Wireguard is faster and has a way smaller codebase than OpenVPN.
Many VPN providers use it primarily, while supporting both protocols.
The wiki on setting up Wireguard is really nice!
But the steps to add clients are manual, and I wonder if this is the only way to do it.
Is there a step from which on the following things can be done in LuCI?
I’m quite sure I added wg clients (peers) from Luci. I don’t have any OpenWRT at hand right now, but look more thoroughly, it is somewhere there.
I did the first steps, installed the packages and setup the keys.
Will see if it already shows up
There’s also an accompanying package luci-app-wireguard (or a similar name). That should add the GUI in luci.
Some VPN providers even allow export, like text formatted, in such a way that if one copy-paste it into: Interface - Wireguard interface - Edit - Import conf./Load conf it will prepopulate many fields.
The Interface must be added first.
This is so far easiest step by step guide IMO.
Just remember ‘Configuring a Kill-switch (optional)’ will not allow you to further specify any traffic outside of VPN - but may be desirable if all traffic should go through the VPN.
And as for DNS - in reForis you can specify DNS provider having maybe more control from what can VPN offer to you (as example Mullvad DNS, here is the source for it) and it won’t be all traffic information ending with one provider.
And it’s worth it installing ‘Watchcat’ as this can ping some host - may it be DNS you are using - and based on response, if missing, restart the interface/device.
Sometimes connection drop despite keep alive option and thus it’s not necessary to log in and do it manually.
Installing packages ‘luci-proto-package_X’ will install usually LuCI, translation, and the actual service. If you install service standalone, it won’t show itself in LuCI.
These manuals seems ok for me:
https://openwrt.org/docs/guide-user/services/vpn/wireguard/start