Add a Wireguard VPN Client

SandLake

Occasional Visitor
I previously had an Asus DSL68U which ran an OpenVPN client using policy rules, it worked flawlessly for a few years but it started acting up. I have gone through various setups since some good and some not so good, I am now using (I even hate to say this) a Taotronics (2 node) Mesh setup which ticks a lot of boxes but configuration is minimal. It provides excellent wifi and has a seperate 2.4Ghz 'Smart' network. It does have a VPN option which is simply poor, I don't understand it at all but one thing I do know is that it doesn't support wireguard and this bring me to the reason for my post.
Is there anyway to keep this setup but to add a device that will integrate a VPN client into my existing network allowing me to use policy rules to add IP or MAC addresses to the VPN?

I can see various tutorials but they all seem to be for VPN servers, typically using a Raspberry Pi

Thanks
 

Tucu

Regular Contributor
Wireguard doesn't differentiate between client and server as everything is a peer. So any supported device could potentially do the job. Can you provide more information on how do you want to use the VPN?
 

SandLake

Occasional Visitor
Thanks
There is no real defined goal for this just something I am interested in. I guess I have a goal of being able to be on the internet and for Google to not know where I am, even using a VPN they know where I am and I would like to explore that further, really to just understand what is going on - I have no issue with Google knowing. I also like to watch local news programs in Orlando and to stream Netflix from the US although most things are available universally anyways.
I can run a VPN client on a laptop or whatever but it just seems to make sense that I be able to log into my network (router) and specify an internal IP and that device then uses the VPN.
 

Tucu

Regular Contributor
Your router should have the needed functionality to support a VPN device: port forwarding (if you need to access the vpn from the internet), static routes and maybe some basic policy routing. You might need to dig into the router UI to find where each of this is done.

For the VPN device you can start your experiments with a virtual machine. TurnkeyLinux has a Wireguard appliance VM that runs on VirtualBox: https://www.turnkeylinux.org/wireguard
 
Last edited:

SandLake

Occasional Visitor
Whilst it is not 100% accurate, it is safe to say this router is not configurable, the UI is an Android app. I have asked the manufacturer for help with the 'virtual server' option in the app and the response was "As for the instructions for using the virtual server, we do not have a special section for it due to the limited space of the manual. If you have questions, you can ask us and we will explain accordingly", the 'manual' is really a QSG.
I have played around with PiHole, so I was able to set the DNS server on the router to point to the PiHole and was hoping for a VPN solution something similar to that - now that I think about it (and taking your peer response into account) PiVPN may be the answer.
 

Tucu

Regular Contributor
Virtual server sounds like port forwarding (D-Link uses that name). You can try posting some screenshots of the app; maybe someone can decipher how they work.
 

SandLake

Occasional Visitor
I do appreciate your help - but - I feel this router is not something I want to 'get into', it is what it is, I was hoping to add a VPN option alongside it, maybe I need to look at this a different way. Thank you
 

sfx2000

Part of the Furniture
I've got WG hosted inside - and just port forward the port/protocol out - I use WG to access my LAN from remote.

Pretty straight forward actually - and less headache than mucking about with OpenVPN, and far more stable - since both ends are X86, speed on either OVPN or WG isn't really an issue.

sfx
 

Tucu

Regular Contributor
I setup some test point to point tunnels between an RPi2 (100Mbps ethernet) and my phone (AC at 433Mbps). iPerf could maintain around 70-80Mbps over the tunnel. Not bad for the aging Pi.
 
Last edited:

SandLake

Occasional Visitor
I think I have sorted my self out and just wanted to post what I have done in case anyone else would care to replicate it.

My ISP is Plusnet (in the UK) and I am now using their supplied modem/router, it doesn't have a modem only mode but I have set it to use the 192.168.0.X network and turned off all wireless networks.

I have a GL-iNet VPN Router (the GL-MT1300 Beryl) which is the only device on the 192.168.0.X network (effectively it's external IP) but it then creates the 192.168.1.X network (the internal IP addresses). It also has all it's wireless networks turned off

I now have a Netgear Orbi RBK50 mesh network which can be and is set to AP Mode, essentially it simply broadcasts the wireless networks and while it doesn't have a dediciated 2.4Ghz option it does have a Guest network which I am using for all my Smart devices

The GL-iNet router has a VPN Wireguard Client set up on it and in VPN Policies the 'Enable VPN Policy option is selected along with the MAC Address option so if I want any device on my network to use the VPN I have to add it's MAC address to the list.


The day after I set it all up, it 'froze', not sure what had happened and I had to start from scratch again but it was been working fine for about 5 days now. I am on a Fibre (FTTC) package which has speeds of 80/20 and I get about 75/18, with the VPN I'm getting 70/15 fairly consistently.

I don't yet understand how but with the VPN Google still know where I am, that'll be my next fun project!
 

Smokey613

Very Senior Member
Google sees all, knows all :)
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top