorGuard WireGuard Config
[Interface]
PrivateKey = PRIVATE_KEY
ListenPort = 51820
DNS = 1.1.1.1
Address = 10.13.48.97/24

[Peer]
PublicKey = PUBLIC_KEY
AllowedIPs = 0.0.0.0/0
Endpoint = DEDICATED_IP:1443
PersistentKeepalive = 25

In the "Address = 10.13.48.97/24", what did you do with the /24 subnet?

In the "DNS = 1.1.1.1", did you use 1.1.1.1

I'm assuming that after creating the Wiregiuard tunnel and the Peer, you are only adding the options from the generated config, correct?

Where exactly in "Tunnel oet1", and "Peer" are you adding the OPTION = ???????

Are you creating the "Local Public Key" before inserting the PRIVATE_KEY ?

Are you using a dedicated IP?

Share this post


Link to post
Share on other sites
  • 0
James8078
44 minutes ago, Morpheus said:

Ok, so I'm guessing you added a new Wireguard tunnel, and created a Peer, correct?

There are two "Ethernet and IP Tunneling" listed, "Tunnel oet1", and "Tunnel oet2"

I used "Tunnel oet1" to create my Wireguard tunnel and Peer. 

Below is my config. I have a dedicated IP

# TorGuard WireGuard Config
[I

Are you using a dedicated IP?

first, if you re using dedicated ip, a lot of chances your that your connection does not work, dedicated ip is not completely compatible with wireguard yet. I know some usa ips are....

Share this post


Link to post
Share on other sites
  • 0
Redback813
3 hours ago, James8078 said:

first, if you re using dedicated ip, a lot of chances your that your connection does not work, dedicated ip is not completely compatible with wireguard yet. I know some usa ips are....

 

I'm guessing your talking about the Torguard dedicated IP and not the router, since I have the Torguard dynamic IP and it still fails, you would think that DD-WRT programmers would have an import section for the wireguard to make thing easy but alias no. I can get the latest latest handshake in wireguard but no transfer. And I have read up on this topic to no avail.

Share this post


Link to post
Share on other sites
  • 0
Morpheus
11 hours ago, Redback813 said:

 

I'm guessing your talking about the Torguard dedicated IP and not the router, since I have the Torguard dynamic IP and it still fails, you would think that DD-WRT programmers would have an import section for the wireguard to make thing easy but alias no. I can get the latest latest handshake in wireguard but no transfer. And I have read up on this topic to no avail.

I also have the handshake but nothing going through the VPN. I will retry again not using my dedicated IP.

I talked to support at Torguard and they told me that there was a guide created on how to install Torguard on DD-WRT, but they were working on a config generator. I have yet to see the guide :( 

Share this post


Link to post
Share on other sites
  • 0
19807409
40 minutes ago, Morpheus said:

also have the handshake but nothing going through the VPN. I will retry again not using my dedicated IP.

I talked to support at Torguard and they told me that there was a guide created on how to install Torguard on DD-WRT, but they were working on a config generator. I have yet to see the guide :( 

I do find it in the meantime funny. I actually told you already why nothing goes through VPN and how to fix it.

The way you try to connect was not meant to be used that way, it is just users who found out that they can do it.

Once again, your vpn and your clients need to know the gateway and routes are normally set automatically, there is postup and postdown commands if you need additional configuration for your firewall.

TorGuard works with wireguard, it then does not matter if you run DD-Wrt, OpenWrt or a pc or any other device for which wireguard is available.

Probably you should better wait for official TorGuard release in supporting all of this as you neither want to try out working solutions nor you could deliver one working with DD-WRT.

Also, you for some reason you want to enforce to get it work with the config, where in fact, you have never established successful connection so that you can surf. Once again, make it first work with wireguard servers where you do not need the API and can downlaod the configs. If everything works, then get the info with the API (or config gen) and replace the values in it. Do not forget that your devices need to know where your gateway is, you pass it normally with dhcp : 3, yourgatewayip and set your dns: 6, 1.1.1.1,1.0.0.1 .

Share this post


Link to post
Share on other sites
  • 0
19807409
16 hours ago, James8078 said:

first, if you re using dedicated ip, a lot of chances your that your connection does not work, dedicated ip is not completely compatible with wireguard yet. I know some usa ips are....

This does not need to depend on chances. Login to your account and there you see your dedicated servers where on the right side there is a dropdown menu where if wireguard is enabled on that server, you will be able to choose wireguard. If it is not available, you will not be able to choose wireguard and therefore it can not be used with wireguard until torguard rolls wireguard on those servers out.

Share this post


Link to post
Share on other sites
  • 0
James8078
6 hours ago, Morpheus said:

I also have the handshake but nothing going through the VPN. I will retry again not using my dedicated IP.

I talked to support at Torguard and they told me that there was a guide created on how to install Torguard on DD-WRT, but they were working on a config generator. I have yet to see the guide :( 

i have the guide and I wrote the steps to torguard helpdesk  5 months ago about dd wrt.

please write me to [email protected]

I will send you infos

Share this post


Link to post
Share on other sites
  • 0
Redback813
6 hours ago, 19807409 said:

I do find it in the meantime funny. I actually told you already why nothing goes through VPN and how to fix it.

The way you try to connect was not meant to be used that way, it is just users who found out that they can do it.

Once again, your vpn and your clients need to know the gateway and routes are normally set automatically, there is postup and postdown commands if you need additional configuration for your firewall.

TorGuard works with wireguard, it then does not matter if you run DD-Wrt, OpenWrt or a pc or any other device for which wireguard is available.

Probably you should better wait for official TorGuard release in supporting all of this as you neither want to try out working solutions nor you could deliver one working with DD-WRT.

Also, you for some reason you want to enforce to get it work with the config, where in fact, you have never established successful connection so that you can surf. Once again, make it first work with wireguard servers where you do not need the API and can downlaod the configs. If everything works, then get the info with the API (or config gen) and replace the values in it. Do not forget that your devices need to know where your gateway is, you pass it normally with dhcp : 3, yourgatewayip and set your dns: 6, 1.1.1.1,1.0.0.1 .

 

I read some material from DD-WRT forum as they have several way to config the wireguard written by egc but that's no go either, hey you never learn if you never try, even if it is both frustrating or fun, I did learn thing after all, isn't that the purposes after all. As to the speed demon this program should be, I did not see real world speeds like some people are pumping out, personally, reality hit home.

Cheers

Cheers

Share this post


Link to post
Share on other sites
  • 0
Redback813
7 hours ago, Morpheus said:

I also have the handshake but nothing going through the VPN. I will retry again not using my dedicated IP.

I talked to support at Torguard and they told me that there was a guide created on how to install Torguard on DD-WRT, but they were working on a config generator. I have yet to see the guide :( 

 

"config generator" Strange that they would say that since they have one under the user account.

 

Share this post


Link to post
Share on other sites
  • 0
Redback813
1 hour ago, James8078 said:

i have the guide and I wrote the steps to torguard helpdesk  5 months ago about dd wrt.

please write me to [email protected]

I will send you infos

 

[email protected] cannot receive messages.

Share this post


Link to post
Share on other sites
  • 0
19807409
1 hour ago, Redback813 said:

I read some material from DD-WRT forum as they have several way to config the wireguard written by egc but that's no go either, hey you never learn if you never try, even if it is both frustrating or fun, I did learn thing after all, isn't that the purposes after all. As to the speed demon this program should be, I did not see real world speeds like some people are pumping out, personally, reality hit home.

I agree, it is the nature of humans to explore unknown :), but from experience, you never should come to a point that something frustrates you as it is always contra productive, mostly staying calm, focused and concentrated does the job. Last router on which I used ddwrt was linksys 54gl which was quite famous and got stable version, but already that many years ago it did not offer me everything which I required, I had to explore openwrt which btw was much more complicated back then than today. Bricking routers was funny too as long as I did not care, but few I really felt bad to destroy as they were quite expensive. But all of this became past for me where time restriction kicked in, job, kids, ..., so, you dont really have time for many experiments but appreciate if something is working in stable way.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...