Does AX1800 support configuring WireGuard in OpenWRT?

I have configured Mullvad VPN on OpenWrt.
Allowed IPs set to and checked “route allowed IPs”.
SSH into AX1800, default route is Mullvad VPN.

# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         *              U     0      0        0 MullvadHK04      *        U     0      0        0 wgserver     1-xxx-xxx-223-on UGH   0      0        0 eth0     *        U     0      0        0 br-guest    *        U     0      0        0 br-lan    *        U     0      0        0 eth0

However, Internet traffic is not going through VPN.
Visiting still shows my ISP IP.

AX1800 is on 4.0.1 Beta 2.

By the way, I want to use multiple WireGuard client.
It seems it is not supported on GL-UI, right?


Okay I have figured it out.

To use multi WireGuard clients:

  1. Go to OpenWRT
  2. Have these installed:
  3. Add WireGuard in Network Interface. Make sure DO NOT tick “route allowed IPs”
  4. SSH to router
  5. run ifconfig and mark down the WireGuard interface names
  6. modify file /etc/sysctl.d/90-wireguard.conf (it does not exist originally). Replace WG_INTERFACE_NAME with the real name
net.ipv4.conf.WG_INTERFACE_NAME.rp_filter = 2
  1. save the file. run sysctl -p
  2. Go back to OpenWRT. Setup VPNVPN Policy routing
  3. Done.
1 Like

It would be great if these could be done in GL-UI.

Some points to note.

Create a new zone in Firewall

  • input: drop
    output: accept
    forward: drop
    masquerading: checked
    mss clamping: checked
    covered network: (your newly created WireGuard interfaces)
    allow forward to destination zones: WAN
    allow forward from source zones: Guest, LAN

Force-link on WireGuard interface