I have a working Openwrt Wireguard setup at home. I would like to set up a 300mV2 router as a client/peer but the configuration wizard does not reveal the public key of the router which I need to tell to the home Openwrt Wireguard machine. Where is this stored?
you can derive it yourself from the private key if you have one. otherwise just generate one.
if you can’t ssh to generate one, just download the wireguard app on your phone, create a dummy profile to generate.
Assuming you have access to the peer router,
$ sudo wg
interface: wg0
public key: <redacted - will appear here>
private key: (hidden)
listening port: <redacted>
If managed by another, they should provide you your public key
Generating a key pair on the android app produces a private key which the Gl-inet router declares is invalid. and the sudo command is not found by openwrt. Thanks for your help but not getting anywhere with this. Any further suggestions?
Just use “wg” without sudo
But you are configuring manually and you will have a lot of pain. Just check wireguard website and there are guide to this.
Yes the pain is true. wg returns no results and looking at luci there is no wg0 interface. Do I have to manually install wireguard?
You should read WireGuard documents of how to generate key and how to configure wg.
It is installed but you have to config. The simplest way is just to generate a whole config file from your server. Not to generate keys separately. As both the server and client is your device, it is safe to do so.
if you use two GL.iNet router, one used as server and one used as client, it is very easy to set up.
My server is an openwrt router. I have set this up successfully following the usual guides and I have several android devices which connect to it with no problem.
I’m not sure how to generate a peer config on my server router.
The best “walk-through” of WireGuard configuration that I’ve found is WireGuard VPN Road Warrior Setup – EmanuelDuss.ch
While general in nature, the primary differences are that GL.iNet / OpenWrt firmware stores the config in UCI files, rather than in the more common `nix files. These files can be manually edited or managed through LuCI (“Advanced” under the GL.iNet firmware).
There is a section there on key generation which comes down to
wg genkey | tee notebook-private.key | wg pubkey > notebook-public.key
This can be run on any platform that has the wg command-line utilities installed (Linux-based or otherwise), not necessarily one of the involved peers. Running it on a peer is a “convenience” or “security advantage” as typically you don’t need to move the private key to another machine.
What the above command does is to:
- Generate a private key
- Save it to
notebook-private.key - Also run it through
wg pubkey - And save the matching public key to
notebook-public.key
Thanks, I’ve created a key pair as you suggest on the GL router but I’m mystified not to see a wg0 interface and to be unable to add a wg interface using LuCi. So I can add keys etc in the wireguard client wizard but not anything else.
The luci-app-wireguard package is not installed in the default firmware so not possible to configure using Luci.
I used the settings in WireGuard - GL.iNet Docs to configure the client network and firewall after modifying to suit my server setup. This works fine but it is confusing that the gui wizard does not do this setup process.