Does AX1800 support configuring WireGuard in OpenWRT?

I have configured Mullvad VPN on OpenWrt.
Allowed IPs set to 0.0.0.0/0 and checked “route allowed IPs”.
SSH into AX1800, default route is Mullvad VPN.

# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         *               0.0.0.0         U     0      0        0 MullvadHK04
10.10.20.0      *               255.255.255.0   U     0      0        0 wgserver
89.xxx.xxx.xxx     1-xxx-xxx-223-on 255.255.255.255 UGH   0      0        0 eth0
192.168.0.0     *               255.255.255.0   U     0      0        0 br-guest
192.168.50.0    *               255.255.255.0   U     0      0        0 br-lan
223.xxx.xxx.0    *               255.255.255.0   U     0      0        0 eth0

However, Internet traffic is not going through VPN.
Visiting https://ifconfig.co/ still shows my ISP IP.

AX1800 is on 4.0.1 Beta 2.

By the way, I want to use multiple WireGuard client.
It seems it is not supported on GL-UI, right?

Thanks.

Okay I have figured it out.

To use multi WireGuard clients:

  1. Go to OpenWRT
  2. Have these installed:
  3. Add WireGuard in Network Interface. Make sure DO NOT tick “route allowed IPs”
  4. SSH to router
  5. run ifconfig and mark down the WireGuard interface names
  6. modify file /etc/sysctl.d/90-wireguard.conf (it does not exist originally). Replace WG_INTERFACE_NAME with the real name
    e.g.
net.ipv4.conf.WG_INTERFACE_NAME.rp_filter = 2
  1. save the file. run sysctl -p
  2. Go back to OpenWRT. Setup VPNVPN Policy routing
  3. Done.
1 Like

It would be great if these could be done in GL-UI.

Some points to note.

Create a new zone in Firewall

  • input: drop
    output: accept
    forward: drop
    masquerading: checked
    mss clamping: checked
    covered network: (your newly created WireGuard interfaces)
    allow forward to destination zones: WAN
    allow forward from source zones: Guest, LAN

Force-link on WireGuard interface