How to get wireguard server working on an archer ax1800?
I bought this router yesterday on 7/20/2022 and it only seems to support openvpn which is too slow and pptp which is too insecure. How do I install wireguard on it so I can get my network up and running.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
@n4mwd I am unaware of any routers that natively support wireguard VPN servers without flashing a custom firmware such as OpenWRT, not recommended unless you have experience. If you have on old router that is supported by a custom firmware with wireguard support, you could try configuring it as a VPN gateway.
Otherwise, you would have to use a software solution. Check out the wireguard website.
- Copy Link
- Report Inappropriate Content
@pcuttle The router that the AX1800 replaced was running OpenWRT which had support for wireguard. So I am familiar with it, but there doesn't seem to be a version of OpenWRT that works with the AX1800.
I am shocked that a modern router doesn't come standard with wireguard installed.
One solution might be to port forward to a raspberry pi running openwrt and then use wireguard from that, but the port forwarding adds a good bit of overhead which makes it no faster than openvpn.
I think the real solution is for router companies to come into the 21st century and start supporting modern protocols. It shouldn't be necessary to have to flash a router just to get basic functionality.
I'm thinking that if there was a way to turn the PPTP VPN server on and off remotely, then it wouldn't be so bad. Since the port is TCP and publicly known, I can asure you that there are already people hammering that port on my new router. I had to go with PPTP because OpenVPN was too slow.
- Copy Link
- Report Inappropriate Content
@n4mwd Based on a little research, it appears it will be difficult for any Broadcom based AX router to get open source firmware as their is no open SDK provided by Broadcom for that chipset. If your old router is still working, can't you just set it up as a VPN gateway? Yes, you will have to use port forwarding from primary router, but until something better comes around....
- Copy Link
- Report Inappropriate Content
@pcuttle The old router was bricked by a nefarious hacker that seems to have targeted me. As best as I can tell, he got in by hammering my ssh port. Then he bricked the router by flashing bad code. That particular router is easily bricked and not recoverable, so I'm not especially upset.
So using the old router in any way is not an option. If it still worked I wouldn't need the AX1800.
Using a Raspberry Pi as a wireguard node is too costly in both money and processing time.
The exception might be if I could get a non-forwarded IPV6 connection to the wireguard node, and then have that come out with wireguard as a local IPv4 address. I don't know much about IPv6 or if that is even possible.
In any event, I find it contemptible that modern routers aren't standard with wireguard.
The AX1800 user interface was usable but extremely difficult to configure for a commercial product. Not much of anything uses node NAMES, but instead uses MAC and IP addresses. Its a major production to make nodes static and set up port forwarding. I also noticed incompatibilities with the TP-Link CPE210 extender. Any wireless connections that came in on that were listed as wired connections with no node name.
- Copy Link
- Report Inappropriate Content
@n4mwd There is such thing as IPv4 to IPv6 translation, but it is usually not a SOHO router feature. Typically it used at more enterprise level routing where IPv4 and IPv6 traffic may need to be routed between each other. If I rememeber, there are network appliances that are dedicated to providing that capability but likely expensive and overkill. Best bet may be to try and setup a pfSense node on your network with any extra hardware you may have and try to set something up that way. Wireguard is supported. Just a thought.
- Copy Link
- Report Inappropriate Content
@pcuttle I have been using PPTP VPN that comes with the router (because WireGuard isn't an option) and it was only a few hours before the hackers found the port and started hammering it. So my internet connection bandwidth is about 1/10th what it should be.
So is there any way to make the router block repeated attacks on the PPTP server in the router? I don't think its an official DOS attack, its just a bunch of hackers all trying to get in with a brute force attack.
Wireguard doesn't expose any ports to hackers, whereas both PPTP and OpenVPN do. That's why the latter two VPNs are totally obsolete.
If blocking attacks like that are not possible with the AX1800, then is is possible to remotely turn ports on and off?
- Copy Link
- Report Inappropriate Content
@n4mwd I agree PPTP is not the best option. I cannot think of any inherent settings you can use to mitigate the brute force probing you are experiencing. Some routers do support firewall features to block high volume DOS attacks and port probes, but yours does not seem to have any settings realting to it. One option you may want to look into is setting up a Cloudflare tunnel to remotely access your home network. A Google search should provide ample info on how to do it. Nice think about this solution is that it does not expose any ports. Good luck and let me know if that works for you,
- Copy Link
- Report Inappropriate Content
@pcuttle I went ahead and ordered a tp-link Archer a7. This one can be flashed with DD-WRT or openwrt and both of those will support wireguard. The ax1800 just lacks too many critical features. I will be returning the 1800 when the new router comes in.
The 1800 firmware feels solid, but rough around the edges.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 4538
Replies: 14
Voters 0
No one has voted for it yet.