====== Setup OpenWRT with WireGuard VPN on a Raspberry Pi 4 ======
This will guide you through the setup of [[server:OpenWRT|OpenWRT]] on a [[equipment:rbpi_4|Raspberry Pi 4]].
===== Install OpenWRT =====
  * Download software from https://openwrt.org/toh/raspberry_pi_foundation/raspberry_pi
    * Model: Raspberry Pi 4
    * Version: B
    * For the above: 
  * Use balenaEtcher or other favorite tool to write OpenWRT onto SD card.
  * See webpage info below for optional step of resizing the default partition.
  * Put SD card in Pi, connect ethernet and power on.

===== Setup OpenWRT =====
  * Go to http://192.168.1.1 and login using 'root' and 'openwrt' as default login.
  * Set a new password by following the prompts.
  * Change IP block.
    * Go to Network and choose Interfaces.
    * Edit the LAN
      * Protocol: Static address
      * Bring up on boot: checked
      * IPv4 address: 10.28.9.1
      * IPv4 netmask: 255.255.255.0
    * Save
  * Save Apply and reconnect to new IP address with new password.
  * From the top menu, click on Network and choose Wireless.
  * Click Remove next to the existing wireless config and then Save & Apply.
  * Click Scan to search for available networks, find your and click Join Selected.
  * Enter your WiFi password in the WPA passphrase box and click Submit and then Save.
  * Click Save & Apply to connect to your WiFi.
  * You now have a WAN connection on the internal WiFi adapter and a LAN connection on the LAN port.
  * Now add USB WiFi card as radio1 for our WiFi access point for clients to connect to.
  * From the top menu, click on the Network tab and choose Wireless.
  * If you see radio1, you are all good with the installation of the second WiFi adapter. If not, use these steps to install drivers.
    * Click System -> Software
    * Click Update lists...
    * when done, in the filter box type "kmod-" and then the drivers for your usb wifi card.
    * For my CanaKit Raspberry Pi WiFi Wireless Adapter/Dongle (802.11 n/g/b 150 Mbps) I needed: kmod-rt2800-lib, kmod-rt2800-usb, kmod-rt2x00-lib, and kmod-rt2x00-usb
    * pretty sure the 2800-lib and 2800-usb files installed the 2x00 ones as well.
    * Now you should have radio1 show up under Network -> Wireless.
  * Click Edit for the OpenWrt SSID (under the radio1)
    * Click Enable for Wireless network is disabled
    * Change Operating Frequency to 7 or anything that is free
    * Under Interface Configuration, select the Wireless Security tab, choose WPA2-PSK and enter a password that devices will use to connect.
    * Click Save
  * Click Save & Apply
Link: https://tristam.ie/2023/582/#openwrt-install

===== Setup WireGuard VPN =====
  * From OpenWRT top menu, click System tab and choose Software.
  * Click Update lists button and wait for process to finish.
  * Click Dismiss
  * Install the following packages by using the Filter field and clicking Install
    * kmod-wireguard
    * luci-proto-wireguard
    * luci-app-wireguard (Try installing this first, it should automatically install the others)
  * Click Network->Interfaces->Add new interface.
    * enter wg0 as the interface name.
    * select WireGuard VPN from protocol drop down
    * click Create interface
  * Click General Settings tab and enter following parameters from your Wireguard setup.
    * Bring up on boot: checked
    * Private Key: Generate new key pair
    * Public Key: this will go into your home wireguard setup on the other end as the peer's public key)
    * Listen Port: blank
    * IP Addresses: whatever you assign it in your home wireguard setup as the peer's ip (10.23.0.13/32)
  * Click Advanced Settings tab
    * Use default gateway: checked
    * enter custom DNS servers (8.8.8.8 and 8.8.4.4)
  * Click on the Firewall tab and select the WAN zone for Create/Assign firewall-zone. (wan wg0: wwan:)
  * Click the Peers tab and Add peer
    * Description: brimble.com
    * Public Key: from the home wireguard instance setup
    * Private Key: blank
    * Preshared key: blank
    * Allowed IPs: 0.0.0.0/0
    * Route Allowed IPs: checked
    * Endpoint Host: brimble.com
    * Endpoint Port: 51820
    * Persistent Keep Alive: 25
    * Click Save and then Save & Apply.
  * Also, set custom DNS again in Interfaces->WWAN if not already.

Link: https://tristam.ie/2023/805/

===== Connect =====
  * Use laptop to connect to broadcasting WiFi
  * go to 10.28.9.1 (or whatever your LAN is)
  * go to network/wireless and remove whatever old wifi is under radio0
  * click scan next to radio0 and connect to "hotel wifi"
  * click Save & Apply
  * Should now be connected and devices connecting to your device should work (might require reboot?)
  * If using a captive portal interface you need tunnel thru DNS to bypass captive portals, specifically on port 53. To do this you need to disable "DNS rebinding protection" (this option is ON by default) before you can do this.