WireGuard - Peer configuration

The installation of the WireGuard server was successful accomplished on the OpenWRT device. Now connect your devices, so called peers, to your WireGuard server.

Go to all articles of this series and the description of the test setup:

➡ OpenWRT – Overview

OpenWRT – WireGuard Peer Configuration
- Add peer
- Peer Setup – Client

The WireGuard peer configuration is done within the WG0 interface.

Got to Peers tab in WireGuard interface to add, modify or delete peers.

Add peer

OpenWRT Setup

Description = Name of the peer device
Öffentlicher Schlüssel = Public key of WireGuard peer
Private Key = Create private key with click on button Generate new key pair
Preshared Key = Optional to make the connection more secure with an additional password
Erlaubte IP-Adressen = IP range 10.200.250.0 - 10.200.250.250; enter in format 10.200.250.xxx/32
Route Allowed IPs = yes
Endpoint Host = empty
Endpoint Port = empty
Persistent Keep Alive = 25
Configuration Export = generate QR code to scan on peer device

The interface needs to be restarted to make the changes active.

Peer Setup – Manually

To setup the VPN on the client the WireGuard app needs to be installed on the device.

Interface Configuration

Peer Configuration (Peer = OpenWRT)

Name = Name of wireGuard server
Öffentlicher Schlüssel = Generate key pair on peer and copy public key on the WireGuard server
Adressen = IP address configured on WireGuard server for that peer (= Erlaubte IP-Adressen)
DNS-Server = IP address of Pi-hole (192.168.xxx.xxx) or OpenWRT device (192.168.35.8)
Öffentlicher Schlüssel = Public key of Wireguard server (see WireGuard-Status site in LuCi )
Endpunkt = mydomain.de:51820
Zulässige IPs = 0.0.0:0/0

Peer Setup – QR Code

The easiest way to setup WireGuard on a mobile device is to use QR code.

LuCi Configuration

QR Code

You need to restart the WireGuard interface to apply the configuration changes!

On the smartphone you have to edit the configuration and add

IP address
DNS server

The setup with QR code is the easiest option and less prone to typing errors.

Peer Setup – Client

Next to the QR code WireGuard shows the configuration in plain text.

The following example shows what you have to enter so get a handshake with the OpenWRT WireGuard.

[Interface]
PrivateKey = <the-private-key-of-the-client>
Address = 10.200.250.3/24
ListenPort = 51820
DNS = <ip-of-your-dns-server

[Peer]
PublicKey = <the-private-key-of-the-openwrt>
PresharedKey = <the-preshared>
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = mydomain.de:51820
PersistentKeepAlive = 25

See all articles of this series …

… on strobelstefan.org
➡ Overview of all OpenWRT Articles/

Gib mir gerne einen Kaffee ☕ aus!

Wenn dir meine Beiträge gefallen und geholfen haben, dann kannst du mir gerne einen Kaffee ☕ ausgeben.

Kaffee via Bitcoin

bc1qfuz93hw2fhdvfuxf6mlxlk8zdadvnktppkzqzj

Source:
– https://openwrt.org/
– https://openwrt.org/_media/docs/guide-graphic-designer/openwrt-logo-usage-guidelines.pdf

Stefan

ist absolut technik-begeistert und großer Fan von Linux und Open Source. Raspberry Pi Bastler der ersten Stunde und nach wie vor begeistert von dem kleinen Stück Hardware, auf dem er tolle Projekte umsetzt. Teilt hier seine Erfahrungen mit Nextcloud, Pi-hole, YubiKey, Synology und openmediavault und anderen spannenden IT-Themen. Nutzt Markdown und LaTeX zum Dokumentieren seiner Projekte und Gitea zum Versionieren. Sitzt vor einem 49“ Monitor, nutzt Windows und MacOS zum Arbeiten, Linux auf seinen Servern und virtuellen Maschinen und hört dabei Spotify und MP3s und Radio-Streams über seinen RadioPi.

Trinkt gerne fairen Kaffee und freut sich deshalb sehr über jede Spende.

• • bc1qfuz93hw2fhdvfuxf6mlxlk8zdadvnktppkzqzj

WireGuard – Peer configuration