Set Up WireGuard Server on GL.iNet Routers¶
WireGuard® is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN.
Make sure Internet Service Provider assigns you a public IP address¶
Please check if you Internet Service Provider assigns you a public IP address here.
If not, you can't connect to the WireGaurd Server.
- If GL.iNet router is the main router in your network, this is simple, please move to the next step.
- If you already have a main router, then the GL.iNet router is under the main router, you may need to setup a port forwarding on the main router.
- If you already have a main router, the GL.iNet router is several levels below it and you need to set up port forward on each level.
Setup WireGuard Server¶
Access to web Admin Panel, on the left side -> VPN -> WireGuard Server.
Click Generate Configuration (Only the first time).
Apply the configuration
The default configuration works for most cases. If you found the IPv4 address conflict with your upper router's gateway, click the Apply button after modification. You can modify it as 10.1.0.1/24 , please don't forget to put /24 at the end, otherwise you clients cannot get connections.
For example, if you use Xfinity routers, your router IP will be same as our WireGuard Server IP, then you need to do the above changes.
For Set Key Manually.
Add a profile
Switch to Profiles tab, generate a profile for your device by click the Add button.
Enter a descriptive name.
Set More is for advanced settings.
Click Apply to continue. It will generate a profile.
If your network's public IP changes from time to time, you can enable DDNS, then using DDNS domain in the configuration.
Click Download to save the profile.
Start WireGuard server
Click the Start button in the upper right corner to start WireGuard server. Go to VPN Dashboard page to check its status and other settings.
To check if WireGuard Server is working properly¶
Many people mis-understandstool once they saw the server is up and think it is connected. The server can be up even you forward a wrong port or wrong address.
To check if WireGaurd Server is working properly, we can use another device connected to another network and use the WireGuard configuration we exported earlier to connect and see whether it connects properly and whether the IP address is the IP of WireGuard Server.
The simpliest way is to use a cell phone with WireGuard official client app installed, turn off its Wi-Fi connection, and only connect to Internet via 3G/4G/5G. Then open the WireGaurd app, import the WireGaurd configuration from QR code. Enable the connection, check if the phone has Internet access and whether its IP address is the IP of your WireGuard Server.
There are several common reasons cause failure:
- The Internet Service Provider doesn't assign you a public IP address, please check here.
- You may need setup port forwarding, please check here.
- The port you are using for WireGuard Server is blocked by the Internet Service Provider, change to another port, or contact the Internet Service Provider.
- Some countries/regions may block the VPN connection.
WireGuard Client App¶
We can use another GL.iNet router as WireGuard Client, or use their official app on other devices with various OS.
- Please refer to WireGuard Official Website: https://www.wireguard.com/install
WireGuard® is a registered trademark of Jason A.Donenfeld.
Still have questions? Visit our Community Forum.