The bricking comment was pointed at manipulating the wireguard.js file.
The file contents of the various and multiple *.json files are exactly what one would expect ~ yet dated. Perhaps ~ and most likely ~ running the wg_gen_config.sh file in WinSCP from the /www/luci-static/* folders during testing populated the errantly located files. I'll delete!
Thread Master Bot suggested I consolidate: So..
Does your repo edition of the script add verbosity to flag 429 error like @patrickm script does?
Other than adding -v option to the curl responses to figure what HTTP Responses were being returned, No. Only encountered it when I initially used my .ovpnCredentials in config.json.
Dear Professor.. I had read this entire thread before joining, but your issue was the reason I joined. I hate to leave a rock unturned. I think this might help revive brain stem activity. Happy Regards!
yazdan Feb 2, 2023 ~ gen_wg_config.sh: Support adding config files to a zip archive
Utility flag, useful to import the configurations to the android app
New Switches and Suffix's on the tagged {p2p, virtual, physical} in the config folder for refined selection.
echo " -f force register ignore checking"
echo " -g ignore generating profile files"
echo " -n <name> create a manual named key"
echo " -k <key> use provided private key"
echo " -l list registered manual keys"
echo " -d <key-id> delete registered manual key"
echo " -z [zip-file] zip archive in which to save the config files"
This README is dedicated to making a cli uci install of the Wireguard services and sswg script to enable one to swap endpoint easily and quickly. The front end work is lengthy, mostly reading; yet the outcome is well worth the time, especially since most of the work of configuration is uci set. Enjoy!
Reboot your system so the above packages can manifest in Luci.
Installing w/out Peer(1) and with Multi Peer for uci cli Swapping.
Follow the Templet Use all or at least two, or configure within the file your own. Double check the wan.metric='10' with ip route show default to ensure metric 10 is not already in use; modify accordingly. All public key are dummy. Until changed with legitimate pub key from you downloaded client conf files; you will be without Internet access.
cd /
uci set network.wan.metric='10'
uci set network.wg0=interface
uci set network.wg0.proto='wireguard'
uci set network.wg0.listen_port='51820'
uci set network.wg0.addresses='10.14.0.2/8'
uci set network.wg0.private_key=$(eval echo $(jq '.prv' ./wg/wg.json))
uci commit network
uci set network.peerchiu='wireguard_wg0'
uci set network.peerchiu.description=peerchiu
uci set network.peerchiu.public_key=DpMfulanF/MVHmt3AX4dqLqcyE0dpPqYBjDlWMaUI00=
uci add_list network.peerchiu.allowed_ips='0.0.0.0/0'
uci add_list network.peerchiu.allowed_ips='::/0'
uci set network.peerchiu.route_allowed_ips='1'
uci set network.peerchiu.endpoint_host=us-chi.prod.surfshark.com
uci set network.peerchiu.endpoint_port='51820'
uci set network.peerchiu.persistent_keepalive='25'
uci commit network
uci set network.peerdalu='wireguard_wg0'
uci set network.peerdalu.description=peerdalu
uci set network.peerdalu.public_key=0iwHQpV+rsOg38ogv4g4XMLJa51YqWY/yKWR9UEUMDk=
uci add_list network.peerdalu.allowed_ips='0.0.0.0/0'
uci add_list network.peerdalu.allowed_ips='::/0'
uci set network.peerdalu.route_allowed_ips='1'
uci set network.peerdalu.endpoint_host=us-dal.prod.surfshark.com
uci set network.peerdalu.endpoint_port='51820'
uci set network.peerdalu.persistent_keepalive='25'
uci commit network
uci set network.peernycu='wireguard_wg0'
uci set network.peernycu.description=peernycu
uci set network.peernycu.public_key=rhuoCmHdyYrh0zW3J0YXZK4aN3It7DD26TXlACuWnwU=
uci add_list network.peernycu.allowed_ips='0.0.0.0/0'
uci add_list network.peernycu.allowed_ips='::/0'
uci set network.peernycu.route_allowed_ips='1'
uci set network.peernycu.endpoint_host=us-nyc.prod.surfshark.com
uci set network.peernycu.endpoint_port='51820'
uci set network.peernycu.persistent_keepalive='25'
uci commit network
uci set network.peerwarp='wireguard_wg0'
uci set network.peerwarp.description=peerwarp
uci set network.peerwarp.public_key=vBa3HK7QXietG64rHRLm085VMS2cAX2paeAaphB/SEU=
uci add_list network.peerwarp.allowed_ips='0.0.0.0/0'
uci add_list network.peerwarp.allowed_ips='::/0'
uci set network.peerwarp.route_allowed_ips='1'
uci set network.peerwarp.endpoint_host=pl-waw.prod.surfshark.com
uci set network.peerwarp.endpoint_port='51820'
uci set network.peerwarp.persistent_keepalive='25'
uci commit network
uci set network.peertorc='wireguard_wg0'
uci set network.peertorc.description=peertorc
uci set network.peertorc.public_key=W9bzkcL3fiV64vDpB4pbrz8QafNn3y5P9Yc/kQvy4TA=
uci add_list network.peertorc.allowed_ips='0.0.0.0/0'
uci add_list network.peertorc.allowed_ips='::/0'
uci set network.peertorc.route_allowed_ips='1'
uci set network.peertorc.endpoint_host=ca-tor.prod.surfshark.com
uci set network.peertorc.endpoint_port='51820'
uci set network.peertorc.persistent_keepalive='25'
uci commit network
/etc/init.d/network restart
To minimize Firewall setup; Consider VPN network as public. Assign VPN interface to WAN zone.
The peer swapping is achieved by placing the desired peer config in the last/bottom order of the /etc/config/network file. The high arbitrary number '99' should suffice to place desired network peer at bottom. My personal config has only 15. The resulting command will also be represented in the Wireguard Status, Interface Peer Pages of Luci. Simple command, long description.
From the above install, Toronto Canada is the last peer installed and will be the default route the wg0 vpn tunnels through. By running the below command the Warsaw Poland endpoint takes the bottom position and becomes wg0 vpn tunnel. This is achieved from the network.peerwarp NETWORK not the description=peerwarp! A look at your /etc/config/network file will enlighten your understanding later.
I am relatively new to OpenWRT, but have been following this thread for a while and have successfully connected the Surfshark wireguard connection.
Is there a tutorial that allows me to use my OpenWRT router as a separate wireless access point, next to my main router, to pass wirelessly connected devices through the Surfshark wireguard tunnel?
The OpenWRT router (192.168.1.2) is connected directly to my Internet router (192.168.1.1) via LAN.
Ok thanks, that sounds nice, but this answer does not help me with my question. I would set up my OpenWRT router as a wireless hotspot, providing a separate IP range for connected wireless devices besides my normal router, which surf through the surfshark wireguard connection.
Have you already tried this, if not then it should work by default as @RuralRoots said.
I'm typing on a router (Tomato) that is downstream form the WireGuard connection. Good to Go!
My cell phones connected to this same router (Tomato) Good to Go!
The reason is that the (Tomato) is connected to the OpenWRT router's br-lan and MUST tunnel.
I hope this helps
If you have tried and see failure we'll need to dig deeper.
If you have not tried, you won't be hurt by this simple test and see.
Thanks again. In the docs guest wifi example the OpenWRT router is the main router which using the WAN port. In my scenario the OpenWRT router is connected over LAN with my main router. Should I connect the OpenWRT over WAN with my main router?
Unfortunately I do not know how to change the configuration for my situation. As I said, I'm still a little inexperienced with OpenWRT.
I hope my request does not go beyond the scope here...
My scenario:
MainRouter (192.168.124.1)
OpenWRT (192.168.124.2)
Both connected via LAN port.
Following these instructions (https://openwrt.org/docs/guide-user/network/wifi/guestwifi/guestwifi_dumbap) I've now configured my OpenWRT, including the firewall rules. This router provides now a guest Wifi (192.168.125.1). I can connect to the guest wifi via my cell phone and get an IP address (192.168.125.241) from the guest dhcp server.
Problem: no matter if with or without the Surfshark WG connection, I don't get internet access on the connected mobile.
sorry for my bad english, I no native english speaking person
I found this script, cause I´m using openwrt on an APU2E4.
I setup the wireguard manually and it works fine.
Till now I updated the keys manually, if they expired.
So I was happy to have found the script.
BUT
I get an error in "registering key"... The error I get looks like:
{"code":401,"message":"JWT Token not found"}
What can I do? What did I wrong?
The creds are correct, but if I will use the generated keys WG is stopping the connection.
Invoke the script using the -g switch. ./gen-wg-config.sh -g
Run the script again using the -f switch. ./gen-wg-config.sh -f
Run the script a third time using the -g switch. ./gen-wg-config.sh -g
This will retrieve a new token file and authorize your keys.
Hello and I hope that you are well RuralRoots - just by way of clarification - you wrote
Run the script a third time using the -g switch. ./gen-wg-config.sh -f
Did you mean
Run the script a third time using the -g switch. ./gen-wg-config.sh -g
Just asking - not trying to bust your chops or show you up - just trying to keep things straight in my mind is all - Thanks for all you do here - contributing your knowledge and expertise - and across The Greater OpenWRT Community