Setup WireGuard Server on GL.iNet router¶
WireGuard® is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN.
GL.iNet routers have pre-installed WireGuard Server and Client.
Make sure Internet Service Provider assigns you a public IP address¶
Please check if you Internet Service Provider assigns you a public IP address here.
If no, you can't connect to the WireGuard Server.
- If GL.iNet router is the main router in your network, this is simple, please move to the next step.
- If you already have a main router, then the GL.iNet router is under the main router, you may need to setup a port forwarding on the main router.
- If you already have a main router, the GL.iNet router is several levels below it and you need to set up port forward on each level.
Initialize WireGuard Server¶
Access to web Admin Panel, on the left side -> VPN -> WireGuard Server. Click
Initialize WireGuard Server.
Start the WireGuard Server¶
You can simply use the default parameters of IP Address and Local Port, or you can set your own value. Then click
Start to start your own WireGuard server.
Allow Access Local Network: Enable this will allow every client that connect to this WireGuard Server be able to access your LAN. Please use with caution.
Note that you can't running VPN Client and Server at the same time, and also can't running OpenVPN Client and WireGuard Client at the same time.
Add a new client¶
You have to add a new user and apply the configurations when you are connecting to this WireGuard Server.
Management tab and then
Add a New User.
Specify the Name of the new client and then click
Get the configuration details for your client¶
You can now check the list of the clients you added. You can
Delete any unwanted client. Please click
Configurations to find the configuration details which you need to use when you are setting up WireGuard client. We provide QRcode and Plain Text, you can use a Text Editor software to save the Plain Text to
To check if WireGuard Server is working properly¶
To check if WireGuard Server is working properly, we can use another device connected to another network and use the WireGuard configuration we exported earlier to connect and see whether it connects properly and whether the IP address is the IP of WireGuard Server.
The simpliest way is to use a cell phone with WireGuard official client app installed, turn off its Wi-Fi connection, and only connect to Internet via 3G/4G/5G. Then open the WireGuard app, import the WireGuard configuration from QR code. Enable the connection, check if the phone has Internet access and whether its IP address is the IP of your WireGuard Server.
There are several common reasons cause failed:
- The Internet Service Provider doesn't assign you a public IP address, please check here.
- You may need setup port forwarding, please check here.
- The port you are using for WireGuard Server is blocked by the Internet Service Provider, change to another port, or contact the Internet Service Provider.
- Some countries/regions may block the VPN connection.
If your public IP address is dynamic¶
Some Internet Service Providers may change your IP address sometimes. To overcome this, enable the DDNS, then edit the configuration to replace DDNS url with your public IP address.
- Copy the content of the configuration to a text editor(e.g. Atom, Sublime).
Edit the configuration to replace DDNS url with your public IP address.
Copy the revised content to generate a QRCode, or save it as
The WireGuard connection may down a while when the public IP address changes, after the DDNS url update to the new public IP address, the conneciton will resume. The DDNS is updated every 10 minutes. If the connection doesn't resume, please make sure the DDNS url is point to tne new public IP address, then turn off the WireGuard connection and turn on again.
WireGuard Client App¶
We can use another GL.iNet router as WireGuard Client, or use their official app on other devices with various OS.
- Please refer to WireGuard Official Website: https://www.wireguard.com/install
Visit Client’s LAN Subnet¶
Visit Client’s LAN Subnet from WireGuard Server LAN Subnet
1) Change WireGuard clients LAN IP to avoid IP confliction with Server
2) Modify Wireguard_Server Configuration
WinSCP or SSH into your the WireGuard Server (router) find and modify the file
Add a line to the end of the config file of clients you want to visit.
list subnet '192.168.xxx.0/24'
Save and Exit