[Feature request] Replace Wireguard with AmneziaWG

Routers
124

This is my setup of AmneziaWG on GL.iNet MT-3000 router, based on this and this instructinos

Prerequisites:

  • A GL.iNet MT-3000 router.
  • AmneziaVPN server with configuration.
  • Internet access for your router during the setup process.

Summary of Steps:

  1. Update GL.iNet MT-3000 Firmware.
  2. Install AmneziaWG Packages.
  3. Get/generate AmneziaWG Client Configuration.
  4. Configure AmneziaWG Interface in LuCI.
  5. Create Firewall Rule.
  6. Enable "Route Allowed IPs".
  7. Verify Connection.

Step 1: Update GL.iNet MT-3000 Firmware

  1. Download Firmware: Go to the official GL.iNet download page and download the 4.6.6-op24 firmware for your MT-3000.

  2. Install Firmware:

  • Access your GL.iNet router's web interface (usually http://192.168.8.1).
  • Navigate to System -> Upgrade.
  • Upload the downloaded firmware file.
  • Important, when prompted, choose to install without saving the old configuration. This ensures a clean slate and avoids potential conflicts.
  • Wait for the router to complete the firmware upgrade and reboot.

Step 2: Install AmneziaWG Packages

  1. Access LuCI: Once the router has rebooted, log in to the LuCI web interface. (e.g., http://192.168.8.1/cgi-bin/luci).
  2. Download AmneziaWG Packages: On your computer, download the following AmneziaWG packages from the Amnezia GL.iNet MT-3000 releases page for firmware version 4.6.6:
  • kmod-amneziawg_4.6.6.ipk
  • amneziawg-tools_4.6.6.ipk
  • luci-proto-amneziawg_4.6.6.ipk
  1. Install Packages:
  • In LuCI, navigate to System -> Software.
  • Click on the Upload Package... button.
  • Upload and install each of the three downloaded .ipk files one by one (in order as mentioned above).

Step 3: Get/Generate AmneziaWG Client Configuration

  1. Open AmneziaVPN App on your phone:
  2. Select "Share" option within the existing connection .
  3. Change "Connection format: AmneziaWG native format"
  4. Copy Configuration Details, in a text format similar to the example below.
[Interface]
Address = 10.2.2.2/32
DNS = 1.1.1.1, 1.0.0.1
PrivateKey = +a/XXXxXXXXXXXX=
Jc = 1
Jmin = 10
Jmax = 10
S1 = 111
S2 = 111
H1 = 2233232
H2 = 2233232
H3 = 2233232
H4 = 2233232

[Peer]
PublicKey = XXXXXXXXXXXXXXXXXXXX=
PresharedKey = XXXXXXXXXXXXXXXXXXX2=
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = yourAmneziaServer:port
PersistentKeepalive = 25

Step 4: Configure AmneziaWG Interface in LuCI

  1. Create New Interface:
  • In LuCI, navigate to Network -> Interfaces.
  • Click on the Add new interface... button.
  • Enter AWG as the Name of the new interface.
  • From the Protocol dropdown, select AmneziaWG.
  • Click Create interface.
  1. Import AmneziaWG Configuration:
  • On the next screen, you will be on the Interface: AWG settings page.
  • Look for an option to "Import configuration"
  • You may need manually define some params

Step 5: Create Firewall Rule

Configure Firewall Zone:

  • While still on the Interface: AWG settings page, go to the Firewall Settings tab.
  • Create a new firewall zone for the AWG interface. You can name it awg_zone.
  • Set the Input, Output, and Forward policies to accept.
  • Under Covered networks, ensure that AWG is selected.
  • Under Allow forward to destination zones, select wan.
  • Under Allow forward from source zones, select lan.
  • Click Save.

Step 6: Enable "Route Allowed IPs"

This is a crucial step that was not explicitly clear in the original instructions but was necessary for your setup.

  1. Go to Interface Settings: Navigate back to Network -> Interfaces.
  2. Edit AWG Interface: Click on Edit next to your AWG interface.
  3. Go to Peer Settings: Navigate to the Peers tab within the AWG interface configuration.
  4. Check "Route Allowed IPs": Locate the specific peer configuration (the one corresponding to your AmneziaWG server). Check the box next to "Route Allowed IPs."
  5. Save & Apply: Click Save at the bottom of the page, and then click Save & Apply to apply all changes.

Step 7: Verify Connection

  1. Interface Status: Go to Network -> Interfaces. Your AWG interface should now show as "Up" or "Connected" if the configuration is correct.
  2. Test Connectivity:
  • Connect a device (e.g., your computer or phone) to your GL.iNet MT-3000's Wi-Fi or LAN.
  • Verify your public IP address using a website like whatismyip.com. It should now reflect the IP address of your AmneziaWG server.
7 Likes