Idiot's Guide to Configuring Wireguard - Client Tunnel

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking
Goto page Previous  1, 2
Author Message
Hellakenut
DD-WRT Novice


Joined: 22 Mar 2019
Posts: 17
Location: Gamma Quadrant

PostPosted: Thu May 09, 2019 2:51    Post subject: Reply with quote
kooper2013 wrote:

I'm getting always
sh: eval: line 6: syntax error: unexpected "(" (expecting "do")
when I try to run your script. What's the problem? All () seem to be correct...

~~

I'm trying to get wireguard as client running since days (Mullvad, Asus AC87U, bs r39654 currently). I know all this is kind of beta, but I always end up seeing my DSL-providers IP, never Mullvad's. I tried a lot of permutations, of various firewall-seetings, start/custom scripts, with and without.

The pain starts with syslog: Even if the 'Peer Public key' is forcedly wrong, I get
Jan 1 00:00:17 main kern.info kernel: wireguard: WireGuard 0.0.20190406 loaded. See www.wireguard.com for information.
Jan 1 00:00:17 main kern.info kernel: wireguard: Copyright (C) 2015-2019 Jason A. Donenfeld . All Rights Reserved.
Jan 1 00:00:17 main kern.info kernel: wireguard: packed headroom 128, message minimum length 32
Jan 1 00:00:17 main user.info root: Enable WireGuard interface oet1 on port 51820
Jan 1 00:00:18 main user.info root: Establish WireGuard tunnel with peer endpoint 31.7.59.xxx:51820
Jan 1 00:00:18 main kern.info kernel: device oet1 entered promiscuous mode

~~
Also,
ip route get 8.8.8.8
will only show
8.8.8.8 via 192.168.2.1 dev br0 src 192.168.2.100
which seems to be wrong, as it should state vlan2 or eth... (.1 is my DSL modem, .100 is the DD-WRT AP with wireguard).

What could possible be wrong? Something left over from OpenVPN settings? I really don't get it. And I don't like to set up my router from scratch.

All this is a big PITA, far from the 'easiest tunnel ever'...


When you run nvram get wan_iface OR nvram get wan_ifname in the terminal, what do you get? That should show you what your default WAN interface is according to your build and regardless of your current setup. You can then plug that information in the portion of the script that asks for your WAN interface (the variable $WANIF). So assuming your result is vlan2, your variable should be corrected to WANIF="vlan2" (keep the quotations).

I realize now that using ip route get is not particularly reliable if people are starting this guide with a preexisting setup that's not utilizing DD-WRT's default settings. Which is why I made the looping script that would attempt to grab that information automatically. Clearly I gotta get back to the drawing board!

Also, I second what MesMurized said. I spent a few hours just dinking around with my script's format alone because BusyBox is really wishy-washy with the supported Bash syntax, so thanks for spotting if I need to add spaces anywhere or tweak some things.

And I also agree that this process comes off as a giant PITA. I was on that boat before I got any of this crap working, haha.

Audia3, thanks for this! As a heads up. I was looking into your issue and tethered my Android phone to my router. Main difference is my interface was called usb0 instead of iph0, and when I call nvram get wan_proto in the terminal, my result is always "dhcp" when I'm tethered. So there is definitely some discrepancy with phone tethering that I need to account for. I'll make sure to mention all of this and append the guide with more information for people using this sort of setup. In any case, glad you came up with something that fixed your scenario. I'm still trying to find a well rounded way that checks what interface DD-WRT is receiving internet from, but there is no easy, reliable way to do that (at least from what I've found). So for now, I'll make sure to account for possible changes needed to the script.

Thank you all for the feedback!!
Sponsor
kooper2013
DD-WRT User


Joined: 10 Jan 2013
Posts: 59
Location: DE

PostPosted: Thu May 09, 2019 19:42    Post subject: Reply with quote
Hellakenut wrote:


When you run nvram get wan_iface OR nvram get wan_ifname in the terminal, what do you get? That should show you what your default WAN interface is according to your build and regardless of your current setup. You can then plug that information in the portion of the script that asks for your WAN interface (the variable $WANIF). So assuming your result is vlan2, your variable should be corrected to WANIF="vlan2" (keep the quotations).

I realize now that using ip route get is not particularly reliable if people are starting this guide with a preexisting setup that's not utilizing DD-WRT's default settings. Which is why I made the looping script that would attempt to grab that information automatically. Clearly I gotta get back to the drawing board!

Also, I second what MesMurized said. I spent a few hours just dinking around with my script's format alone because BusyBox is really wishy-washy with the supported Bash syntax, so thanks for spotting if I need to add spaces anywhere or tweak some things.

And I also agree that this process comes off as a giant PITA. I was on that boat before I got any of this crap working, haha.

Audia3, thanks for this! As a heads up. I was looking into your issue and tethered my Android phone to my router. Main difference is my interface was called usb0 instead of iph0, and when I call nvram get wan_proto in the terminal, my result is always "dhcp" when I'm tethered. So there is definitely some discrepancy with phone tethering that I need to account for. I'll make sure to mention all of this and append the guide with more information for people using this sort of setup. In any case, glad you came up with something that fixed your scenario. I'm still trying to find a well rounded way that checks what interface DD-WRT is receiving internet from, but there is no easy, reliable way to do that (at least from what I've found). So for now, I'll make sure to account for possible changes needed to the script.

Thank you all for the feedback!!


Thanks for your replies, @hellakenut and @MesMurized!

I'm not any step forward, unfortunately.

/usr/sbin/nvram get wan_iface nor nvram get wan_ifname return anything. But
wan_ifname2=vlan2
is defined. No idea why.

Maybe this is some culprit:
nvram get wan_proto=disabled

Other vars oet1_:
oet1_peerport0=51820
oet1_mcast=1
oet1_rem0=[correct IP assigned to me by Mullvad]
oet1_endpoint0=1
oet1_rem=192.168.90.1 [no idea why that is set, my private net is 192.168.2.x, active DHCP-server on this router]
oet1_private=[private key]
oet1_peers=1
oet1_multicast=0
oet1_bridged=1
oet1_ka0=25size: 39793 bytes (25743 left)
oet1_mtu=1500
oet1_netmask=255.255.255.255
oet1_en=1
oet1_mtik=0
oet1_dns_ipaddr=0.0.0.0
oet1_psk0=[don't know what key that is]
oet1_isolation=0
oet1_port=51820
oet1_dns_redirect=0
oet1_ip0=0.0.0.0
oet1_dns0=8.8.8.8 [should work]
oet1_hwaddr=00:00:00:00:00:00
oet1_peerkey0=[peer public key]
oet1_pt=0
oet1_proto=2
oet1_id=1
oet1_label=
oet1_mssfix=0
oet1_aip0=0.0.0.0/0
oet1_usepsk0=0
oet1_ipaddr=10.99.66.44 [correct]
oet1_shaper=0
oet1_public=[local public key]
oet1_local=0.0.0.0
oet1_txq=1
oet1_comp=0
bat_oet1_bridge=br0

For the script, also whitespaces between ( and command, eg.
WGPROC=$( wg )
don't help. Also
while true
instead of
while :
doesn't help, same messsage. This is on BusyBox v1.30.1 (2019-05-03 08:44:26 CEST) built-in shell (ash) of now DD-WRT r39715 std using kernel 4.4.179 (bs, not kong). Router is my ASUS AC87U, configured as AP. Also from other sources I know that *sh commands are difficult to handle from version/version, router/router and what not. Another mess.

_________________
3xBuffalo WLI-H4-D1300
1xBuffalo WZR-D1800H
1xBuffalo WHR-HP-G300N
1xBuffalo WHR-1166D (stock f/w)
1xASUS RT-AC87U
1xTP710
Hellakenut
DD-WRT Novice


Joined: 22 Mar 2019
Posts: 17
Location: Gamma Quadrant

PostPosted: Sat May 11, 2019 5:37    Post subject: Reply with quote
Your router being setup as an access point is maybe why you have "wan_proto=disabled" showing up. Correct me if I'm wrong, but you have to set WAN Connection Type (under Setup > Basic Setup) to Disabled in order to configure an AP right? If so, that would explain why that variable comes up like that. When your AP is working the way it normally should, what comes up when you type "nvram get wanup"? You should get either a 1 or a 0. Better yet, what comes up when you type nvram show | grep wan in the terminal? Just trying to find clues.

Let me know the results. Also, since you don't get anything from running nvram get wan_iface or nvram get wan_ifname, try this altered script below. For troubleshooting purposes, I'd recommend keeping the sh /tmp/custom.sh line out of startup until we know you have the script working.

Code:
#!/bin/bash
while :
do
WGPROC=$(wg)
WGIF=$(ip route show gateway | grep -io oet1)
WGSERVER=$(/usr/sbin/nvram get oet1_rem0)
WANGWY=$(/usr/sbin/nvram get wan_gateway)
HOST=$(ip route | grep -E "($WGSERVER.*$WANGWY)")
if [ "$WGPROC" ]
then
echo "Wireguard is running. Checking routes..."
if [ ! "$WGIF" ] || [ ! "$HOST" ]
then
echo "Routes missing. Correcting..."
route add -host $WGSERVER gw $WANGWY dev vlan2
route del default
route add default dev oet1
ip route flush cache
echo "Done"
else
echo "Routes are correct"
fi
else
echo "Wireguard is not running"
fi
sleep 60
done


For the line "route add -host $WGSERVER gw $WANGWY dev vlan2" try replacing vlan2 with br0 just to see if that helps. Otherwise, the script may be getting caught up on WANGWY variable.

Last thing, you mentioned OpenVPN in your first post. I take it running OpenVPN works fine on your AP? If so, I'm curious what the routing tables look like for it as Wireguard shouldn't deviate too far from the format. Enable it, confirm it's working, and in a terminal run ip route && route and paste the results you get.
kooper2013
DD-WRT User


Joined: 10 Jan 2013
Posts: 59
Location: DE

PostPosted: Sat May 11, 2019 7:56    Post subject: Reply with quote
Thanks a lot, Hellakenut! Very Happy

Could not yet try the script, but results with OpenVPN are below. I'll report later what your script gives.


Right, WAN connection type is disabled.

nvram get wanup of course is 1 with OpenVPN.

nvram show | grep wan with OpenVPN:

size: 39268 bytes (26268 left)
wan_unit=0
wan_get_dns=
telnet_wanport=23
wan_lease=0
http_wanport=8080
wan_gateway=0.0.0.0
wan_hwname=
wan_domain=WZ
wan_netmask=0.0.0.0
wan_hwaddr_x=
wan_ifname2=vlan2
block_wan=0
dr_wan_rx=0
wan_dns=(2 DNS by NordVPN)
dhcp_wins=wan
wan_proto=disabled
wanup=1
lighttpd_wan=0
wan_hwaddr=9C:5C:8E:xx:xx:xx
clone_wan_mac=0
wan_default=vlan2
wan_ifnames=
dr_wan_tx=0
l2tp_wan_gateway=0.0.0.0
proftpd_wan=0
wan_primary=1
openvpn_onwan=1
wandevs=et1
dhcp_domain=wan
wan_dial=0
wan_gateway_buf=0.0.0.0
wan_vdsl=0
wan_iface=
upnp_wan_proto=
wan_ipaddr=0.0.0.0
wan_wins=0.0.0.0
wan_priority=0
wan0_hwaddr_x=
wan1_hwaddr_x=
wan_mtu=1500
pptp_wan_gateway=0.0.0.0
sshd_wanport=22
wan_get_domain=
wan_ifname=
wan0_hwaddr=9C:5C:8E:xx:xx:xx (same as wan_hwaddr...)
wan_hostname=main
ddns_wan_ip=1
wan_dualaccess=0
wan1_hwaddr=


ip route && route with OpenVPN:
0.0.0.0/1 via 10.8.8.1 dev tun1
default via 192.168.2.1 dev br0
10.8.8.0/24 dev tun1 scope link src 10.8.8.66
.... via 192.168.2.1 dev br0
.... via 192.168.2.1 dev br0
(my public VPN-IP) via 192.168.2.1 dev br0
127.0.0.0/8 dev lo scope link
128.0.0.0/1 via 10.8.8.1 dev tun1
169.254.39.0/24 dev br0 scope link src 169.254.39.65
.... via 192.168.2.1 dev br0
.... via 192.168.2.1 dev br0
.... via 192.168.2.1 dev br0
192.168.2.0/24 dev br0 scope link src 192.168.2.100
.... via 192.168.2.1 dev br0
.... via 192.168.2.1 dev br0
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.8.8.1 128.0.0.0 UG 0 0 0 tun1
default 192.168.2.1 0.0.0.0 UG 0 0 0 br0
10.8.8.0 * 255.255.255.0 U 0 0 0 tun1
.... 192.168.2.1 255.255.255.255 UGH 0 0 0 br0
.... 192.168.2.1 255.255.255.255 UGH 0 0 0 br0
(my public VPN-IP) 192.168.2.1 255.255.255.255 UGH 0 0 0 br0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
128.0.0.0 10.8.8.1 128.0.0.0 UG 0 0 0 tun1
169.254.39.0 * 255.255.255.0 U 0 0 0 br0
.... 192.168.2.1 255.255.255.255 UGH 0 0 0 br0
.... 192.168.2.1 255.255.255.255 UGH 0 0 0 br0
.... 192.168.2.1 255.255.255.255 UGH 0 0 0 br0
192.168.2.0 * 255.255.255.0 U 0 0 0 br0
.... 192.168.2.1 255.255.255.255 UGH 0 0 0 br0
.... 192.168.2.1 255.255.255.255 UGH 0 0 0 br0

External IPs replaced by ....
192.168.2.1 is my DSL router, 192.168.2.100 is the AP with DD-WRT.

_________________
3xBuffalo WLI-H4-D1300
1xBuffalo WZR-D1800H
1xBuffalo WHR-HP-G300N
1xBuffalo WHR-1166D (stock f/w)
1xASUS RT-AC87U
1xTP710
Hellakenut
DD-WRT Novice


Joined: 22 Mar 2019
Posts: 17
Location: Gamma Quadrant

PostPosted: Sun May 12, 2019 3:57    Post subject: Reply with quote
Hopefully made some progress here. Is your router configured in client bridge mode? If so, I set that up on my second router to try and recreate your scenario and this script got Wireguard working for me:

Code:
#!/bin/bash
while :
do
WGPROC=$(wg)
WGIF=$(ip route show gateway | grep -io oet1)
WGSERVER=$(/usr/sbin/nvram get oet1_rem0)
WANGWY=$(/usr/sbin/nvram get lan_gateway)
HOST=$(ip route | grep -E "($WGSERVER.*$WANGWY)")
if [ "$WGPROC" ]
then
echo "Wireguard is running. Checking routes..."
if [ ! "$WGIF" ] || [ ! "$HOST" ]
then
echo "Routes missing. Correcting..."
route add -host $WGSERVER gw $WANGWY dev br0
route del default
route add default dev oet1
ip route flush cache
echo "Done"
else
echo "Routes are correct"
fi
else
echo "Wireguard is not running"
fi
sleep 60
done


The key here being we need the gateway you assigned to your router to get internet from, which is on your LAN instead of your WAN port. In your case, the WANGWY variable should end up being set to 192.168.2.1 (your DSL router). Worst case, if running /usr/sbin/nvram get lan_gateway doesn't return your DSL router IP for some reason, we can just manually assign it to the variable. Replace the line in the script with this and try running it again:

Code:
WANGWY="192.168.2.1"
kooper2013
DD-WRT User


Joined: 10 Jan 2013
Posts: 59
Location: DE

PostPosted: Sun May 12, 2019 17:36    Post subject: Reply with quote
Hellakenut wrote:
Hopefully made some progress here. Is your router configured in client bridge mode? If so, I set that up on my second router to try and recreate your scenario and this script got Wireguard working for me:


This router is in AP mode.

AWESOME.


This is 95% of linespeed down, and 100% of upload (DSL 50/10MBit/s) using wg! Far better than OpenVPN, reaching only approx. 20% of linespeed up (NordVPN, which also never reached grade A+).

What I know so far:
Took the time and configured the router from scratch. Don't know if that helped at all.
I knew the keys were correct (using tunsafe on my iPhone and used the QR-code of Mullvad to get the config).
Currenty using the 1-line firewall on page 1 of this thread (firewall with killswitch doesn't seem to work).
Learnt that 'Run command' just doesn't work for the custom-script in the GUI. I had to run it from the shell!
I added the following to see what's going on after the first else:

Code:

...
else
echo "Routes are correct"
echo $WANGWY
echo $WGPROC
echo $WGIF
echo $WGSERVER
...


I could then see that some kB's of traffic were flowing. So the script was always working, but not from the GUI. Then I set Mullvad's DNS on Setup/Basic and there I am (8.8.8.8 is disappointing).

BTW, Mullvad allows to download configs for all servers in 1 ZIP.

BIG THANKS for your time!

_________________
3xBuffalo WLI-H4-D1300
1xBuffalo WZR-D1800H
1xBuffalo WHR-HP-G300N
1xBuffalo WHR-1166D (stock f/w)
1xASUS RT-AC87U
1xTP710
Hellakenut
DD-WRT Novice


Joined: 22 Mar 2019
Posts: 17
Location: Gamma Quadrant

PostPosted: Mon May 13, 2019 23:17    Post subject: Reply with quote
Ay, glad to hear you found the solution! Very Happy

I should have clarified if you were running commands through the DD-WRT UI or a Linux/Putty terminal. Yeah, definitely try and run commands solely through a terminal, especially for troubleshooting issues. I've gotten weird results or errors using the UI command box. I'll amend the guide to ensure people use a terminal over the UI.

As for the killswitch not working, I'll take a look into that and see what might be going on (iptables is a foreign beast to me that I have yet to scratch the surface on).

Happy Wireguarding!
marbius
DD-WRT Novice


Joined: 22 May 2019
Posts: 3

PostPosted: Wed May 22, 2019 8:59    Post subject: Reply with quote
Hi mate,

I've spend a couple of hours to get this working on a TP-link archer c8 V1 router, but it worked out eventually Very Happy

This DD-WRT version (Firmware: DD-WRT v3.0-r37305 std ( 10/10/18 ) does not support curl ssh commands, so for the putty commands I just had to put the command line in the windows command prompt and it gave me the IP.

All other steps worked like a charm. I went from a 30 mbit openvpn to a 120 (!) mbit (wireguard) connection (!).

Thanks for the guide!
marbius
DD-WRT Novice


Joined: 22 May 2019
Posts: 3

PostPosted: Wed Jun 19, 2019 13:15    Post subject: Reply with quote
Ok so a problem with the tunnel got to me while trying to install Steam to play some games on a PC (wired connection). It downloaded with a speed of 25 kb/s somehow. Somehow it slows a lot down on particular downloads from the interwebs.I'm on a working Mullvad wireguard server.

I had some time to play around to exclude some things:

-250mbit connection without the tunnel, so no firewall or card faulty settings
-tried different WG servers; problem persists
-WIFI connection has no problems with the tunnel! (on my laptop everything works), only the wired connection it seems to get selectively to 0.25 mbps on some downloads and speedtests. It looks like it prioritizes wifi over wired connection somehow, and there might be an additional firewall setting required in the router to allow this.
-Torrents have absolutely no problems in download/upload (max).
-some speed tests end up with socket error, some speed tests give me max result (150 mbps)






Hope someone could figure this out!

Best regards!

ps. as for the command settings, these one I got from another website to try out if this would fix my problem, but ti still persists.
=======================================================

The solution!: (20Jun2019)

-enabling QoS on port LAN/WLAN with default settings
Hellakenut
DD-WRT Novice


Joined: 22 Mar 2019
Posts: 17
Location: Gamma Quadrant

PostPosted: Thu Jun 20, 2019 23:52    Post subject: Reply with quote
marbius wrote:
The solution!: (20Jun2019)

-enabling QoS on port LAN/WLAN with default settings


Great! Very Happy Here's hoping your performance lasts this time, haha. That's odd how your wifi had priority over lan. I wonder why that may have been the case. Maybe the DD-WRT build? Hmm.

As for the commands, you got me curious where they were from (eibgrad mentioned making a .wanup script a while ago, so I thought he maybe had something on pastebin) and I noticed IVPN now has a guide for Wireguard on DD-WRT routers and they actually adapted the code in this guide for theirs. Even the variables have the same names! Laughing

If this guide can get more VPN providers to look into Wireguard for DD-WRT and make their own tailored guides, then that's a win in my book. Mullvad, I'm looking at you now...
marbius
DD-WRT Novice


Joined: 22 May 2019
Posts: 3

PostPosted: Fri Jun 21, 2019 5:46    Post subject: Reply with quote
The command list I got from the IVPN website indeed, as I got some problems with some of the returns of some local vram commands. As for mullvad, I informed them about the guide and my problems, so they are certainly aware of this and it is on their list to add to their guides. Rolling Eyes Great stuff indeed, seems to be stable at my end, thanks alot!
Opinawa
DD-WRT Novice


Joined: 16 Jul 2019
Posts: 1

PostPosted: Tue Jul 16, 2019 15:38    Post subject: Reply with quote
Thank you all for delivering this great guide! With it, I managed to set up my dd-wrt router as a VPN gateway for Mullvad.

However, I would also like to use the same router as a "Wireguard-Server" to reach my home network via a private-VPN. Before setting up the second tunnel for Mullvad, this was already working, but I assume the default route for the Mullvad tunnel broke it. Or maybe I am missing some firewall setting?

How would I have to change the setup to have both tunnels working properly on the same router?

A few facts about my setup that might help debugging (I'll gladly add more info upon request):

- Netgear R7000 running DD-WRT v3.0-r40276 std (07/12/19)
- WAN disabled, Router is just a client in my network, IP: 192.168.178.2
- Home-Network-IPs: 192.168.178.0 (main router IP: 192.168.178.1)
- Private-VPN-IPs: 192.168.179.0


Startup Script:
Code:

sleep 30
echo "Update route table on startup..."
WGSERVER=$(/usr/sbin/nvram get oet2_rem0)
WANGW=$(/usr/sbin/nvram get lan_gateway)
WANIF=$(/usr/sbin/nvram get lan_ifname)
route add -host $WGSERVER gw $WANGW dev $WANIF
route del default
route add default dev oet2
ip route flush cache
mkdir -p /tmp/etc/config
ln -s /tmp/custom.sh /tmp/etc/config/wg-route-fix.wanup
echo "... Done route table update."

Firewall:
Code:

WANIF=$(/usr/sbin/nvram get lan_ifname)
iptables -t nat -I POSTROUTING -o oet2 -j MASQUERADE
iptables -t nat -A POSTROUTING -o $WANIF -j MASQUERADE
#iptables -I FORWARD -i br0 -o $WANIF -m state --state NEW -j REJECT --reject-with icmp-host-prohibited
#iptables -I FORWARD -i br0 -p tcp -o $WANIF -m state --state NEW -j REJECT --reject-with tcp-reset
iptables -I FORWARD -i oet1 -j ACCEPT
iptables -I FORWARD -o oet1 -j ACCEPT

Custom Script:
Code:

#!/bin/sh
sleep 5
echo "Update route table on wanup ..."
WGSERVER=$(/usr/sbin/nvram get oet2_rem0)
WANGW=$(/usr/sbin/nvram get lan_gateway)
WANIF=$(/usr/sbin/nvram get lan_ifname)
route add -host $WGSERVER gw $WANGW dev $WANIF
route del default
route add default dev oet2
ip route flush cache
echo "... Done route table update."

Output of "ip route":
Code:

default dev oet2 scope link
127.0.0.0/8 dev lo scope link
141.98.103.58 via 192.168.178.1 dev br0
192.168.178.0/24 dev br0 scope link  src 192.168.178.2
192.168.179.0/24 dev oet1 scope link  src 192.168.179.1

Output of "wg show":
Code:

interface: oet1
  public key: (hidden)
  private key: (hidden)
  listening port: 51823

peer: (hidden)
  endpoint: (hidden):51823
  allowed ips: 192.168.179.2/32
  transfer: 296 B received, 184 B sent

interface: oet2
  public key: (hidden)
  private key: (hidden)
  listening port: 51820

peer: (hidden)
  endpoint: 141.98.103.58:51820
  allowed ips: 0.0.0.0/0
  latest handshake: 3 seconds ago
  transfer: 124 B received, 468 B sent
Goto page Previous  1, 2 Display posts from previous:    Page 2 of 2
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum