How to set up a WireGuard VPN server on the pcWRT router

• Posted by pcwrt
• in How To
• on December 23, 2019
• No Comments.

Prerequisites

1. Check if your router is behind NAT. If behind NAT, put the router in DMZ or configure port forwarding.
2. Set up Dynamic DNS.

Set up server

1. Log in the pcWRT console. Click Apps then click WireGuard^®*.
2. Click on the Server tab. WireGuard server is disabled by default. Click the “Enable” button.
   
3. If you enabled native Dynamic DNS, the “External Address” field will be filled with the DDNS name. Otherwise, it will be filled with the external IP address as seen by the router. If you have a third party DDNS service, you can put the DDNS name in the “External Address” field.
   
   The Port, IP Address & Netmask fields will be filled with default values too. The defaults should be fine, but you may make changes if you want.

   

4. Click the Add button in the Peers section to add a WireGuard client configuration.
5. In the popup dialog, enter a name for the client configuration. Click the Generate Keys link to generate a pair of keys for the client. Then click OK to dismiss the dialog.
   
6. Click Save to save the server and client configurations. The Server Public Key field will be populated and WireGuard server will be started.
   

Configure a client

Using Android phone as example here.

1. Install the WireGuard app from Google Play Store.
2. Open the WireGuard app. Tap the + button at the bottom right corner. Tap Create from QR code.
   
3. Go back to the pcWRT console WireGuard page. Click on the QR code icon to bring up the QR code dialog.
   
4. Scan the QR code to set up the WireGuard client connection.

Caution: the client QR code contains both public and private keys for the client. Anyone with the QR code can connect to your WireGuard server. It is strongly advised that you don’t share the QR code by means where it could be lost or stolen (e.g., email etc.).

* “WireGuard” is a registered trademark of Jason A. Donenfeld.