Create Surfshark wireguard connection on OpenWrt easily

Bill · 2022-03-28T05:16:17.314Z

Bill:

My example is shown in the pics.. and crontab job below.. I buried yazdan's files in /etc/config/wireguard/

RuralRoots:

In your run directory cat surf_servers.json | jq . for example

So... from /etc/config/wireguard Or
/etc/config/wireguard/conf where the Server/Client files download?

Also do I use the file name of the conf-file as "pl-waw.prod.json"

EDIT: My bad!
My eyes are shot from tinkering with @patrickm script. I deleted so much from my run directory that I didn't see what was right in front of me.

His mangled/sniffed/ script dropped a lot of curl and used more jq and the output of the surf_servers.json file is replaced with surfshark_servers.json in the exact same format as your cat command. Much easier to read.. but what to I gain from examining this json file?
Brain Dump! Feel free to share a cool link because I'll read it.
Thanks again for stretching my limits.
Bill

2022-03-28_014412677×958 96.2 KB

RuralRoots · 2022-03-28T05:32:34.826Z

Bill:

/etc/config/wireguard/

Run directory = /etc/config/wireguard/ and any sub-dir’s with .json extensions

Bill:

do I use the file name of the .json as "pl-waw.prod.json"

Got it ;>)

Bill · 2022-03-28T05:39:11.626Z

You're better than Youtube..
BTW, how's the view from your location? LOL

RuralRoots · 2022-03-28T06:11:07.924Z

Bill:

what to I gain from examining this json file?

I can think of many ways to use load, co-ordinates, country/region et al to groom my preferred servers file.

Bill · 2022-03-28T10:16:57.702Z

Going out on the limb I frequent so often:
Could I assume that grooming the surfshark_servers.json/ surf_servers.json file to the list of server/peers I want, getting me a baby step closer, to then utilizing this in a elusively beautiful "simple uci script" for round-robin?

RuralRoots:

simple uci script

Thinking this as applied learning for a purpose of meeting a goal.

RuralRoots · 2022-03-29T06:13:25.746Z

VPN Policy-Based Routing + Web UI -- Discussion Community Builds, Projects & Packages

Thank you again Paul! So if I were to add other endpoints (peer2) to my existing "Surfshark VPN" interface, I've noticed that my router will default to the last endpoint added. Can you point me in the right direction for learning more about this uci script and how/if it interacts with a [vpn-policy-routing 0.2.1-13] set as VPN default route. Thank you and no rush. Bill

Depending how you set up your default route (all traffic via ‘wan’ or OpenVpn tunnel or WG or ???) VPN-PBR just lets you direct specific devices to be routed to other than your default route. Ergo, it doesn’t interact with VPN-PBR other than presenting an additional service gateway.

OpenWrt Wiki – 16 Sep 09

The UCI system

The UCI system See also: UCI defaults, Network scripting The abbreviation UCI stands for Unified Configuration Interface, and is a system to centralize the configuration of OpenWrt services. UCI is the successor to the NVRAM-based configuration...

uci by itself will produce a cheat sheet for reference.

uci show network will show you /etc/config/network in UCI format. You want to concern yourself with the Peer 2 section for your WG interface. Two entries need to be revised server PubKey and your corresponding new endpoint host.

Script Pseudo code:

uci set PubKey
uci set Preferred Server endpoint
uci commit
/etc/init.d/network restart ; /etc/init.d/firewall restart

Bill · 2022-03-29T10:24:07.299Z

uci show network.@[10]

shows one of my four peer2 wireguard endpoints. Now I just have to learn how to reorder the list. hehehehehehhehehhe don't tell me!!

Thanks Paul!
I'll study the uci usage further. I currently have a working script, however, I purpose to understand the basics. I had manually entered into Luci, 3 additional peer2. Last entered endpoint becomes wireguard connection upon uci commit ; /etc/init.d/network restart ; /etc/init.d/firewall restart.

I did that early yesterday and have 4 scripts to initialize the "preferred peer2" but it's adds an additional redundant entry into /etc/config/network.

So with your guidance above I have some reading and honing to accomplish, as the pic below is........ blah ok....... your help has given me some more tools to explore.

2022-03-28_1718051498×897 164 KB

Bill · 2022-03-29T21:01:30.206Z

I'm sure there exist eaiser methods, I for one could just drop a pre made "network" file into /etc/config/network and restart. But it was a fun challenge and I learned something. When the other options pop up; I'll learn more! Enjoy your journey. @RuralRoots I have the suggestion saved to learn along with jq curl cat Thank you.

RuralRoots:

uci set PubKey
uci set Preferred Server endpoint

#!/bin/sh
echo "Running at $(date)"
uci reorder network.@[13]=12
uci commit network
/etc/init.d/network restart
logger -t yourIFname ":$(date)   connection established"

## Undo examples:
## uci reorder network.@[13]=12
## uci reorder network.@[12]=13

## uci reorder network.@[13]=11
## uci reorder network.@[11]=13

## uci reorder network.@[13]=10
## uci reorder network.@[10]=13

## uci reorder network.@[13]=9
## uci reorder network.@[9]=13

####################################################################################
# MULTIPLE PEER(2) NETWORKS CAN BE ADDED TO LUCI AND SWAPPED BY .sh
# These networks are known by the notations below. Goal is to find peer(2).
# Plug in a number, or examine your "network" file ~ vi , nano, gui ~ 
# Count the unique "config" entries to find your first and last peer(2) entry
#
# (uci show network.@[])  	#example will show first top entry /etc/config/network
# (uci show network.@[0]) 	#example will also show first top entry /etc/config/network
# (uci show network.@[1]) 	#example will show second entry /etc/config/network
# (uci show network.@[2])	#example will show third entry /etc/config/netork
# ....
# (uci show network.@[13]	#example ~~ 13th entry /etc/config/network 
# last peer=wg0 current tunnel us-nyc!

#########################      Visual    ##############################

#root@Dachshund:~# uci show network.@[]
#network.loopback=interface
#network.loopback.ifname='lo'
#network.loopback.proto='static'
#network.loopback.ipaddr='127.0.0.1'
#network.loopback.netmask='255.0.0.0'
#root@Dachshund:~# uci show network.@[0]
#network.loopback=interface
#network.loopback.ifname='lo'
#network.loopback.proto='static'
#network.loopback.ipaddr='127.0.0.1'
#network.loopback.netmask='255.0.0.0'
#root@Dachshund:~# uci show network.@[1]
#network.globals=globals
#network.globals.ula_prefix='0:0:0:0::/0'
#root@Dachshund:~# uci show network.@[13]
#network.cfg0e6912=wireguard_SSWG
#network.cfg0e6912.public_key='rhuoCmHdyYrh0zW3J0YXZK4aN3It7DD26TXlACuWnwU='
#network.cfg0e6912.peersistent_keepalive='25'
#network.cfg0e6912.endpoint_port='51820'
#network.cfg0e6912.allowed_ips='0.0.0.0/0' '::/0'
#network.cfg0e6912.route_allowed_ips='1'
#network.cfg0e6912.endpoint_host='us-nyc.prod.surfshark.com'
#network.cfg0e6912.description='nyc-prod'
#
# Per OpenWrt - CFGID's are assigned to WireGuard Peers in order a~z.
# Shown below as cfg0(a)6912, cfg0(b)6912, etcetera
# Static entries insofar as peers do not move in order, unless commanded to. This sh's goal.
# The command: (uci reorder network.'cfg0a6912'=) will move that peer  <NOTE:AVOID> 
# to the very top of your /etc/config/network file and the CFGID's will change!
# The command: (uci reorder network.@[9]=) will move that peer <NOTE:AVOID>
# to the very top of your /etc/config/network file and the CFGID's will change!
# These CFGID can be found by either using a web browser's inspect tool
# upon the peer in the setup section of the Peer Tab in Luci, or
# invoking a save and then inspecting the "unsaved changes" section,
# or uci reorder network.@[#] where # represents number (see above [1]) of config line entry
# in your 'network' file, and then using (uci changes) to view the cfg0xxxxxx
# or using (uci show network.'cfgxxxxxx') if you happen to know xxxxxx
# Last entry will become path>wg0 tunnel. In this ex. cfg0e6912 is path.
# This example demonstrate five peers added via uci or Luci.
#
# cfg0a6912					#example cfg0a6912 is fr-bod
# cfg0b6912					#example cfg0a6912 is jp-tok
# cfg0c6912					#example cfg0a6912 is it-rom
# cfg0d6912					#example cfg0a6912 is pl-waw
# cfg0e6912					#example cfg0a6912 is us-nyc
#
# ***Issuing a reorder command to move from us-nyc onto pl-waw***
# Since us-nyc is the 13th config line [13] and currently cfg0e6912
# Since pl-waw is the 12th config line [12] and currently cfg0d6912
# uci the following... 
#
#root@Dachshund:~# uci reorder network.@[13]=12
#root@Dachshund:~# uci changes
#network.cfg0e6912='12'
#uci: Entry not found
#uci: Entry not found
#uci: Entry not found
#uci: Entry not found
#uci: Entry not found
#root@Dachshund:~# uci export network
#package network
#
#config interface 'loopback'
#        option ifname 'lo'
#        option proto 'static'
#        option ipaddr '127.0.0.1'
#        option netmask '255.0.0.0'
#
#config globals 'globals'
#        option ula_prefix '0:0:0:0::/0'
#
####  TRUNCATED  ####
#
#config wireguard_SSWG
#        option public_key 'rhuoCmHdyYrh0zW3J0YXZK4aN3It7DD26TXlACuWnwU='
#        option peersistent_keepalive '25'
#        option endpoint_port '51820'
#        list allowed_ips '0.0.0.0/0'
#        list allowed_ips '::/0'
#        option route_allowed_ips '1'
#        option endpoint_host 'us-nyc.prod.surfshark.com'
#        option description 'nyc-prod'
#
#config wireguard_SSWG
#        option public_key 'vBa3HK7QXietG64rHRLm085VMS2cAX2paeAaphB/SEU='
#        option persistent_keepalive '25'
#        option endpoint_port '51820'
#        list allowed_ips '0.0.0.0/0'
#        list allowed_ips '::/0'
#        option route_allowed_ips '1'
#        option endpoint_host 'pl-waw.prod.surfshark.com'
#        option description 'waw-prod'
#
#root@Dachshund:~# uci commit ; /etc/init.d/network restart
#
# Now pl-waw takes the CFGID of cfg0e6912 and position of 13th and is VPN tun. 
# Now us-nyc takes the CFGID of cfg0d6912 and position of 12th.
# Changes will be reflected in the Peer Tab of Setup and the WireGuard Status page.
###################################################################################

RuralRoots · 2022-03-29T23:12:24.933Z

Bill:

I'm sure there exist eaiser methods, I for one could just drop a pre made "network" file into /etc/config/network and restart.

Yessir! You did ask though.

Bill:

it was a fun challenge and I learned something

Bill:

Now I just have to learn how to reorder the list. hehehehehehhehehhe don't tell me!!

I wondered how you’d tackle the indexing when I read that. Well Done!!

Bill · 2022-03-30T10:14:51.439Z

RuralRoots:

I wondered how you’d tackle the indexing when I read that. Well Done!!

No better honor than receiving my "Welcome Badge" from the Sensei of this forum.

I dug deep into the router /www/luci-static/resources/protocol/wireguard.js

See illustration:

2022-03-30_0527591382×1015 231 KB

To find some clues..........out on the limb I so frequently visit........

`deleteConfiguration:function(){uci.sections('network','wireguard_%s'.format(this.sid),function(s){uci.remove('network',s['.name']);});`

The thought process is that since we have an "Add Peer" button and the "Delete" button; if I could manipulate these commands from deleteConfiguration and uci.remove to say reorderConfiguration and uci.reorder and if it work then, move onto adding an addition line, and button. But it failed.
I threw several blind punches, at the line: rebooted the router.. the good news is I didn't brick luci. So any ideas Paul? Do you mingle with some top notch js peeps?

On somewhat of a sidetrack I found this odd: All these *.json dated files several week old. Which would match the time I started from scratch. Oddly no surfshark_servers.json files AKA from running @patrickm script.

/www/luci-static/resources/tools/selected_servers.json
/www/luci-static/resources/icons/selected_servers.json
/www/luci-static/resources/selected_servers.json
/www/luci-static/resources/icons/token.json
/www/luci-static/resources/token.json
/www/luci-static/resources/tools/surf_servers.json
/www/luci-static/resources/icons/surf_servers.json
/www/luci-static/resources/surf_servers.json
/www/luci-static/resources/tools/wg.json
/www/luci-static/resources/icons/wg.json
/www/luci-static/resources/wg.json
/www/luci-static/resources/view/status/include/selected_servers.json
/www/luci-static/resources/view/status/include/wg.json
/www/luci-static/resources/view/status/include/surf_servers.json
/www/luci-static/resources/view/status/include/token.json

RuralRoots · 2022-03-30T13:04:29.686Z

Bill:

Oddly no surfshark_servers.json files AKA from running @patrickm script.

get_servers() {
    echo "Retrieving servers list..."
    tmpfile=$(mktemp /tmp/surfshark-wg-servers.XXXXXX)
     .
     .
     .

rm $tmpfile
    return $rc
}

He retrieves the former surfshark_servers.json file instead to a temp file every run so a physical file never exists.

Bill:

I threw several blind punches, at the line: rebooted the router.. the good news is I didn't brick luci. So any ideas Paul? Do you mingle with some top notch js peeps?

Not my forte, maybe this might help. https://github.com/openwrt/luci#development

Bill · 2022-03-30T14:16:21.079Z

RuralRoots:

He retrieves the former surfshark_servers.json file instead to a temp file every run so a physical file never exists.

Thanks for the homework link.

I meddled around with his script and actually produced a copy and somehow manage to get the "handicapped" conf files place in my run /etc/config/wireguard/conf folder.

BUT..

find / -iname wg.json

So it's not odd to have these sticks scatter in the wind?

Summary

2022-03-30_100831807×485 61.3 KB

_lsx · 2022-03-30T14:41:01.968Z

randywk:

I am trying to run this script but have run into a couple of issues. One is that special characters seem to break the script for me and I did overcome that by hard-coding the credentials and using \ as an escape character. Next, I am getting an http 429 error which is preventing me from registering my public key with Surfshark. Anybody else have these issues?

RuralRoots:

Sounds like your credentials aren’t accepted and after too many attempts, the server is shutting you down. (429 - too many responses)

Sorry to resurrect an old post, but in case anyone else gets the HTTP 429 error / not allowed error from wg_check_pubkey(), I found the fix to this in the below SS article...

How to fix website/app login issues? – Surfshark Customer Support

Change your ip address and the problem will go away.

RuralRoots · 2022-03-30T15:16:19.821Z

Bill:

BUT..

find / -iname wg.json

So it's not odd to have these sticks scatter in the wind?

Yes, odd.

root@RuralRoots:/# find / -iname wg.json
/mnt/shared/wgapi/wg.json

Wondering about:

Bill:

the good news is I didn't brick luci.

What are the file contents?

Bill · 2022-03-30T15:24:19.729Z

RuralRoots:

What are the file contents?

The bricking comment was pointed at manipulating the wireguard.js file.

The file contents of the various and multiple *.json files are exactly what one would expect ~ yet dated. Perhaps ~ and most likely ~ running the wg_gen_config.sh file in WinSCP from the /www/luci-static/* folders during testing populated the errantly located files. I'll delete!

Thread Master Bot suggested I consolidate: So..

RuralRoots:

Sounds like your credentials aren’t accepted and after too many attempts, the server is shutting you down. (429 - too many responses)

Does your repo edition of the script add verbosity to flag 429 error like @patrickm script does?

Bill · 2022-03-30T15:29:32.531Z

_lsx:

Change your ip address and the problem will go away.

Great find.... right to the source for the answer.

Good reason to be a Guinee pig and test that reorder script.

RuralRoots · 2022-03-30T17:52:13.554Z

Bill:

Does your repo edition of the script add verbosity to flag 429 error like @patrickm script does?

Other than adding -v option to the curl responses to figure what HTTP Responses were being returned, No. Only encountered it when I initially used my .ovpn Credentials in config.json.

Bill · 2022-03-30T18:20:08.165Z

RuralRoots:

No. Only encountered it when I initially used my .ovpn Credentials in config.json.

Ahhh, so you do have an intrepid vein. Bold Move...Bold Move.

btw thanks for jinxing me.. router did puke after all.

Bill · 2022-03-31T00:20:00.988Z

directnupe:

I keep encountering this last issue. Seems that I don't know how to create /mnt/shared directory.
When creating my usb exroot - I put /dev/sda1

Dear Professor.. I had read this entire thread before joining, but your issue was the reason I joined. I hate to leave a rock unturned. I think this might help revive brain stem activity. Happy Regards!

Summary

sdfghgfd1736×1519 182 KB

Bill · 2022-03-31T12:06:54.549Z

This is dedicate to the OP @yazdan , @patrickm , and @RuralRoots!

Thanks to @directnupe for Tutorial-1 and Tutorial-2 and Testing Script and Cron Job.

Summary of Scripts Available on This Thread

yazdan Feb 2, 2023 ~ gen_wg_config.sh: Support adding config files to a zip archive
Utility flag, useful to import the configurations to the android app
New Switches and Suffix's on the tagged {p2p, virtual, physical} in the config folder for refined selection.

            echo "  -f force register ignore checking"
            echo "  -g ignore generating profile files"
            echo "  -n <name> create a manual named key"
            echo "  -k <key> use provided private key"
            echo "  -l list registered manual keys"
            echo "  -d <key-id> delete registered manual key"
            echo "  -z [zip-file] zip archive in which to save the config files"

Bill reIyst update on Feb, 7 2023 Release 1.0.1 Keys.sh
patrickm revised this gist May 17, 2022

Interface 'wg0' Endpoint Swap

This README is dedicated to making a cli uci install of the Wireguard services and sswg script to enable one to swap endpoint easily and quickly. The front end work is lengthy, mostly reading; yet the outcome is well worth the time, especially since most of the work of configuration is uci set. Enjoy!

OpenWrt SurfShark WireGurard ~ SSWG

Have the requirements to run the script

opkg update opkg install diffutils curl jq ntpdate

You can install and run the script to obtain the keys within the wg.json file prior to doing Multi Peer section

From the reIyst SSWG download the 'sswg.sh' and 'sswg.json' files. If you have WinSCP your day is made easy. SSH into your router via WinSCP/Putty and create the folder structure. Copy the two files into the 'wg' directory and make the sswg.sh file executable. ./sswg.sh -g Is the first run application and will produce all connection files w/ pvt keys needed to configure your router, and/or import in WireGuard's© desktop app.

mkdir -p /wg/

chmod +x sswg.sh

./sswg.sh -g

Multi (Peer) For Interface named 'wg0'

opkg update opkg install luci-app-wireguard luci-proto-wireguard wireguard-tools

Reboot your system so the above packages can manifest in Luci.

Installing w/out Peer(1) and with Multi Peer for uci cli Swapping.

Follow the Templet Use all or at least two, or configure within the file your own. Double check the wan.metric='10' with ip route show default to ensure metric 10 is not already in use; modify accordingly. All public key are dummy. Until changed with legitimate pub key from you downloaded client conf files; you will be without Internet access.

cd /
uci set network.wan.metric='10'

uci set network.wg0=interface
uci set network.wg0.proto='wireguard'
uci set network.wg0.listen_port='51820'
uci set network.wg0.addresses='10.14.0.2/8'
uci set network.wg0.private_key=$(eval echo $(jq '.prv' ./wg/wg.json))	
uci commit network

uci set network.peerchiu='wireguard_wg0'
uci set network.peerchiu.description=peerchiu
uci set network.peerchiu.public_key=DpMfulanF/MVHmt3AX4dqLqcyE0dpPqYBjDlWMaUI00=
uci add_list network.peerchiu.allowed_ips='0.0.0.0/0'
uci add_list network.peerchiu.allowed_ips='::/0'
uci set network.peerchiu.route_allowed_ips='1'
uci set network.peerchiu.endpoint_host=us-chi.prod.surfshark.com
uci set network.peerchiu.endpoint_port='51820'
uci set network.peerchiu.persistent_keepalive='25'
uci commit network

uci set network.peerdalu='wireguard_wg0'
uci set network.peerdalu.description=peerdalu
uci set network.peerdalu.public_key=0iwHQpV+rsOg38ogv4g4XMLJa51YqWY/yKWR9UEUMDk=
uci add_list network.peerdalu.allowed_ips='0.0.0.0/0'
uci add_list network.peerdalu.allowed_ips='::/0'
uci set network.peerdalu.route_allowed_ips='1'
uci set network.peerdalu.endpoint_host=us-dal.prod.surfshark.com
uci set network.peerdalu.endpoint_port='51820'
uci set network.peerdalu.persistent_keepalive='25'
uci commit network

uci set network.peernycu='wireguard_wg0'
uci set network.peernycu.description=peernycu
uci set network.peernycu.public_key=rhuoCmHdyYrh0zW3J0YXZK4aN3It7DD26TXlACuWnwU=
uci add_list network.peernycu.allowed_ips='0.0.0.0/0'
uci add_list network.peernycu.allowed_ips='::/0'
uci set network.peernycu.route_allowed_ips='1'
uci set network.peernycu.endpoint_host=us-nyc.prod.surfshark.com
uci set network.peernycu.endpoint_port='51820'
uci set network.peernycu.persistent_keepalive='25'
uci commit network

uci set network.peerwarp='wireguard_wg0'
uci set network.peerwarp.description=peerwarp
uci set network.peerwarp.public_key=vBa3HK7QXietG64rHRLm085VMS2cAX2paeAaphB/SEU=
uci add_list network.peerwarp.allowed_ips='0.0.0.0/0'
uci add_list network.peerwarp.allowed_ips='::/0'
uci set network.peerwarp.route_allowed_ips='1'
uci set network.peerwarp.endpoint_host=pl-waw.prod.surfshark.com
uci set network.peerwarp.endpoint_port='51820'
uci set network.peerwarp.persistent_keepalive='25'
uci commit network

uci set network.peertorc='wireguard_wg0'
uci set network.peertorc.description=peertorc
uci set network.peertorc.public_key=W9bzkcL3fiV64vDpB4pbrz8QafNn3y5P9Yc/kQvy4TA=
uci add_list network.peertorc.allowed_ips='0.0.0.0/0'
uci add_list network.peertorc.allowed_ips='::/0'
uci set network.peertorc.route_allowed_ips='1'
uci set network.peertorc.endpoint_host=ca-tor.prod.surfshark.com
uci set network.peertorc.endpoint_port='51820'
uci set network.peertorc.persistent_keepalive='25'
uci commit network
/etc/init.d/network restart

To minimize Firewall setup; Consider VPN network as public. Assign VPN interface to WAN zone.

uci add_list firewall.wan.network="wg0"
uci commit firewall
/etc/init.d/firewall restart

Swapping

Uci CLI Peer Swapping

The peer swapping is achieved by placing the desired peer config in the last/bottom order of the `/etc/config/network` file. The high arbitrary number '99' should suffice to place desired network peer at bottom. My personal config has only 15. The resulting command will also be represented in the Wireguard Status, Interface Peer Pages of Luci. Simple command, long description.

From the above install, Toronto Canada is the last peer installed and will be the default route the wg0 vpn tunnels through. By running the below command the Warsaw Poland endpoint takes the bottom position and becomes wg0 vpn tunnel. This is achieved from the network.peerwarp NETWORK not the description=peerwarp! A look at your /etc/config/network file will enlighten your understanding later.

Warsaw

uci reorder network.peerwarp=99;uci commit network;/etc/init.d/network restart

Chicago

uci reorder network.peerchiu=99;uci commit network;/etc/init.d/network restart

Dallas

uci reorder network.peerdalu=99;uci commit network;/etc/init.d/network restart

New York

uci reorder network.peernycu=99;uci commit network;/etc/init.d/network restart

Toranto

uci reorder network.peertorc=99;uci commit network;/etc/init.d/network restart

Common uci commands for introspective users.

ip rule
wg.show
ip route show default
ubus call system board; uci export dhcp; uci export network; uci export firewall

Copyright and Attribution of developed software, tool, logo, names are the right of the following entities respectively.

CC Attribution-Share Alike 4.0 International

Surfshark Customer Support

How to set up WireGuard® on OpenWRT router

In this article, you will learn how to set up a manual WireGuard® connection on your OpenWRT firmware router. To proceed, you first need an active Surfshark subscription. You can find the available...

OpenWrt 22.03.0-rc6 sixth release candidate Release and security announcements

MikroTik RouterBOARD 951Ui-2nD (hAP) Looking good. I did the jump last month from 19.07.10 to the 22.03.0 rc5 Bless the Developer's aim: I only today noticed this in the LuCi Interface setup of WireGuard: An Import conf drag/drop..
Pic in BoottrapLight
Really, doing this from scratch is very easy now. Plop in your supplied file <a class="lightbox" href="https://forum.openwrt.org/uploads/default/original/3X/6/f/6fce4485ce8daef05fdd3746481b7b9ef72495b0.jpeg" data-d…