Difference between revisions of "Wireguard"

wireguard has a few setup scenarios. each are unique.

windows client to owrt split tunnel

windows

this setup assumes you are using it as a traditional vpn to access resources. not to hide your ip address / internet traffic.

download, run installer, add empty tunnel

[Interface]
PrivateKey = (it should auto populate this for you)(public key is above in text field)                          
Address = (the ip you want on the vpn net/32 for one ip)

[Peer]
PublicKey = (find it on server)
AllowedIPs = (what you want to be able to connect to on vpn lan)(usually its the vpn router's ip, and then the lan range behind the router)
Endpoint = (ipaddress:port)

Optional: If you have a windows server w/dns (i.e. domain) don't use the vpn router but the windows server as the DNS. However, you may want to also add some other dns (level 4 / google) as backups. e.g.

[Interface]
PrivateKey =                        
Address = 
DNS = (windows server and the subnet should be on allowed ips, if it isn't already), 4.2.2.2, 8.8.8.8

troubleshoot that with nslookup. You might think you can avoid this and hardcode the dns in window's /etc/hosts but that won't properly resolve the domain controller. and everytime you access a domain share you have to enter a password. bad idea.

owrt

config interface 'vpn'
        option proto 'wireguard'
        option private_key
        option listen_port someport
        list addresses ipofvpnhost

config wireguard_vpn 'anyname'
        list allowed_ips 'onlyoneip/32'
        option public_key
        option route_allowed_ips '1'

only tricky thing here is you need route_allowed_ips so the client knows to look for it's specified allowedips on the vpn iface