I tried a bit and got it also working on a Kong build, though it is a bit hacky and you cannot edit the settings via web if but that is not so important for me.
Would be nice if Kong would consider also include this in his builds but this is up to Kong
Besides a lib and the wireguard module/binary Kong build has already all needed lib/mudules/scripts. I extracted them of one of Brainslayers builds and added them via scp
If someone is interested i can write a short howto.
I've been trying to get this working but I'm stuck. Please offer some insight if you can. I've been running Kong 36000M for sometime and it seems that the wg binaries simply aren't there and I don't see them in opkg.
I did try the latest BS build (36596) which at least did have the wg binary but I also ran into issues there.
First I tried to follow the wireguard instructions verbatim with
Code:
ip link add dev wg0 type wireguard
but got a response of
Code:
ip: RTNETLINK answers: Not supported
with the busy boxy ip command and the full one from Kongs opkg.
Assuming that the oet1 tunnel I set on the Tunnels tab of networking was what I needed, I then tried to do the config.
Code:
wg setconf wg0 myconfig.conf
I got an error parsing configuration, even though this is the same config file that I used on my android device that worked fine.
Code:
[Interface]
PrivateKey = MYPRIVATEKEY=
Address = 10.XX.XX.XX/32
DNS = 172.XX.XX.XX
I also tried manually setting the configuration with setconf but also failed. The command is below with the person info masked.
Code:
wg set oet1 listen-port 51820 private-key MYPRIVATEKEY= peer MYPUBLICKEY= allowed-ips 0.0.0.0/0, ::/0 endpoint XX.XX.XX.XX:51820
Please advise, I'd really like to get this working.
As an aside, Kong does any one do Mega builds anymore, I know I usually yours, but even for BS I've only seen one version of the FW lately. I reverted back to 36000M since I seemed to be having wireless drops with the latest BS build. I'm going to try Kongs 36440 to see if have better luck there.
I've been trying to get this working but I'm stuck. Please offer some insight if you can. I've been running Kong 36000M for sometime and it seems that the wg binaries simply aren't there and I don't see them in opkg.
I did try the latest BS build (36596) which at least did have the wg binary but I also ran into issues there.
First I tried to follow the wireguard instructions verbatim with
Code:
ip link add dev wg0 type wireguard
but got a response of
Code:
ip: RTNETLINK answers: Not supported
with the busy boxy ip command and the full one from Kongs opkg.
Type this command before you run any other wireguard related commands:
Code:
modprobe wireguard
The wireguard kernel module has to be loaded before you can create a wireguard interface. You can also use the GUI to add a wireguard tunnel interface, and it'll automatically load the kernel module.
Thanks for the assist quarky that helped me progress and learn alot but I feel like I'm missing a key point, i.e. how do I install wireguard on the Kong builds.
I tried pulling the openwrt sources found in the distfeeds.conf, and was able to get the modules in opkg. I had to install them (kmod-wireguard, wireguard, wireguard-tools) with '--force-depends' but no luck. For whatever reason I couldn't get the module loaded, though I have tried several variations.
Code:
root@nile:/opt/lib/modules/4.4.14# modprobe kmod-wireguard
modprobe: module kmod-wireguard not found
modprobe: failed to load module kmod-wireguard: No such file or directory
root@nile:/opt/lib/modules/4.4.14# ls
wireguard.ko
root@nile:/opt/lib/modules/4.4.14# modprobe wireguard
modprobe: module wireguard not found
modprobe: failed to load module wireguard: No such file or directory
Code:
root@nile:/opt/lib/modules# insmod -v /opt/lib/modules/4.4.14/wireguard.ko
Using /opt/lib/modules/4.4.14/wireguard.ko
insmod: cannot insert '/opt/lib/modules/4.4.14/wireguard.ko': unknown symbol in module
Code:
root@nile:/opt/lib/modules/4.4.14# modprobe /opt/lib/modules/4.4.14/wireguard
modprobe: module /opt/lib/modules/4.4.14/wireguard not found
modprobe: failed to load module /opt/lib/modules/4.4.14/wireguard: No such file or directory
Code:
root@nile:/opt/lib/modules/4.4.14# modprobe /opt/lib/modules/4.4.14/wireguard.ko
modprobe: module /opt/lib/modules/4.4.14/wireguard.ko not found
modprobe: failed to load module /opt/lib/modules/4.4.14/wireguard.ko: No such file or directory
Later tonight, I'll try the latest BS build again after the kiddos go to bed. Although I'm hesitant to do it, since for the brief time I ran I had quite a few wireless disconnects but I didn't really investigate that.
2. place the files in correspondig path on your device:
since i have jffs with opkg active i place it in following dirs so that they are in PATH and LD_LIBRARY_PATH:
wg binary i placed in /opt/bin
libmnl.so* i placed in /opt/lib
wireguard.ko you can place where ever you want i choose /jffs/lib/modules/4.4.144/wireguard.ko
3. edit /etc/config/eop-tunnel.startup(/etc/ is also on jffs):
# number of tunnel my case only 1
nvram set oet_tunnels="1"
# if you want to use a preshared key set 1
nvram set oet1_usepsk0="0"
nvram set oet1_txq="1"
nvram set oet1_shaper="0"
nvram set oet1_rem0="0.0.0.0"
nvram set oet1_rem="192.168.90.1"
# pub key of local endpoint
nvram set oet1_public="<pub key>"
nvram set oet1_pt="0"
# set here the pre shared key if you want to use one
nvram set oet1_psk0=""
# proto 2 is wireguard
nvram set oet1_proto="2"
# private key of local endpoint
nvram set oet1_private="<priv key>"
# public port where wireguard tunnel is reachable
nvram set oet1_port="51821"
# number of peers
nvram set oet1_peers="1"
nvram set oet1_peerport0="51280"
nvram set oet1_peerkey0="<pub key of the 1st peer"
# netmask of the wireguard network
nvram set oet1_netmask="255.255.255.0"
nvram set oet1_nat="1"
nvram set oet1_multicast="0"
nvram set oet1_mtu="1500"
nvram set oet1_mssfix="0"
nvram set oet1_local="0.0.0.0"
nvram set oet1_ka0="0"
nvram set oet1_isolation="0"
# ipaddress of the endpoint on the dd-wrt device
nvram set oet1_ipaddr="10.200.100.1"
nvram set oet1_id="1"
nvram set oet1_hwaddr="00:00:00:00:00:00"
nvram set oet1_fragment="0"
nvram set oet1_endpoint0="0"
# for now leave the tunnel disabled
nvram set oet1_en="0"
nvram set oet1_dns_redirect="0"
nvram set oet1_dns_ipaddr="0.0.0.0"
nvram set oet1_comp="0"
# set bridge to 0 otherwise the iptables rules are not added
nvram set oet1_bridged="0"
# ipaddress of the peer
nvram set oet1_aip0="10.200.100.2/32"
# Commit variables
echo "Save variables to nvram"
nvram commit
execute the script to set the values
5. enable the tunnel and execute /etc/config/eop-tunnel.startup and /etc/config/eop-tunnel.firewall
Code:
nvram set oet1_en="1"
/etc/config/eop-tunnel.startup
/etc/config/eop-tunnel.firewall
6. confirm tunnel is up and firewall rules are added
Code:
root@dd-wrt ~ # wg show
interface: oet1
public key: < pub key >
private key: (hidden)
listening port: 51821
Joined: 29 May 2008 Posts: 243 Location: United Kingdom
Posted: Mon Sep 17, 2018 5:13 Post subject:
You dont need to set via commands as you can set this into the GUI at 192.168.1.1 under setup > tunnels.
This is a typical screenshot showing how to connect to a VPN/VPS/Dedicated usage using 185.84.6.1 as a example but if i open SSH on my home router i can traceroute and ping ok but the clients on 192.168.1.1-192.168.1.254 isnt sending traffic to the VPN and only sends traffic to the WAN.
DD-WRT v3.0-r36808M (36808M build)
root@HomeRouter:~# wg
interface: oet1
public key: XXXXXXXXXXXXXXXXXXXX
private key: (hidden)
listening port: 51840
peer: XXXXXXXXXXXXXXXXXXXXXXXXXXXX
endpoint: 185.84.6.1:51841
allowed ips: 0.0.0.0/0
latest handshake: 6 seconds ago
transfer: 184 B received, 668 B sent
persistent keepalive: every 25 seconds _________________ TP-Link TL-WDR3600 v1 [EU]: r36330 (07/16/18 )
D-Link DIR-615 D2 [EU]: r36330 (07/16/18 )
Mikrotik RB750r2 (OpenWrt 17.01.4)
EE BrightBox 1 aka A4001N (OpenWrt 17.01.4)
Sagemcom FAST@5364 (VDSL2,FTTC (Fibre to the Cabinet) Synced 65/17
So in all fairness - my first attempt borked my router and it went offline (because I thought I had to manually edit the firewall iptables). So simply hard reset and loaded the config before I started this process.
The only thing I had to do differently than your example was that the router and peer needed to be on the same subnet. So a /30 worked perfectly.
Next question: Anyone know how to add a manual route table to an android device?
Thanks so much - that screenshot needs to be on the Wiki.
Last edited by ak00 on Wed Sep 19, 2018 1:10; edited 2 times in total
Joined: 29 May 2008 Posts: 243 Location: United Kingdom
Posted: Tue Sep 25, 2018 20:09 Post subject:
Shinzu wrote:
to be clear: my mini howto is about enable wireguard on Kong builds, in this build is wireguard not included
Yeah thats correct some builds dont have this GUI but asked BS that he would include this on the tplink tl-wdr3600v1 model (builds afther 36154) however He WONT enable on 4MB flash chips though. _________________ TP-Link TL-WDR3600 v1 [EU]: r36330 (07/16/18 )
D-Link DIR-615 D2 [EU]: r36330 (07/16/18 )
Mikrotik RB750r2 (OpenWrt 17.01.4)
EE BrightBox 1 aka A4001N (OpenWrt 17.01.4)
Sagemcom FAST@5364 (VDSL2,FTTC (Fibre to the Cabinet) Synced 65/17
Joined: 08 May 2018 Posts: 14125 Location: Texas, USA
Posted: Tue Sep 25, 2018 21:01 Post subject:
liverpoolatnight wrote:
Shinzu wrote:
to be clear: my mini howto is about enable wireguard on Kong builds, in this build is wireguard not included
Yeah thats correct some builds dont have this GUI but asked BS that he would include this on the tplink tl-wdr3600v1 model (builds afther 36154) however He WONT enable on 4MB flash chips though.
There's so much crap missing or broken on builds for older devices and it just seems that it's either never dealt with or you might get lucky and it gets fixed within a (few) month(s). Can't really test features that aren't in the build....