Skip to content

Setup WireGuard Server on GL.iNet router

WireGuard® is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN.

GL.iNet routers have pre-installed WireGuard Server and Client.

Make sure Internet Service Provider assigns you a public IP address

Please check if you Internet Service Provider assigns you a public IP address here.

If no, you can't connect to the WireGuard Server.

An alternative method is to use a reverse proxy solution, we suggest AstroRelay, check the tutorial here.

Network Topology

  • If GL.iNet router is the main router in your network, this is simple, please move to the next step.
  • If you already have a main router, then the GL.iNet router is under the main router, you may need to setup a port forwarding on the main router.
  • If you already have a main router, the GL.iNet router is several levels below it and you need to set up port forward on each level.

Initialize WireGuard Server

Access to web Admin Panel, on the left side -> VPN -> WireGuard Server. Click Initialize WireGuard Server.

initialize wireguard server

Start the WireGuard Server

You can simply use the default parameters of IP Address and Local Port, or you can set your own value. Then click Start to start your own WireGuard server.

Sever Configuration

Allow Access Local Network: Enable this will allow every client that connect to this WireGuard Server be able to access your LAN. Please use with caution.

Note that you can't running VPN Client and Server at the same time, and also can't running OpenVPN Client and WireGuard Client at the same time.

Add a new client

You have to add a new user and apply the configurations when you are connecting to this WireGuard Server.

Click Management tab and then Add a New User.

Add a wireguard client user

Specify the Name of the new client and then click Add.

input wireguard config name

Get the configuration details for your client

You can now check the list of the clients you added. You can Delete any unwanted client. Please click Configurations to find the configuration details which you need to use when you are setting up WireGuard client. We provide QRcode and Plain Text, you can use a Text Editor software to save the Plain Text to .conf file.

Configuration list

wireguard configuration

To check if WireGuard Server is working properly

To check if WireGuard Server is working properly, we can use another device connected to another network and use the WireGuard configuration we exported earlier to connect and see whether it connects properly and whether the IP address is the IP of WireGuard Server.

The simpliest way is to use a cell phone with WireGuard official client app installed, turn off its Wi-Fi connection, and only connect to Internet via 3G/4G/5G. Then open the WireGuard app, import the WireGuard configuration from QR code. Enable the connection, check if the phone has Internet access and whether its IP address is the IP of your WireGuard Server.

There are several common reasons cause failed:

  • The Internet Service Provider doesn't assign you a public IP address, please check here.
  • You may need setup port forwarding, please check here.
  • The port you are using for WireGuard Server is blocked by the Internet Service Provider, change to another port, or contact the Internet Service Provider.
  • Some countries/regions may block the VPN connection.

If your public IP address is dynamic

Some Internet Service Providers may change your IP address sometimes. To overcome this, enable the DDNS, then edit the configuration to replace public IP address with your DDNS url.

  1. Copy the content of the configuration to a text editor(e.g. Atom, Sublime).

  2. Edit the configuration to replace DDNS url with your public IP address.

    ddns replace ip

    After replaced.

    ddns replaced ip

  3. Copy the revised content to generate a QRCode, or save it as .conf file.

The WireGuard connection may down a while when the public IP address changes, after the DDNS url update to the new public IP address, the conneciton will resume. The DDNS is updated every 10 minutes. If the connection doesn't resume, please make sure the DDNS url is point to tne new public IP address, then turn off the WireGuard connection and turn on again.

WireGuard Client App

We can use another GL.iNet router as WireGuard Client, or use their official app on other devices with various OS.

Related Articles

Still have questions? Visit our Community Forum.