How to set up WireGuard® on a DD-WRT router

In this article, you will learn how to set up DD-WRT VPN using a WireGuard® connection on your DD-WRT firmware router.


To proceed, you need to have DD-WRT build of 43045 or higher and an active Surfshark subscription. You can find the available plans on Surfshark’s pricing page.


Here are the steps we will go through:

  1. Get your key pair
  2. I have a key pair
  3. I don't have a key pair
  4. Choose a Surfshark server
  5. Configure WireGuard
  6. Ensure your connection is successful

Get your key pair

There are two ways we can go from here. You might have generated a key pair, and you'll be able to use it. Or, we will have to generate one.

If you have a key pair already, continue the tutorial as usual. If you do not, you should move on to the I don’t have a key pair section.

I have a key pair

  1. Go to Surfshark's login page and log in. Then, visit VPN > Manual setup. Choose the Router option and click on WireGuard.

  2. In the next window, click on I have a key pair.

  3. Name your key pair and click Next.

  4. Enter your public key and hit Save.

I don't have a key pair

  1. Go to Surfshark's login page and log in. Then, visit VPN > Manual setup. Choose the Router option and click on WireGuard.

  2. In the next window, click on I don't have a key pair.

  3. Name your new key pair.

  4. Click on Generate a new key pair.

    NOTE: Copy and store the generated key pairs on your device. You will not be able to check them here again.


Choose a Surfshark server

Once you have your key pair, you should see a Choose a location button. Click on it. Here, you'll find the list of available locations to connect to. Select one and hit the download button.


Configure WireGuard


  1. Open the control panel of your router. You can reach it by entering the IP address of your router into the URL bar in your browser.

    Most often, this IP address is used to reach the DD-WRT router:

  2. Once you log into the router panel, go to the Setup tab and select Tunnels. Click on Add Tunnel.

  3. Click on Enable next to the Tunnel setting, and select WireGuard as your protocol. Once selected, click Save.

  4. First, paste the Private Key (refer to Get your key pair sections in this article). Then, fill in the following information:

    DNS Servers via Tunnel:,
    Firewall inbound: Check
    Kill Switch: Check
    Listen port: 51820
    MTU: 1420


  5. Click on Add Peer and fill in the following information:
    Endpoint: Enable
    Endpoint Address: Enter the address of the Surfshark server (refer to Choose a Surfshark server section in this article)
    Allowed IPs:
    Persistent Keepalive: 30
    Use Pre-shared Key: Disable
    Peer Public Key: Enter your public key (refer to Get your key pair sections in this article)


  6. Hit Apply Settings and Save.


Ensure the connection is successful


We always recommend checking if Surfshark VPN is working after setting it up for the first time. You can easily do it by performing Surfshark IP leak test and a DNS leak test. For your convenience, both are available on our website.

You may also be interested in:

Was this article helpful?
Thank you for your feedback!