Connecting to PenguinVPN using WireGuard and a ThinkPenguin mini wireless router

Please note: These are OLD instructions for up to the 1.5.15 release. You are advised to upgrade to the v6.x series or newer release and follow our newer instructions.

These directions have been thoroughly tested on a TPE-R1100, TPE-R1200 & TPE-R1300 mini wireless router & the TPE-R1400 mini gigabit routers running libreCMC v1.5.15 and PenguinVPN 2.0 with a WireGuard configuration (and many other releases as well). WireGuard is similar to OpenVPN, but newer and faster. PenguinVPN 2.0 is our privacy friendly VPN service that aims to protect your privacy and has support for WireGuard.

For those using a traditional modem/router upstream (ie not a USB connected 4G modem) we have archived a Wireguard VPN configuration to make setting up Wireguard on libreCMC routers easier. This shortens the directions a bit. With these directions on a fresh router you only have to tweak the configuration slightly in Luci's (the routers) web user interface:

For those using a USB 4G modem you'll have to follow the directions further down titled "These lengthier more complete directions explain how to setup the router from scratch rather than a default VPN configuration archive", as the shorter directions are geared at users with a traditional typical internet connection setup.

0. Download and save our default Wireguard VPN configuration archive somewhere and take note of its location for later use

Note: These two configurations below have been updated to protect against the TunnelVision / DHCP option 121 attacks on the WAN port:

For TPE-R1100, TPE-R1200 & TPE-R1300 models use: http://thinkpenguin.com/files/default-penguinvpn-config-wireguard-2024-0...

For the TPE-R1400 model use: http://thinkpenguin.com/files/new-penguinvpn-wireguard-configuration-tpe...

1. Sign up for PenguinVPN service at https://www.thinkpenguin.com/gnu-linux/penguinvpn-subscription-1-3-12-36...
2. Select an appropriate configuration, click the Add to cart button, and proceed to checkout
3. Wait for email containing configuration information (it may take a bit as this is a manual process)

4. Turn off wifi on your computer
5. Plug in an ethernet cable to the LAN port on your mini wireless router and the other end into a computer where you will be configuring your router from
6. Plug the power (micro USB cable) cable in on the mini wireless router and wait for the computer to show it's connected/activated/has an IP address
7. Open a browser (Firefox) and go to https://192.168.10.1/ (or if you have a 4G modem configuration https://192.168.8.1)
8. When you see a warning message "Warning: Potential Security Risk Ahead" (Firefox) click the "Advanced..." button, and then click "Accept the Risk and Continue" button
9. Click Login button (assuming you have not setup a 4G modem routers initially ship with no password so no password need be entered to login)

10. Go to System > Backup / Flash Firmware and under the Restore section click the Browse... button
11. Find the default-penguinvpn-config-wireguard-2024-05-24.tar.gz (for TPE-R1100, TPE-R1200 & TPE-R1300 models) or the new-penguinvpn-wireguard-configuration-tpe-r1400-2024-05-24.tar.gz (for the TPE-R1400 model) on your computer and click the Open button to continue
12. Now click the Upload archive... button
13. The router will take a few minutes to reboot, the System-rebooting... message will never go away though so don't rely on it, just disconnect and reconnect from the network using your computers network applet and if the router is booted you will see that the attempted connection is successful
14. Once you have re-established the network connection to the router open https://192.168.3.1 and login to the router again (the default password is now the word 'none')

15. Go to Network > Interfaces and click the Edit button next to where it says WIREGUARD

16. Refer back to the email containing the PenguinVPN Wireguard configuration information you previously receieved

17. Copy the PrivateKey from the .conf file into the Private Key box

18. In the IP Addresses box enter the Address from the conf file (example: 10.67.153.173/32) and then click the + button to add the IP

19. Do the same for the Public Key in the Peers section

Example: DYLCfAQO84kM3T+dUDOGfg+gbfpdf3lx1I2p3ig+fk=

Note: It ends with = and this should be included.

20. Copy the Endpoint = port into the Endpoint Port box (everything that comes after the : on the Endpoint = line)

21. Under the Additional field drop down select Preshared Key, then click the add button
22. Copy the PresharedKey from the configuration file to the Preshared Key box
23. Click Save & Apply button
24. Plug in an ethernet cable from the WAN port on the router to a modem or other upstream router with an internet connection
25. Go to System > Reboot and click Perform reboot button
26. From your computers network applet disconnect from the wired network and then after about a minute connect again.

Your computer and via your router should now be connected to the VPN. To test it we reccomend opening a browser and checking the location to verify you're connected through the VPN by going to https://infosniper.net

These lengthier more complete directions explain how to setup the router from scratch rather than a default VPN configuration archive

These directions have been thoroughly tested on a TPE-R1200, TPE-R1300, & TPE-R1400 mini wireless routers running libreCMC v1.5.10 and PenguinVPN with a WireGuard configuration (and many newer releases as well). WireGuard is similar to OpenVPN, but newer and faster. PenguinVPN is our privacy friendly VPN service that aims to protect your privacy and has support for WireGuard.

Please note that you will need to flash the latest release of libreCMC in order to install WireGuard packages from the libreCMC repository. The OEM images may already have WireGuard packages as of 1.5.10 so some steps below may not be required.

Note: If the links are broken below replace v1.5.10 with whatever the latest version of libreCMC is. You can find that out by visiting https://www.librecmc.org/:

The firmware image for TPE-R1200 is:

https://librecmc.org/librecmc/downloads/snapshots/v1.5.10/targets/ath79/...

The firmware for TPE-R1300 is:

https://librecmc.org/librecmc/downloads/snapshots/v1.5.10/targets/ath79/...

The firmware for future versions of the TPE-R1400 images can be found at:

https://librecmc.org/librecmc/downloads/snapshots/

0. Directions on flashing the above nor image are here (please note that the directions suggest flashing the OEM ISO version, but that will or may not work due to the need to install software from the libreCMC repository, utilize the image above instead): https://www.thinkpenguin.com/gnu-linux/vpn-mini-wireless-router-firmware...

1. Turn off wifi on your computer
2. Plug in an ethernet cable to the LAN port on your mini wireless router and the other end into a computer where you will be configuring your router from
3. Plug the power (micro USB cable) cable in on the mini wireless router and wait for the computer to show it's connected/activated/has an IP address
4. Open a browser (Firefox) and go to https://192.168.10.1/ (or if you have a 4G modem configuration https://192.168.8.1)
5. When you see a warning message "Warning: Potential Security Risk Ahead" (Firefox) click the "Advanced..." button, and then click "Accept the Risk and Continue" button
6. Click Login button (assuming you have not setup a 4G modem routers initially ship with no password so no password need be entered to login)
7. Go to System > Administration and set a password, click Save button, click Dismiss button, click Logout button, then log back in with new password
8. Go to Network > Interfaces
9. Click Edit button next to LAN
10. Set IPv4 box to 192.168.3.1
11. Click Save & Apply button
12. Wait for the Configuration has been rolled back! error message to appear and then click the Apply anyway button
13. Wait for the Device unreachable! message to appear and then disconnect and reconnect your ethernet connection on your computer followed by going to the new address for the router in your web browser https://192.168.3.1 and when you see a warning message "Warning: Potential Security Risk Ahead" (Firefox) click on the "Advanced..." button and then click "Accept the Risk and Continue" button
14. Enter your previously chosen password and click the Login button
15. Go to System > Software
16. Plug in ethernet cable from WAN on the router to a modem or other upstream router with an internet connection
Click Update lists.. button
17. When updates done click Dismiss button
18. Go to the Filter box and search for luci-proto-wireguard
19. Click the Install... button next to luci-proto-wireguard (under where it says Package name)
20. Click Install button to proceed
21. Click Dismiss button
22. Repeat steps 18-21, but replace luci-proto-wireguard with wireguard and then do it again with luci-app-wireguard
23. Go to Network > Interfaces
24. Click Add new interface button..
25. In Name of new interface box enter WireGuard
26. In Protocol of the new interface drop down select WireGuard VPN
27. Click the Submit button
28. Sign up for PenguinVPN service at https://www.thinkpenguin.com/gnu-linux/penguinvpn-subscription-1-6-and-1...
29. Select the appropriate configuration and then
30. Click the Add to cart button
31. Go to checkout
32. Make payment
33. Wait for email containing configuration information
34. Download the configuration information
35. Open it in a text editor
36. Go back to your router configuration tab with the new interface and WireGuard VPN configuration screen and enter the PrivateKey from the .conf file into the Private Key box.
37. In the IP Addresses box enter the Address from the conf file (example: 10.67.153.173/32) and then click the + button to add the IP
38. Click the Add button under the Peers section and do the same for the Public Key in the Peers section
39. In the Peers section do the same for Allowed IPs
40. In peers section make sure you have checked the Route Allowed IPs box
41. Copy the Endpoint = ip address (example: 185.216.33.114) into the Endpoint Host box
42. Copy the Endpoint = port into the Endpoint Port box (everything that comes after the : on the Endpoint = line)
43. Enter 15 into the Persistent Keep Alive box
44. Under the Additional field drop down select Preshared Key, then click the add button
45. Copy the PresharedKey from the configuration file to the Preshared Key box
46. Click Save & Apply button
47. Go to System > Reboot and click Perform reboot button
48. After the router reboots log back in and Go to Network > Firewall
49. Click Add button at bottom
50. In the Name box enter VPN
51. In the Input, Output, and Forward box select Accept
52. Check the boxes that say Masquerading and MSS clamping
53. Under Covered networks select WireGuard:
54. Under Allow forward from source zones: select lan: lan:
55. Click Save & Apply button
56. Go to Network > Interfaces and Click the Edit button next to WIREGUARD
57. Make sure the box that says Bring up on boot is checked
58. Click Save & Apply
59. Go to Network > Firewall
60. Under Zones click Edit button next to lan > wan VPN
61. Remove wan: wan: wan6 from Allowed forward to destination zones: drop down
62. Click Save & Apply button
63. For security lets clean up: go to Network > Interfaces and remove the WAN that has Protocol: DHCPv6 client next to it.
64. Click Delete button to remove
65. Click Save & Apply button
66. Go to Network > Interfaces and next to LAN click the Edit button
67. Copy the DNS from the .conf file and paste it into the Use custom DNS servers box and click the + arrow to add
68. Under IPv6 assignment length select disabled
69. Under the DHCP Sever section go to the IPv6 Settings and select disabled in the drop down for Router Advertisement-Service and DHCPv6-Service
70. Click Save & Apply button

(if you are using a 4G modem skip steps 71-76)

71. Go to Network > Interfaces
72. Click Edit button next to WAN
73. Click the Advanced Settings tab
74. Uncheck the box that says "Use DNS servers advertised by peer"
75. Enter 8.8.8.8 or some other DNS server of your preference
76. Click Save & Apply button

77. Go to System > Reboot and click the Perform reboot button

78. From the network applet on your computer disconnect from the net work re-connect

After the router has rebooted you can now go to infosniper.net and it should appear that you are coming from a location other than the city/state/country where you actually are connecting from.

78. Now you probably want to setup wireless so go to Network > Wireless and click the Edit button next to where it says SSID: libreCMC
78b. Click the Enable button in Network > Wireless next to where it now says libreCMC-VPN (if that is the name of the SSID that you chose)
79. Scroll down to the Interface Configuration section and enter a ESSID into the ESSID box like libreCMC-VPN
80. Go to the Wireless Security tab and under Encryption select WPA2-PSK
81. In the Key box enter a password (this is the password you will utilize to access the VPN through your new libreCMC-VPN wireless access point)
82. Click Save & Apply button
83. On the computer disconnect your wired connection and select the new libreCMC-VPN access point that appears

You should now be able to visit infosniper.net again and see that others think you are located or coming from somewhere that you are not