Setting up a separate WiFi network on Keenetic routers with an external connection via WireGuard
Introduction
Lately, I've been getting questions like “what can I do to get YouTube working again on my (not-so-smart) TV?” on a depressingly regular basis. If we limit ourselves to the purely technical aspects of the problem, then on the fairly common Keenetic home routers, it is possible to solve the problem with a mouse-menu.
In general, the entire instruction boils down to the phrase “raise the connection from the WireGuard router SOMEWHERE and setting up a separate WiFi network with this WireGuard as an external connection”, but often those asking would like to see boring step-by-step instructions.
In order not to multiply entities, I have prepared an article with step-by-step instructions.
(In general, compared to scratching posts, it is quite a technical material, although very simple :)))
Prerequisites
First of all, you need to understand where exactly you are going to connect.
The external WireGuard server MUST ALREADY be configured (by you or the person providing the service to you) and you must have a WireGuard configuration file for the client (for example – wg1.conf)
You should remember/find/look at the bottom of the router for its admin password (no – this is not the WiFi password 🙂
We install the necessary components in the system
We connect via the web interface to your home router with the admin password.
Go to Management – System Setting
Go to “Component”
Find “WireGuard VPN” and check the box.
The system is installing this component.
And, if necessary, reboots.
Create a Wireguard connection
In the left menu, go to – Internet – Other Connections
If everything was done correctly in the previous step, the menu item “WireGuard” should be visible.
Select “Import from a file”
Specify the path to the configuration file that was mentioned in the “prerequisites” (for example – wg1.conf)
The wg1 connection will be created
Go to the settings of this connection (simply by clicking on it)
Be sure to check the box “Use for accessing the Internet”
And add “Peer name” (for example – wg1a)
Click Save
Returning to the “Other connection” section, we activate this new wg1 connection
A green light should appear next to the name in the Peer field (aha – the taxi is free 🙂
We make politics 🙂
Go to the main menu in Internet – “Connection Policies”
And in the section that appears “Policy Configuration” click the cross “+Add policy”
Let's give the newly created policy a name
“For example – “Wg1-pol”
And we bind the previously created WireGuard connection wg1 to it
Click Save
Creating a home network segment
Go to the main (left) menu in “My Networks and Wi-Fi” – “Home segment”
And we create a new segment
Let's call it, for example, WgSegment
If the TV is connected via WiFi (which is not very good, but I understand – repairs, cable not laid on time, and all that), then we turn on WiFi in this segment.
We give a name to the wireless network (SSID) for this WiFi, WPA2-PSK (if the TV can do WPA3, it’s better), we set a password (COMPLETE! 🙂
If the TV (or other consumers of our WireGuard) are connected via cable, scroll further and configure the Ethernet port on the Keenetic, which will throw all those connected to it into WireGuard
Select the port and check the box “Belong to segment”
The rest of the ports should remain with dashes “Doesn't belong to segment”
Check what you have configured and click Save
Accordingly, if the TV is connected via cable, it should automatically switch to work via WireGuard
If via WiFi, you need to reconfigure it to a new WiFi network.
Afterword
The setup was performed for firmware version 4.17
With all sorts of interesting more modern protocols like X2Ray/Vless, simple setup (by clicking the mouse), at least with the current version of firmware for Keenetic, is not possible.