Connecting to a WireGuard VPN from Android
Starting from KeeneticOS version 3.3
, you can use WireGuard VPN to connect to the local network of the Keenetic router remotely.
First, you need to configure the WireGuard server on the Keenetic device. The following instruction shows the process: 'Configuring a WireGuard VPN between two Keenetic routers'. Then move on to the VPN client setup.
Important
If you want to configure a Keenetic router as a VPN server, make sure that it has a public IP address, and when using the KeenDNS service, that it works in the 'Direct access' mode. If any of these conditions are not met, connecting to such a server from the Internet will be impossible.
Below is an example of connecting to a server from a smartphone running the Android operating system.
To connect to the Keenetic WireGuard server on your Android mobile device, you can use the free application WireGuard.
But you can also use other applications that support WireGuard VPN, for example, VPN Client Pro.
Install the WireGuard client, find the WireGuard shortcut on the desktop, or search and launch it.
The main program window will open. In the lower right corner of the screen, click on the '+' icon to configure the WireGuard client on your phone. Then click on 'Create from scratch'.
Configuring the WireGuard client on your phone.
In the 'Name' field, enter a name for the connection, for example, '
Keenetic-C
' (you can specify any name you like).Go on to the creation of the Private and Public keys. Click on the symbol to generate a pair of keys. Save the Public key value for future use. You'll need it in the next steps.
Set the IP address in the 'Addresses' field of the WireGuard client in IP/bitmask format —
172.16.82.4/24
(internal tunnel address). It is possible to use a different subnet, choosing it from the private address range and avoiding overlapping with other subnets configured on these devices.Save the settings by clicking on the floppy disk icon in the upper right corner of the screen.
If you haven't already configured the WireGuard server, do it according to the following instructions: Configuring WireGuard VPN between two Keenetic routers.
After that, in the settings of the WireGuard connection created in the previous step, click 'Add peer'. A form with peer settings will open. Specify the name of the tunnel '
Keenetic-C
'.In the 'Public Key' field, specify the key that was generated earlier in step 3 of this article.
In the 'Allowed IPs' fields, specify the address from which traffic will be allowed to the server in IP/bitmask format —
172.16.82.4/32
.In the 'Persistent keepalive' field, specify the frequency of attempts to check the remote connection side's availability. Usually, a
10-15
second interval between checks is sufficient. By default, the 'Persistent keepalive' value in peer settings is30
seconds.Click 'Save'.
On the same WireGuard connection settings page, copy the previously generated server public key to the phone clipboard by clicking on 'Copy public key to clipboard' (you will need it in the next step).
Go back to the WireGuard client settings on your phone.
Click on 'Add Peer' and add a connection to the WireGuard server.
In the 'Public key' field, insert the server key that was saved in the previous step.
In the 'Allowed IPs' field, enter the allowed IP addresses in IP/bitmask format —
172.16.82.1/32
(internal server address) and192.168.22.0/24
(local segment address of the Keenetic router).In the 'Endpoint' field, enter the public IP address or domain name of the WireGuard server and the listening port on which the WireGuard client will set the connection.
Save the settings by clicking on the floppy disk icon in the upper right corner of the screen.
Enable the WireGuard server on the Keenetic router and WireGuard client on your smartphone, and check server availability on the client side.
Once enabled, if the configuration is correct, the server's web interface will be available. In our example, it is a Keenetic router with the IP address
192.168.22.1
.To check the server's availability, you can send ICMP packets to an IP address, for example, using the program PingTools Network Utilities.
The setup is complete.
If you want to allow the connected clients to access the Internet through this VPN connection, make an additional configuration from this article Internet access via WireGuard VPN.