VPN for your Home Network with Wireguard on OpenWrt and iphone connecting to linux VPN

Nothing terrifies me more than some hacker accessing my security camera and finding out what's going on in my garden.

Love your videos Marc!
Your teaching style is superb and you have a great and fun way of explaining complex IT aspects.
Would you be interested in doing an updated version using Luci to show how to set up a home OpenWRT Wireguard server that mobile phones can connect to?

Very easy to follow. I now have a working WG server.

Does this method require public ip? Will this work if my ip is behind a cgnat?

Hello Marc, do you know if a Wireguard server could run on a dumb AP in the same network as the AP? I do get a VPN connection - peer connection shows up - but cannot ping the peer or server. Is it possible with Firewall & dnsmasq off as recommended? Thank you very much in advance!

Hi Marc, I was setting the Wireguard connection from a OpenVPN connection, but accidentally dropped all my LAN from WAN, and subsequently my OpenVPN server. I don't have SSH over WAN enabled, so I'm kind of locked out. I have access to the UDP port Wireguard uses and the Wireguard server is running on my router, I also have the public key, but couldn't add myself as a peer before being locked out. Do I have any chance of logging back in to my router? Of course I have root access, but I'm 5000 miles away from home until July, so kinda desperate. THanks!

I don't know what is happening at my end. I try several guides, posts and videos and nothing can do my WireGuard on OpenWrt works from the outside "from WAN".

Hello, how to set it up? I followed the tutorial without success. any hint where to took at? I got the following error after connection established, what could be the cause?: daemon.err miniupnpd[5290]: try_sendto(sock=8, len=409, dest=[ff02::c]:1900): sendto: Permission denied
daemon.err miniupnpd[5290]: try_sendto(sock=7, len=471, dest=239.255.255.250:1900): sendto: No such device

It's been a while I'm looking for some kind of mDNS repeater/replicator/reflector/whatever that works using Wireguard.

I have 2 routers using Site-to-Site Wireguard and DNS works fine, etc. But mDNS does not.

I was wondering if it's possible to get mDNS working so I can use some of my services on the other red. Mainly network device auto-discovery.

Not at all for all use cases, but it would be cool to play music to your Sonos speakers being in another network, just for the "being able to do it". 😂

Hi Marc, many thanks for your nice videos! I tried to follow your guide and ran the script on my Openwrt 22.03. However it does not seem to work, I do not get the same screens as you show in the video. Has anyone applied this on 22.03?

My Openwrt is behind to my ISP. Virgin media Hub 4 router, I followed you to config ure Wireguard, but it cannot handshake, how can I solve it? Thanks!

Hi, ist es möglich das tolle Video auch auf Deutsch zu machen! Ich habe eine aktuelle Version Openwrt 22.03.02 und möchte gerne per Wireguard von zu Hause auf mein weiteres Netzwerk an einem anderen Standort zugreifen. Das Script lief teilweise auf Fehler und ich habe es versucht manuell mit Hilfe diese Video anzulegen. Das klappt allerdings noch nicht.
Ich würde gerne mit einem Linux Laptop von zu Hause per wireguard auf mein System - Router zugreifen und dort auf ioBroker System zugreifen. Das wäre genial.

Very good!!! Excelente!!! Congratuletions!!!!!!

can you do the same video, but, using IPv6?

This is great! How do I easily add multiple clients?

Excellent tutorial and script. One thing worth pointing out is the line "opkg install wireguard" at the top of the script needs to be changed to "opkg install wireguard-tools" to work with the current version of OpenWRT. Otherwise, it all worked flawlessly!

Hi, I installed that package wireguard qrencode and luci-app-wireguard but the button to view the qrcode of the vpn is not there! Strange right? thank you in advance for your help.

Hi Marc, how can I know that I have enough resources for installing WG on my OpenWRT router? It is rather light router (in resources and weight :D).
TPlink TL-WR104ND v4
Openwrt 19.07.3 (but it should be upgradeable)
Load: 0.65 0.19 0.07
Memory: 27.02 MB/ 58.15 MB

You are doing God's work man. Thank you so much for this.

I'm not getting the QR code button even after installing the qrencode package. I'm on 22.03.2.

Is there a way with Wireguard to access my LAN from a friend's house who uses the same IP addresses on his LAN as I do on mine?

Wireguard простой , но очень не надёжный, даже сам линк восстанавливать не умеет.

Dear Marc,
Thanks for your videos! It help me a lot.

Could you please share information how it possibly to set up two WireGuard connections at the same time on OpenWRT. One for connecting to the home network from mobile devices, the second for outputting traffic.
Thank you!

Hi Marc, great video once again! Could you please also make a video on OpenVPN? What I'd specifically be interested in is the OpenWRT router acting as a OpenVPN client. I would then like to have an interface which is dedicated to that VPN connection to then be able to create a wifi which routes all my traffic through that VPN. This would come in handy as I would then be able to use VPN providers like NordVPN and such to have a wifi network which lets me surpass geoblocking for all devices within that network. Because what I cannot figure out is how to not route the LAN interface traffic through the VPN but only the traffic of a specific network. Do you have a video planned on OpenVPN? Thanks in advance!

As usually - very well and detailed described.
Breath of the air in learning OpenWRT world.
Spoken with so much care and attention also to small details.
Awesome - thanks again!

Marc you rock! Thank you very much. I have transitioned from a, 10 years old but trusted, SSH tunneled port forwarding configuration to wg in order to access my lan resources. It is much more convenient. You have a top class channel in here I say. Well done!

VPN is not working for me. I have one doubt and I guess it is the problem. What's the IP you added with port number in the App. You said DNS. But which DNS is that?

Hi, i have a home server which run website on it with letsencrypt + nginx. And have wireguard vpn subscription. I can connect to wireguard from the home server very simply. But my website can't be reached any more on port 443 or 80. Should forward port 443 and 80 on my server or contact the provider to let the port open? Any tutorial from you i've missed?
PS: the ports are already open in my openwrt and works fine. But not after starting the wireguard.

Thanks in Advance

Thank you! Did help to me today. Cheers!

Funktioniert leider bei mir nicht. Fritzbox 4040, OpenWrt 19.07.8

I have followed the instructions step by step, and even downloaded the script and installed it, but cannot stablish a connection.
I have revised the traffic rules, key pairs, etc, but still not get a connection, no connection in the wireguard openwrt interface, and no traffic in the mobile.

I had it running in a NAS with the ISP router redirecting UDP traffic to it. But I cannot get it working in openWR.

Hi, do I need to setup a ddns like Duckdns first and how to get it’s IP?

Hi

Thanks for the inspiration. I have an OpenSwan IPSEC tunnel today(OpenWrt) but think Wireguard looks very interesting and I plan to rebuild it during the Christmas weekend. Are there any changes in the new OpenWrt 21?

Perfect, thanks Marc! After following (and being confused by) a few different guides yours worked perfectly! It took me a while to figure out you need to restart the interface after setting up the peer, I wrongly assumed save & apply would do this.

I also had to clean up old keys and regenerate them from the interface because I had tried a couple of other methods before and made a mess.

Your channel is a treasure trove of network shenanigans, thanks again!

Hey Marc, thanks very much for your video. It works perfectly. Could you please also show what has to be done, to get internet access for the clients. I tried for more than one day but didn´t get it working :-(

Fantastic thank you!

Hi once again Mark!! One quick question: will this script work with OpenWrt v21? Or it needs to be tweaked due to the change from swconfig to DSA? I’m case it needs to be “fixed”, are you planning to publish the v21 version? Thank you!!!

Thanks a lot for the script. Ｉ was able to setup it easily with your script. But now I am finding it very hard to generate QR code, or create additional users, so I can let access some other people access my NanoPi R2S router.

Hi Marc! This is great! Thank you once again. I have it up and running in my tplink C7. My question: would you recommend to configure in the iPhone the option On Demand for every unknown/public wifi? I am thinking my own known secure network will be always better than a public one, right?

Hi OneMarcFifty , at the end when connecting from phone i have got this fault message " Error bringing up tunnel :At least one address must be specified" , i followed your instructions and script . thank you for your videos .

Can your script be run on DD-WRT? since I have one that run DD-WRT but it cannot convert to OpenWrt, thanks

i don't recommend to use this script i screwed my network.lucky i have backup

Hi Marc! I'm new to your channel, and I've been devouring all your videos ever since. I've Wireguard set up in a RPI3, but I'm going to try the OpenWRT approach in another router I have. Quick question: In my current Wireguard setup, whenever I'm home and my phone picks up my WiFi, it stops working (I guess I've something routed wrongly), so I'm forced to turn Wireguard off. What would happend with your OpenWRT Wireguard script?

May you do video on how to access home network via VPN if home network is behind multiple NATs?

Can I have your number?