Installing VPN on an OpenWrt Router

Step 1. Installing OpenWrt on the Router

1. Verify that your router supports OpenWrt 23.05.0 or later:
   • https://openwrt.org/toh/start
   • https://firmware-selector.openwrt.org (alternative resource)
2. Install OpenWrt 23.05.0 or later on your router, ensuring you select the appropriate version for your specific router model.

Using this guide, you won’t be able to configure a VPN on routers running OpenWrt 22.03.x or earlier.

---

Step 2. Installing AmneziaWG on the OpenWrt Router

Before starting, disable any active VPN connections on the device you'll be using to connect to the router.

1. Open a command line/terminal and run ssh root@192.168.1.1, where 192.168.1.1 is your router's IP address. Depending on your network configuration, your router may use a different IP address (e.g., 192.168.0.1).
2. When prompted, confirm the connection by typing yes.
3. Run ping github.com to verify that the router has internet connectivity.

4. Execute the following command to run the installation script, which will automatically install the AmneziaWG package for your router:

sh <(wget -O - https://raw.githubusercontent.com/Slava-Shchipunov/awg-openwrt/refs/heads/master/amneziawg-install.sh)

5. When the script completes, type n when prompted.

Special thanks to Slava Shchipunov for creating the script!

For more details about the script, see the author’s repository on GitHub.

---

Step 3. Creating a VPN Connection on the Router

1. Access the router's web interface by entering the router's IP address into your web browser (e.g., 192.168.1.1).
2. Go to Network → Interfaces.

3. Click Add new interface.

4. Enter a name for your VPN interface and select AmneziaWG VPN as the protocol → click Create interface.

5. In the window that appears, click Load configuration.

6. Either paste the entire contents of your configuration file or drag and drop the configuration file into the window → click Import settings.

How to get a configuration file:

• in the Subscription Dashboard if you have an Amnezia Premium subscription
• in the AmneziaVPN app if you have your own server — share VPN access in the AmneziaWG native format

7. Go to the Firewall Settings tab → click the Create / Assign firewall-zone drop-down list → enter a name for the new zone in the field below the zone list → press Enter → click Save.

8. In the window that appears, on the Interfaces tab, click Save & Apply.

---

Step 4. Configuring the Router's Firewall

1. Go to Network → Firewall.

2. Click Edit to the right of the lan zone.

3. Click the Allow forward to destination zones drop-down list → check the box next to your previously created firewall zone → click Save.

4. Check the Masquerading option for your previously created firewall zone → click Save & Apply.

5. Go to Network → Interfaces.

6. Click Edit to the right of the VPN interface you created earlier.

7. Open the Peers tab → click Edit to the right of the configuration file you imported earlier.

8. Check Route Allowed IPs → click Save → click Save again.

9. In the window that appears, while on the Interfaces tab, click Save & Apply → go to System in the top-menu → Reboot.

10. Click Perform reboot.

After the router reboots, check connectivity — the internet should start working through the VPN.

---

Updating the VPN Configuration with a New Configuration File

1. Go to Network → Interfaces.

2. Click Edit to the right of the created VPN interface.

3. In the window that appears, click Load configuration.

4. Either paste the entire contents of your new configuration file or drag and drop it into the window → click Import settings → click OK to confirm.

5. On the Peers tab, click Delete to the right of the old configuration file → Save.

6. Click Edit to the right of the newly imported configuration file → check Route Allowed IPs → click Save → click Save again.

7. In the window that appears, on the Interfaces tab, click Save & Apply.