WireGuard – Peer configuration

The installation of the WireGuard server was successful accomplished on the OpenWRT device. Now connect your devices, so called peers, to your WireGuard server.


Go to all articles of this series and the description of the test setup:

Test Setup
Test Setup

OpenWRT – Overview


The WireGuard peer configuration is done within the WG0 interface.

WireGuard - Peer configuration
WireGuard – Peer configuration

Got to Peers tab in WireGuard interface to add, modify or delete peers.

WireGuard - Peer configuration
WireGuard – Peer configuration

Add peer

OpenWRT Setup

WireGuard - Peer configuration
WireGuard – Peer configuration
  • Description = Name of the peer device
  • Öffentlicher Schlüssel = Public key of WireGuard peer
  • Private Key = Create private key with click on button Generate new key pair
  • Preshared Key = Optional to make the connection more secure with an additional password
  • Erlaubte IP-Adressen = IP range 10.200.250.0 - 10.200.250.250; enter in format 10.200.250.xxx/32
  • Route Allowed IPs = yes
  • Endpoint Host = empty
  • Endpoint Port = empty
  • Persistent Keep Alive = 25
  • Configuration Export = generate QR code to scan on peer device

The interface needs to be restarted to make the changes active.

WireGuard - Peer configuration
WireGuard – Peer configuration

Peer Setup – Manually

To setup the VPN on the client the WireGuard app needs to be installed on the device.

Interface Configuration

WireGuard - Peer configuration
WireGuard – Peer configuration

Peer Configuration (Peer = OpenWRT)

WireGuard - Peer configuration
WireGuard – Peer configuration
  • Name = Name of wireGuard server
  • Öffentlicher Schlüssel = Generate key pair on peer and copy public key on the WireGuard server
  • Adressen = IP address configured on WireGuard server for that peer (= Erlaubte IP-Adressen)
  • DNS-Server = IP address of Pi-hole (192.168.xxx.xxx) or OpenWRT device (192.168.35.8)
  • Öffentlicher Schlüssel = Public key of Wireguard server (see WireGuard-Status site in LuCi )
  • Endpunkt = mydomain.de:51820
  • Zulässige IPs = 0.0.0:0/0

Peer Setup – QR Code

The easiest way to setup WireGuard on a mobile device is to use QR code.

LuCi Configuration

WireGuard - Peer configuration
WireGuard – Peer configuration

QR Code

WireGuard - Peer configuration
WireGuard – Peer configuration

You need to restart the WireGuard interface to apply the configuration changes!

On the smartphone you have to edit the configuration and add

  • IP address
  • DNS server

The setup with QR code is the easiest option and less prone to typing errors.

WireGuard - Peer configuration
WireGuard – Peer configuration

Peer Setup – Client

Next to the QR code WireGuard shows the configuration in plain text.

The following example shows what you have to enter so get a handshake with the OpenWRT WireGuard.

[Interface]
PrivateKey = <the-private-key-of-the-client>
Address = 10.200.250.3/24
ListenPort = 51820
DNS = <ip-of-your-dns-server

[Peer]
PublicKey = <the-private-key-of-the-openwrt>
PresharedKey = <the-preshared>
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = mydomain.de:51820
PersistentKeepAlive = 25

See all articles of this series …

stefanstrobel - Logo

… on strobelstefan.org
Overview of all OpenWRT Articles/

© Logo material is licensed under CC0 Codeberg and the Codeberg Logo are trademarks of Codeberg e.V

… hosted on Codeberg.

https://codeberg.org/strobelstefan.org/openwrt-configuration


Gib mir gerne einen Kaffee ☕ aus!

Wenn dir meine Beiträge gefallen und geholfen haben, dann kannst du mir gerne einen Kaffee ☕ ausgeben.

PayPal Logo


liberapay.com/strobelstefan.org


Kaffee via Bitcoin

bc1qfuz93hw2fhdvfuxf6mlxlk8zdadvnktppkzqzj


Source:
– https://openwrt.org/
– https://openwrt.org/_media/docs/guide-graphic-designer/openwrt-logo-usage-guidelines.pdf

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert