Router Setup

DD-WRT WireGuard Setup Guide

The DD-WRT UI is constantly evolving and there are multiple variations depending on the specific build and version of the firmware. You may not see the exact same options in the same order as below.

This guide was produced using DD-WRT v46772.

Configuring the VPN tunnel

  1. Navigate to the home page of your router - By default 192.168.1.1.

  2. Go to Setup > Tunnels > and click the Add Tunnel button. Choose Enable and select WireGuard from the dropdown menu.

  3. Set the MTU value of the WireGuard tunnel to 1412.

  4. Click the Generate Key button and go to the Client Area on the IVPN website to add the generated public key to the Key Management area. Make note of the IPv4 address we assign to your public key and add it to the IP address field followed by a /32 subnet mask.

    Hint: After clicking Generate Key, it may or may not be possible to copy the public key displayed on the Tunnels page. Click the Save and Apply Settings buttons, then go to Administration > Commands and enter wg in the Commands box, then click Run Commands . This will display details of the WireGuard connection including the public key, which can be easily copied.

  5. Set Kill Switch to Enable. This will prevent out-bound traffic when the VPN client is disconnected from the server.

  6. Click the Add Peer button and enter the following peer configuration (as also shown in the screen shot below):

    • Peer Tunnel IP: 0.0.0.0
    • Peer Tunnel DNS: Specify one of the following DNS servers:
      • 172.16.0.1 = redular DNS with no blocking
      • 10.0.254.2 = standard AntiTracker to block advertising and malware domains
      • 10.0.254.3 = AntiTracker Hardcore Mode to also block Google and Facebook
    • Endpoint: Enable
    • Endpoint Address: Enter an IVPN WireGuard server hostname (available on the Server Status page) and choose a port:
      udp 53
      udp 80
      udp 443
      udp 1194
      udp 2049
      udp 2050
      udp 30587
      udp 41893
      udp 48574
      udp 58237
      
    • Allowed IPs: 0.0.0.0/0
    • Route Allowed IP’s via tunnel: Enable
    • Persistent Keepalive: 25
    • Peer Public Key: Enter an IVPN WireGuard server public key (available on the Server Status page)
    • Use Pre-shared Key: Disable

    Note: You are welcome to use whichever server you prefer. The Endpoint Address and Peer Public Key in the example above are specific to our server in Sweden.
  7. Click the Save button, then click the Apply Settings button.

DNS

  1. Navigate to Setup > Basic Setup.

  2. Specify one of the following DNS servers in the Static DNS 1 field:

    • 172.16.0.1 = redular DNS with no blocking
    • 10.0.254.2 = standard AntiTracker to block advertising and malware domains
    • 10.0.254.3 = AntiTracker Hardcore Mode to also block Google and Facebook

    ..and 198.245.51.147 in the Static DNS 2 field.

  3. Click Save & Apply Settings.

Final steps

  1. Reboot your router and wait for a minute or two for everything to settle, then reboot your computer system.

  2. Check the assigned public IP address on our website and run a leak test at https://www.dnsleaktest.com from one of the devices connected to your DD-WRT router.

Please note: If you plan to use a Multi-hop setup please see this guide and make the required adjustments to the port in the Endpoint Address & public key in the Peer Public Key fields.

Spotted a mistake or have an idea on how to improve this page?
Suggest an edit on GitHub.