Configuring a DD-WRT router with a Hide.me WireGuard static IP offers enhanced privacy and control. This guide details the necessary steps for setting up the connection.
Active Hide.me subscription with static IP enabled.
DD-WRT router with WireGuard support.
Basic understanding of DD-WRT interface.
Retrieve WireGuard Configuration: Obtain your WireGuard configuration file (.conf) from the Hide.me website. Ensure it's the correct file for your static IP.
DD-WRT Interface: Access your DD-WRT router's web interface. Navigate to the WireGuard settings (usually under "Services" or "VPN").
Interface Setup:
Enable WireGuard: Check the "Enable" box.
Interface Name: Enter a name (e.g., wg0).
Listen Port: Use the port specified in your Hide.me configuration file (e.g., 51820).
Private Key: Copy the private key from your .conf file.
IP Address: Assign an unused local IP address to the WireGuard interface (e.g., 10.66.66.2/32). This address is internal to the router.
Peer Configuration:
Public Key: Copy the public key from the Hide.me .conf file.
Allowed IPs: Set to 0.0.0.0/0 to route all traffic through the VPN.
Endpoint: Enter the Hide.me WireGuard server address and port from your .conf file (e.g., fra-wga-001.hide.me:51820).
Persistent Keepalive: Set to 25 to maintain the connection.
Firewall Rules (using iptables): Add the following rules via DD-WRT's web interface, under "Administration" -> "Commands" -> "Startup".
iptables -I FORWARD -i wg0 -j ACCEPT
iptables -I FORWARD -o wg0 -j ACCEPT
iptables -t nat -I POSTROUTING -o wg0 -j MASQUERADE
iptables -I INPUT -i wg0 -j ACCEPT
DNS Configuration:
Static DNS 1 & 2: Set to Hide.me's DNS servers or other preferred DNS servers for privacy (e.g., 1.1.1.1, 1.0.0.1). Configure these in the DD-WRT web interface under "Setup" -> "Basic Setup".
Disable "Use DNSMasq for DNS" to avoid DNS leaks.
Save and Apply: Save all settings and reboot your router.
IP Address Verification: After rebooting, check your public IP address to confirm it matches the Hide.me static IP. Use a website like ipinfo.io.
DNS Leak Test: Perform a DNS leak test to ensure your DNS requests are routed through the VPN.
Incorrect Keys: Double-check the public and private keys. Typos are common.
Firewall Issues: Ensure the iptables rules are correctly entered to allow traffic through the wg0 interface.
MTU Issues: If you experience connection problems, try reducing the MTU value on the WireGuard interface (e.g., 1420).
Hide.me subscription active and static IP enabled.
WireGuard configuration file downloaded.
WireGuard interface configured in DD-WRT.
Peer configuration details entered correctly.
iptables rules added.
DNS settings configured.
Public IP address verified.
DNS leak test performed.