WireGuard Router Setup Guide (DD-WRT)

WireGuard is a new VPN protocol that has been in development for the past several years. It is typically faster than OpenVPN and more flexible than IKEv2 making it a great option for securing your online activity. All the Windscribe apps already include the WireGuard protocol but if you want to use it on a router, the DD-WRT firmware added support for it as well.

Follow the steps below to set up WireGuard on your router. Note that our config generator is a paid feature.

Your configuration options may look a bit different depending on the version of DD-WRT you have.
We highly suggest you update to the most recent version of DD-WRT available for your router model: https://dd-wrt.com/support/router-database/



Step 1
Log in with your account on our website https://windscribe.com/login
Then go to the WireGuard config generator page: https://windscribe.com/getconfig/wireguard



Step 2
Select a location and port (use port 443 if not sure) for your connection and press Download Config.
5746939941ef17c955af161882520ee812e38f17?t=b08c2667d456fc454f6086fd6947153d



Step 3
Open the downloaded config file using a text editor like Notepad.
You will need to enter the config details into the router settings. (DO NOT use the exact values in this guide, they will not work)
404617eaee5189dae7c460cd0ff8a5092237ec51?t=28166803be7b9fc6b3452437988109d2



Step 4
Open the DD-WRT router interface.
You can typically access it by visiting 192.168.1.1 in your browser.
Then navigate to the Setup tab at the top, followed by the Tunnels tab below that.
0b41dc515b609e9d6ccb824a32c1478a2b4c89f4?t=5dfd4faffbb4bb354b1675edf447c3ec



Step 5
Press Add Tunnel.
ede958cd1a16de5c6bef4b130a6d4ed6017a596c?t=33a05a9134a0cc75d22f76ad538a7008



Step 6
Choose the Enable option.
cc26f6c4ab75b4330c84d00df38456a19c8a0c91?t=5e830416a6420153d4a9bb240ba1d71a



Step 7
Input these options for the first section:

Protocol Type: WireGuard
CVE-2019-14899 Mitigation: Enable
NAT via Tunnel: Enable
Local Port: Leave as default (51820)
MTU: 1420

Local Public Key: Leave Blank
DNS servers via tunnel: Copy the DNS from config file (will usually be 10.255.255.3)
Firewall inbound: Enable
Kill Switch: Enable

Advanced Settings: Enable
Local Private Key: Use the PrivateKey value from the WireGuard config.

Leave the rest of the options here blank.
36935694635d300284a4a46e5a06fab4a6831276?t=e1713adb6966e94b457d49f0ca430f73



Step 8
Press Add Peer, more options will appear below.
d072c3003d766cc80561bef59e719471de03d85e?t=11a4b9c849d25d3c7aced20ace2b3aae

(Optional) Name the connection with the location or another label.
9e80e942d40d2e0bf4376afc2e5d9a5e773d23e7?t=7e2dd172c8f65c03a6ca813168e03ec0



Step 9
For the Peer options, enter the following values:

Peer Tunnel IP: 0.0.0.0
Peer Tunnel DNS: Copy the DNS from config file (will usually be 10.255.255.3)
Endpoint: Enable
Endpoint Address: Enter the Endpoint hostname and port from the WireGuard config file
d1cb7de2f8a7348ba2a2ea226c19e7a4b829da09?t=507487771b3e6182ac69ed5cc9155bd4

Continue with the following values:

Allowed IPs: 0.0.0.0/0
Route Allowed IPs via tunnel: Enable
Persistent Keepalive: 25
Peer Public Key: Copy the PublicKey value from the WireGuard config file
Use Pre-shared Key: Enable
Pre-shared Key: Use the PresharedKey value in the WireGuard config file
f5b4262c520a61d8ebb2010514fd894eb1b01cd3?t=8f8db448e968883f82832d5b3f5958b8



Step 10
Finally at the bottom you will see one more option.

IP Address/Netmask: Copy the Address value from the WireGuard config file
d5959ed7920cc155a56ce3ef38557ffbee2a37a1?t=23b06404b7858375f42c521760c7e26d



Step 11
Press Apply Settings at the bottom to save the configuration and connect to the VPN using this WireGuard tunnel.
963142c3dbb17f5324892199754abcbb24c08814?t=2926a0f3b7f07e303f678e5d923cbfb3

You will be able to see the status of the tunnel by looking at the peer's WireGuard Status section:
149fbc8662f31fcf80ba354fbbe36f48ad842258?t=24bb0c0ebba251e54c539ac2dd6189c0