How to set up a Secure Cloud Gateway using OpenWRT, Wireguard, Adguard, Tor & Ubuntu 20.04

Inspired by this portable secure gateway, I set up my own secure cloud gateway.

Using these three services, Wireguard VPN, Adguard Home, and Tor Anonymizing Proxy. Although TOR doesn’t recommend using TOR in conjunction with VPN’s or proxies, I like this setup the best. For this to work you need a router that can support Wireguard. I use a Netgear r6220 with the Linux based open source router OS, Openwrt. You can easily use any computer that runs Ubuntu instead.
The router I used:…

Configure your local router

Flash OpenWRT
Set Password
Set LAN subnet
Set Static DHCP lease for desktop
Set name and password for both Wifi Networks
Set Adguard DNS:, on wan interface.

Update software lists..
Install nano, curl, ca-bundle, wireguard, etc..

opkg update
opkg install nano curl ca-bundle luci-app-wireguard


Set up Wireguard on your router with the below guide:…

Ignore the AzireVPN specific parts.



A the end of the guide it says you have to sync the time with the browser after every reboot, because the router does not have a real time clock (RTC). Wireguard needs the time to connect to the other endpoint. However, I found that if you leave the OpenWRT time in UTC, then it shouldn’t need you to do that.


After making all these changes my upload speeds were terribly slow. To fix this I had to change the MTU of Wireguard interface to 1360. Stop the interface before changing the MTU I think Maybe because I use AT&T 4G which I think has a MTU of 1420.

QOS (SQM – Smart Queue management)


Even if you have nice low latency, low jitter, and high bandwitch up and down you can still experience slow internet. Especially if you do any uploading. Some people call this “buffer bloat”. SQM can mitigate that by managing your traffic to not saturate your upload or download.
You can test your buffer bloat here:…

opkg update && opkg install luci-app-sqm

Play with Download and Upload values until you get good speeds with no buffer bloat.

Configure your cloud server

I used Ubuntu 20.04 for my cloud server.

Follow the above guide.

Results: Over VPN with SQM.

The below needs more testing and fleshing out…

AdGuardHome (Optional)

Just using the AdGuard DNS is sufficient for most people, but if you’d like more control over your block lists, you can also install Adguard Home to either the Router, or the cloud gateway.

Gateway: For the gateway it can be done by using the below instructions, but I didnt have luck with the snap. This should let you configure the DNS lists locally.…

sudo snap install adguard-home



Adding Tor to the Cloud gateway, or the local router.

To be continued………

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.