Connecting to a WireGuard VPN from Android

Starting from KeeneticOS version 3.3, you can use WireGuard VPN to remotely connect to the local network of the Keenetic router.

First, you need to configure the WireGuard server on the Keenetic device, which is shown in the following instruction: Configuring a WireGuard VPN between two Keenetic routers, then move on to the VPN client configuration.

NOTE: Important! If you want to configure a Keenetic router as a VPN server, make sure that it has a public IP address, and when using the KeenDNS service, that it works in the 'Direct access' mode. If any of these conditions are not met, it will be impossible to connect to such server from the Internet.

Below is an example of how to connect to a server from a smartphone running the Android operating system.

To connect to the Keenetic WireGuard server on your Android mobile device, you can use the free application WireGuard.
But you can also use other applications that support WireGuard VPN, for example, VPN Client Pro.

1. Install the WireGuard client, find the WireGuard shortcut on the desktop or in search and launch it.

wg-a01_en.png

2. The main program window will open. In the lower right corner of the screen, click on the '+' icon to configure the WireGuard client on your phone. Then click on 'Create from scratch'.

wg-a02_en.png

3. Configuring the WireGuard client on your phone.

In the 'Name' field enter a name for the connection, for example, 'Keenetic-C' (you can specify any name you like).

Go on to the creation of the Private and Public keys. Click on the pngwing.com.png symbol to generate a pair of keys. Save the Public key value for future use. You'll need it in the next steps.

wg-a03_en.png

Set the IP address in the 'Addresses' field of the WireGuard client in IP/bitmask format — 172.16.82.4/24 (internal tunnel address). It is possible to use a different subnet, choosing it from the private address range and avoiding overlapping with other subnets configured on these devices.

Save the settings by clicking on the floppy disk icon in the upper right corner of the screen.

wg-a04_en.png

4. If you haven't already configured the WireGuard server, do it according to the following instructions: Configuring WireGuard VPN between two Keenetic routers.

5. In the settings of the WireGuard connection created in the previous step, click 'Add peer'. A form with peer settings will open. Specify the name of the tunnel 'Keenetic-C'.

In the 'Public Key' field, specify the key that was generated earlier in step 3 of this article.

In the 'Allowed IPs' fields specify the address from which traffic will be allowed to the server in IP/bitmask format — 172.16.82.4/32.

In the 'Persistent keepalive' field, specify the frequency of attempts to check the availability of the remote connection side. Usually, a 10-15 second interval between checks is sufficient. By default, the 'Persistent keepalive' value in peer settings is 30 seconds.

Click 'Save'.

wgkpl30-en.png

6. On the same WireGuard connection settings page, save the Public key of the server for future use. The server settings are at the top of the page.

wg-serv_en.png

7. Go back to the WireGuard client settings on your phone.

Click on 'Add Peer' and add a connection to the WireGuard server.

In the 'Public Key' field, insert the server key that was saved in the previous step of this article.

In the 'Allowed IPs' field enter the allowed IP addresses, in IP/bitmask format — 172.16.82.1/32 (internal server address) and 192.168.22.0/24 (local segment address of the Keenetic router).

In the 'Endpoint' field, enter the public IP address or domain name of the WireGuard server and the listening port on which the WireGuard client will set the connection.

Save the settings by clicking on the floppy disk icon in the upper right corner of the screen.

wg-a05_en.png

8. Enable WireGuard server on Keenetic router and WireGuard client on your smartphone, and check server availability on the client side.

Once enabled, if the configuration is correct, the web interface of the server will be available. In our example, it is a Keenetic router with the IP address 192.168.22.1.

wg-a06_en.png

To check the availability of the server, you can send ICMP packets to an IP address, for example using the program PingTools Network Utilities.

wg-ping_en.png

The setup is complete.

If you want to allow the connected clients to access the Internet through this VPN connection, make an additional configuration from this article Internet access via WireGuard VPN.

Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.