Setting up AmneziaWG on a router with Keenetic OS

Make sure that the router has Keenetic OS version 4.2.0 or higher.


The Kill Switch feature helps block connections that bypass the VPN tunnel. Set up your router according to these instructions and the Kill Switch function will be activated.

Log in to the admin panel of the Keenetic router via 192.168.1.1. Save startup-config to be able to restore router settings.

Save startup-config on the router Keenetic


Make sure your version of Keenetic is compatible.

Click on the "Show components" button and install the Wireguard and DNS-over-HTTPS package. Update the router firmware if necessary.

Install Wireguard on the router Keenetic


In the section Subscriptions download AmneziaWG configs.

Download AmneziaWG configs


Select a VPN connection and upload the config (for example, France.conf) to the Keenetic router.

Import Wireguard config on the Keenetic router


Click on the new connection to edit.

Edit Wireguard config on the Keenetic router


Mark the box and save.

Use Wireguard on the Keenetic router to access the Internet


At the command line, enter the command show interface and search for the name of the connection (for example, France). Find out the interface-name (for example, Wireguard0).

Find out the name of the Wireguard interface on the Keenetic router


Look in the selected config (for example, France.conf) for the parameters Jc, Jmin, Jmax, S1, S2, H1, H2, H3, H4 and enter them separated by a space indicating the interface name. For example:

interface Wireguard0 wireguard asc 7 8 80 20 90 646 8689 467688 2356578

Enter AmneziaWG parameters on the Keenetic router


Enter the command to save the Keenetic configuration.

system configuration save

Save the AmneziaWG configuration on the Keenetic router


Turn on AmneziaWG VPN.

Enable AmneziaWG VPN on the Keenetic router


Disable your ISP's DNS to avoid DNS leaks.

Disable DNS leaks for AmneziaWG on Keenetic router


Add secure DNS.

Add secure DNS for AmneziaWG on the Keenetic router


Enter the DNS-over-HTTPS server address:

https://1.1.1.1/dns-query

Connect a secure DNS server for AmneziaWG on the Keenetic router


Add a VPN Internet access policy.

Добавить политику доступа в Интернет для AmneziaWG на роутере Keenetic


Click on VPN Policy.

Next, drag the VPN connection (for example, France) to the top of the list and check the box. This item helps activate the Kill Switch function. It is important that there is no checkbox on the Ethernet connection.

AmneziaWG VPN с функцией Kill Switch на роутере Keenetic


Check the list of active clients.

You can manage both registered and unregistered clients. For each segment, you can set your own traffic routing rules (use VPN or not). To register, you need to click on the client and register him.

List of clients on the Keenetic router


Set connection priorities for clients.

Home and Guest network includes all unregistered clients. Registered clients are marked in light green.

Drag the desired clients to the VPN tab (for example, a computer named Home network and all unregistered clients in the Home segment).

AmneziaWG connection priorities on the Keenetic router


Click on the VPN tab and check that the required clients have been added.

All traffic for the specified clients will go through AmneziaWG VPN.

List of clients for AmneziaWG on the Keenetic router



IP leaks through IPv6 Protocol

If your Internet provider uses IPv6 addresses, then traffic leakage through this protocol is possible.

If necessary, you can disable IPv6 support for Ethernet connections.

Disabling IPv6 addresses for Ethernet connections on the Keenetic router


If necessary, you can disable IPv6 support for your home WiFi network.

Disabling IPv6 addresses for WiFi connections on the Keenetic router





Ask your question