This tutorial was created mainly for Indonesian users, the government blocks some websites with DPI so simply changing the DNS doesn't work anymore. This is what I have:
Router: GL.iNet 6416
Firmware: OpenWrt 18.06.2
Modem: Huawei E3372 HiLink ( With IP: 192.168.8.1)
ISP: Tri Indonesia
PC: Manjaro Linux (This doesn't really matter what you have)
- On your PC, download the appropriate wgcf binary release from Github https://github.com/ViRb3/wgcf if you are using Linux the linux-amd64 binary is your best bet. Make sure to replace binary-release with the actual file name of the downloaded file
- Make the binary executable with: chmod +x binary-release
- Run ./binary-release register
- Accept terms and conditions
- Now run ./binary-release generate
- You'll get wgcf-profile.conf file, which you'll need to setup wireguard on your OpenWrt router. The file should look like this:
[Interface]
PrivateKey = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Address = 100.16.0.2/32
Address = fddd:5ca1:ab1e:8daf:209d:9414:d1e0:5d2c/128
DNS = 1.1.1.1
MTU = 1280
[Peer]
PublicKey = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
AllowedIPs = 0.0.0.0/0
AllowedIPs = ::/0
Endpoint = engage.cloudflareclient.com:2408
- Now on your OpenWrt router do: opkg update && opkg install wireguard wireguard-tools luci-proto-wireguard
- Edit your /etc/config/network and append the following lines, make sure to match the private_keys etc with the wgcf-profile.conf file that you have:
config interface 'Cloudflare'
option proto 'wireguard'
option private_key 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
list addresses '100.16.0.2/32'
list addresses 'fddd:5ca1:ab1e:8129:b248:d4f:3f37:7fbe/128'
option mtu '1280'
option dns '1.1.1.1'
config wireguard_Cloudflare
option public_key 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
option endpoint_host 'engage.cloudflareclient.com'
option endpoint_port '2408'
list allowed_ips '0.0.0.0/0'
list allowed_ips '::/0'
option route_allowed_ips '1'
config route 'route_wireguard'
option interface 'Cloudflare'
option target '0.0.0.0/0'
option gateway '192.168.8.1' # This is the HiLink IP on my modem
option metric '1024'
config route 'route_bimatri' # This configuration is optional
option interface 'HiLink' # Match this with the name of your hilink interface, mine is 'HiLink'
option target '103.10.66.0/24' # This is the IP of bima.tri.co.id
option option netmask '255.255.255.0'
option gateway '192.168.8.1' # This is the HiLink IP on my modem
option metric '1024'
- Now do /etc/init.d/network restart
- Login to Luci WebUI. Go to Network > Interfaces and connect your Cloudflare Interface, if you're connected successfully, your Cloudflare interface should look like this:
Your routing table should look like this:
Now you should be able to access blocked websites like reddit.
References:
https://www.reddit.com/r/openwrt/comments/kgk5r1/comment/ggfqvhe/?utm_source=share&utm_medium=web2x&context=3
https://openwrt.org/docs/guide-user/network/routing/routes_configuration