Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


WireGuard automated installer | Ubuntu, Debian, CentOS, Fedora - Page 6
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

WireGuard automated installer | Ubuntu, Debian, CentOS, Fedora

1234689

Comments

  • NyrNyr Community Contributor, Veteran

    @youandri said: I have try cloudron with the wireguard script, so wireguard not working.

    Is it conflict with cloudron?

    Thanks.

    Haven't tested, no idea. My installer is very unobtrusive so it will most likely work just fine along with most management tools if they don't mess with the firewall or anything like that.

    @jokotan said: Thank for your work @Nyr
    I'm not an user, yet.
    But after some quick code review I don't like that if there is no wg0.confexists, then the script begin wireguard installation. Sure, I want it to install all configs for me, but I like to install everything by apt-get by myself. I'm about the part where it is request read -n1 -r -p "Press any key to continue...". Why not give user some more information and opportunity to refuse shadow apt-get iterations with -y flag.

    Why I'm not happy about that? I'm new wireguard user. As I see it add debian-backports, but install wireguard package (not wireguard-tools) and not from added backports. Need to use -t debian-backports flag as I know. The result will work, but not as module if I'm not miss something. So I want more control over this apt-get iterations. it will be beautiful to add opportunity to skip this step with some nice warning what user need to install if he want manually. and then continue only with configs/iptables rules.

    My 5 cents.

    p.s. and missed opportunity to choose tcp, instead of udp

    Anyway, than you very much. You made a good amount of job!

    The wireguard package is a metapackage which contains wireguard-tools, and it is indeed installed from the backports repo, you can see that in the installation log. Wireguard will be installed as a kernel module.

    And Wireguard does not support transport over UDP.

    @JohnFilch123 said: Noticed a very interesting glitch. It works with ipad but I tried to set up a second client on Ubuntu and it does not work. Seems like it connects to the server (however, I do not see a handshake after sudo wg command) but there is no internet. Nothing pings. Any thoughts on this?

    This is not a problem with the script, probably a client-side issue.

  • jokotanjokotan Member
    edited December 2020

    The wireguard package is a metapackage which contains wireguard-tools, and it is indeed installed from the backports repo, you can see that in the installation log. Wireguard will be installed as a kernel module.

    And Wireguard does not support transport over UDP.

    Thanks you for your answer. I hope so. What is about opt-out from -y flag by user choose or from the whole installation step?

    About UDP. You mean wireguard support only UDP. And tcp request to setup some tunnel. Got it. I'm too new for wireguard. Old OpenVPN user.

  • @Nyr said:

    @JohnFilch123 said: Noticed a very interesting glitch. It works with ipad but I tried to set up a second client on Ubuntu and it does not work. Seems like it connects to the server (however, I do not see a handshake after sudo wg command) but there is no internet. Nothing pings. Any thoughts on this?

    This is not a problem with the script, probably a client-side issue.

    OF course this is not a script. Just wonder if anybody can point me towards the right directions what to check in order to fix it.

  • Hello all!

    Novice here - and I have a question (probably basic to most!). I just setup my first wireguard vps using @Nyr script.

    I see in the main.conf file there are keys in the interface (client) and Peer (server). How come the interface (client) already has a Private key generated? I could be wrong, but I thought I am supposed to use the private key from the "create tunnel" when using the windows wireguard client?

    Also, what is the PresharedKey used for?

    [Interface]
    Address = 10.7.0.2/24
    DNS = 1.1.1.1, 1.0.0.1
    PrivateKey = ABCDEFG

    [Peer]
    PublicKey = 123456
    PresharedKey = 78910
    AllowedIPs = 0.0.0.0/0, ::/0
    Endpoint = x.x.x.x:51820
    PersistentKeepalive = 25

    If anyone has setup a Windows client and is able to assist me I would appreciate it.

    Thanks all!

  • NyrNyr Community Contributor, Veteran

    @WebBug said: How come the interface (client) already has a Private key generated? I could be wrong, but I thought I am supposed to use the private key from the "create tunnel" when using the windows wireguard client?

    It is done this way for simplicity, so you can import the configuration file directly into your client easily.

    @WebBug said: what is the PresharedKey used for?

    It adds an additional layer of crypto. It is not required, but a "nice to have" thing for theoretical situations.

    Both explanations are simplified to the extreme, but you get the idea, I hope :)

  • @Nyr said:

    @WebBug said: How come the interface (client) already has a Private key generated? I could be wrong, but I thought I am supposed to use the private key from the "create tunnel" when using the windows wireguard client?

    It is done this way for simplicity, so you can import the configuration file directly into your client easily.

    Thank you very much. So, I could use this private key verses the one generated on the client side?

    @WebBug said: what is the PresharedKey used for?

    It adds an additional layer of crypto. It is not required, but a "nice to have" thing for theoretical situations.

    Both explanations are simplified to the extreme, but you get the idea, I hope :)

    :)

  • NyrNyr Community Contributor, Veteran

    @WebBug said: I could use this private key verses the one generated on the client side?

    You should, yeah.

  • WebBugWebBug Member
    edited January 2021

    @Nyr said:

    You should, yeah.

    Awesome, that was simple. I copied the text in the .conf file into notepad and saved it as a .conf file. I was able to easily import it and all the settings were set!

    I just clicked "Activate" but could not connect. It is most likely my UFW.. I only allowed SSH and the Port for Wireguard. I think I will have to allow 80/443 too.

  • @nyr, should the same settings in my server .conf file be in the client wireguard tunnel?

  • @nyr I figured out why I could not connect. I have another VPN client running on my desktop. As soon as I disabled it, wireguard works. When I go to ipchicken.com or whatismyipaddress.com, I see it shows the server IP of my VPS. Is that correct? I thought It would show a 10.x.x.x. ip address that was configured.

  • kudukukuduku Member
    edited January 2021

    @Nyr
    this BF sale took too a many VPS, Have installed your script for creating a mesh network
    Individually script works beautifully

    Trying to mesh 4 VPS together
    Starting with same subnet with IP address as
    VPS1 10.7.0.1
    VPS2 10.7.0.2
    VPS3 10.7.0.3
    VPS5 10.7.0.4
    All can communicate between each other after i add all 3 public keys , Endpoint and AllowedIP in each VPS . Confirmed by pinging each other

    I took client from VPS1,lets name client laptop . All VPS already have masquerading due to your script.
    laptop IP from VPS1 is 10.7.0.5

    Nows the issue , i can only ping 10.7.0.1 when i use laptop config . Cant ping other 3 VPS
    Took another client from VPS2 which was 10.7.0.6 but then can only ping 10.7.0.2 of VPS2
    After the unsuccessful attempt restricted myself to setup 2 VPS mesh first

    Now tried duplicating client config with same IP address on VPS1 and VPS2
    Tried duplicating client config with different IP address on VPS1 and VPS2
    Tried adding 2 different IP address in client config with same private key
    Tried making client with different private keys
    Nothing worked
    so how do i setup my config to connect balance 3 VPSs ?

    In this setup also for clients its not mesh . If VPS1 goes down then laptop cannot connect with VPS2 and others
    So whats required in clients.conf to make them communicate independently with all other 4VPSs

    Can somebody guide on this.

  • Not sure if anyone else here uses windows, but when I activate Wireguard and connect, I noticed the process, Service Host: Windows Image Acquisition (WIA) increased significantly - from 0% to 8.4%.
    The only reason I noticed this was due to the fact my fans kicked up as if I was gaming!

    When I deactive Wireguard, the process Service Host: Windows Image Acquisition (WIA) goes back to 0%. I tested this about 7 times and each time I am able to replicate the results.

    Any thoughts on why the process Service Host: Windows Image Acquisition (WIA) is being utilized that much with Wireguard? The Service Host: Windows Image Acquisition (WIA) is a driver model which helps the system's graphic software to communicate with hardware devices which use graphics (like printer, scanner, etc). This has nothing to do with VPNs!

  • edited January 2021

    Why would people do something like this as opposed to subscribing to a VPN service? Seems that multiple IP's and locations are a big advantage as opposed to using your own VPN server.

    Unless of course you are the one providing the VPN service.

  • weaselweasel Member
    edited January 2021

    Just wanted to say thanks to Nyr for this script. I love the QR Code generated at the end - great for easy setup after install. A couple of questions:

    1. Any way to automate this script (e.g. with command line args or using a -c config_file option) - for automated setup on multiple servers
    2. I saw another wireguard-install script here: https://github.com/angristan/wireguard-install I haven't looked through it that closely, but any observations on the differences between the two?

    @LosPollosHermanos said:
    Why would people do something like this as opposed to subscribing to a VPN service? Seems that multiple IP's and locations are a big advantage as opposed to using your own VPN server.

    Unless of course you are the one providing the VPN service.

    I run my own VPN setup because:
    1. If lucky, you can pick up a bunch of servers for very little (e.g. Hosthatch Black Friday 2020 gave 10 servers for $60/yr - so you get multiple locations.
    2. You're not sharing IPs with hundreds of others (as per a normal VPN) so the likelihood of your VPN/IP getting banned is much lower (relevant for those in countries with suppressive regimes)
    3. One VPN service typically gives you just one user account (maybe multiple devices). Your own server/VPN gives you unlimited accounts. My whole company uses just a single server I setup, for just $20/year. And I have others I share with friends, family etc.

  • Guys is there a browser plugin for wireguard ?

    When I run the VPN client I want to limit it to the browser only and not the entire PC network.

  • @PandoGulf said:
    Guys is there a browser plugin for wireguard ?

    When I run the VPN client I want to limit it to the browser only and not the entire PC network.

    Squid mighy be a better effort?

    Thanked by 1PandoGulf
  • edited January 2021

    @PandoGulf said: limit it to the browser only

    Would it be fine using Proxifier or Squid?

    Thanked by 1PandoGulf
  • alentoalento Member, Host Rep

    @PandoGulf said: Guys is there a browser plugin for wireguard ?

    When I run the VPN client I want to limit it to the browser only and not the entire PC network.

    Why not just set up a simple SOCKS5 proxy?

    One article of many randomly found on the net:

    https://ma.ttias.be/socks-proxy-linux-ssh-bypass-content-filters/

    Thanked by 1PandoGulf
  • NyrNyr Community Contributor, Veteran

    @WebBug said: When I go to ipchicken.com or whatismyipaddress.com, I see it shows the server IP of my VPS. Is that correct? I thought It would show a 10.x.x.x. ip address that was configured.

    That is normal. The 10.x.x.x IP address is an internal one used only inside the tunnel.

  • NyrNyr Community Contributor, Veteran

    @kuduku said: So whats required in clients.conf to make them communicate independently with all other 4VPSs

    Sorry but I am not sure what are you trying to achieve. Still, if the problem is not related to the script itself but WireGuard in general, I suggest you to open a new topic if you want help on this matter.

  • @Nyr said:

    @kuduku said: So whats required in clients.conf to make them communicate independently with all other 4VPSs

    Sorry but I am not sure what are you trying to achieve. Still, if the problem is not related to the script itself but WireGuard in general, I suggest you to open a new topic if you want help on this matter.

    i am trying to create a mesh of VPSs after installing your script on them
    I have achieved inter-connectivity between VPSs but any one client cannot communicate with other VPSs

  • NyrNyr Community Contributor, Veteran

    @LosPollosHermanos said: Why would people do something like this as opposed to subscribing to a VPN service? Seems that multiple IP's and locations are a big advantage as opposed to using your own VPN server.

    I can tell you about my case. I want to have my own server because I do not trust shady VPN companies with ridiculous marketing. I also prefer to have a static IP address which is not blacklisted in many places because it is part of a dirty network. Finally, I also want a service with a provider/network of my choice, not some mediocre M247. Many people also get NAT servers around the world for very cheap, cheaper than any commercial VPN service.

    Thanked by 1_MS_
  • NyrNyr Community Contributor, Veteran

    @weasel said: Any way to automate this script (e.g. with command line args or using a -c config_file option) - for automated setup on multiple servers

    Maybe in the future, not right now.

    @weasel said: I saw another wireguard-install script here: xxx I haven't looked through it that closely, but any observations on the differences between the two?

    I encourage you to take a closer look if you want and compare both projects. Code quality and attention to detail are very different between the two. Mine also supports containers, which implied many hours of work.

  • NyrNyr Community Contributor, Veteran

    @PandoGulf said: Guys is there a browser plugin for wireguard ?

    When I run the VPN client I want to limit it to the browser only and not the entire PC network.

    As others have mentioned, you probably want a proxy server, not a VPN.

    Thanked by 1PandoGulf
  • NyrNyr Community Contributor, Veteran

    @kuduku said: i am trying to create a mesh of VPSs after installing your script on them

    My installer is not the right tool for this, take a look at:
    https://github.com/k4yt3x/wg-meshconf

  • I installed Wireguard on a virtual machine behind a NAT using the script by @Nyr, but it didn't work in a sense that clients do not have internet connection. I have previously used the script on machines with public IP address and it work just fine.

    The setup is the following: there is physical machine with public IP and a virtual machine on it with a private IP (say 192.168.0.10). Both the physical server and the virtual machine run up to date version of Centos 7 (release 7.9.2009). There is normal connectivity from the virtual machine to internet. I used the default port 51820 for the installation.

    My assumption is that there is some kind of problem with nat or prerouting/postrouting on the server. If so:

    • What kind of iptables rules should be added be added on the physical machine so that the whole setup works?
    • Could there be another problem that is causing this?
    • How do I know if the clients connect to the wireguard server at all.
  • NyrNyr Community Contributor, Veteran

    @wguser2 said: What kind of iptables rules should be added be added on the physical machine so that the whole setup works?

    You just need to configure NAT for the VM normally, and then my installer will set up NAT inside the virtual machine automatically.

    @wguser2 said: How do I know if the clients connect to the wireguard server at all.

    It depends on which client you use, check the logs and see if a connection was successfully established.

  • varwwwvarwww Member
    edited January 2021

    Just a note to people installing this, it adds a daily cron job at a random time between 3:00 and 5:59

    38 3 * * * /usr/local/sbin/boringtun-upgrade &>/dev/null

    I was wondering where it came from. Ref: https://github.com/Nyr/wireguard-install/blob/70e28bcc1a1c5d7ae5dfbea78839d8f9d45e5397/wireguard-install.sh#L475

  • NyrNyr Community Contributor, Veteran

    @varwww said: Just a note to people installing this, it adds a daily cron job at a random time between 3:00 and 5:59

    Indeed, but only for containers where an user space solution is required and only if the user agrees, see line 245 and below. It is also cleaned up when you use the removal option in the script.

    Thanked by 1varwww
  • @swat4 @ErawanArifNugroho @alento @Nyr

    Thank you guys, probably will go with a proxy instead as you advised.

Sign In or Register to comment.