Create Surfshark wireguard connection on OpenWrt easily

patrickm · 2022-03-05T22:01:49.918Z

Yes with some more tinkering I made it work. Also put some improvements in the script but it's not finished yet :D. It seems there are some quirks like when you get a new token and immediately register a pubkey it doesn't work. Also if you register the key again you get empty response. I'm not sure if all servers are suitable or how the selection is supposed to work? But i can generate configs, and manually configure my wireguard interface.

I'm not sure about writing uci commands. I don't fully understand wireguard and VPNs in general, so would you create a peer for all remote hosts? And then use routing etc to divide traffic over different peers? Or would each connection use a random peer? Also why do you generate a peer for wgs.prod.surfshark.com with a static pub key?

Not sure if it is worth fully automating, i will monitor it for a while and check how often servers change.

RuralRoots · 2022-03-06T02:41:26.851Z

patrickm:

It seems there are some quirks like when you get a new token and immediately register a pubkey it doesn't work. Also if you register the key again you get empty response.

You have to remember that this is the API that is handling/interacting with all the various apps/platforms that SS provides a WG option. They tend to be transitory by their nature. It’s not intended to support/allow us to use a manual WG interface on our routers that at this point they don’t support. Them’s the quirks you come across as you’ve found.

Your Authentication Token token.json only has a limited lifespan (about 30 minutes~).

That’s why the -g switch gives you an unauthorized response beyond that until you get a new token.json using the -f -g switch.

So, bottom line - run once daily with -f -g switch, run once more within that ~30 minute window with just the -g switch to confirm the update.

SS has promised to give us a WG manual install for routers first quarter of 2022. I’ll believe it when I see it, but at the moment, this script works exceptionally well for me.

directnupe · 2022-03-08T20:30:13.902Z

Dear RuralRoots,
Hello and I hope that you are well. I took my first crack at setting up the script as you were kind enough to outline in your previous post / instructions. I ran across a few speed bumps. I think I went off course here -

You might also want to add a code snippet to the .sh script from 
an issue I posted on https://github.com/yazdan/openwrt-surfshark-wireguard
regarding added verbosity. It helps to verify your current update 
SSWG validation timespan.

Q1 -Would you please indicate where to add the snippet in the script - you know - on which line ?

I just caught this - I did not change :

config.json entry "config_folder": ".", dot to the full path 
of your install folder ie. /mnt/shared/wgapi

I will correct this - I used install folder /mnt/shared/wgapi as I used exroot on usb just as you do in your directions

Q2 - Lastly - how do I get to this point below on the shell command prompt ?

~/mnt/shared/wgapi# cat wg.log

I can't cd to this point - once again I am an advanced novice at best - please bear with me

~/mnt/shared/wgapi#

I will fix the folder full path error and hopefully hear from you regarding the other matters.

Thanks in your assistance - and hopefully I am getting closer to the top of the hill

RuralRoots · 2022-03-08T21:15:15.781Z

directnupe:

Q1 -Would you please indicate where to add the snippet in the script - you know - on which line ?

Add code snippet to gen_wg_config.sh after line 122

directnupe:

Q2 - Lastly - how do I get to this point below on the shell command prompt ?

~/mnt/shared/wgapi# cat wg.log

cd /mnt/shared/wgapi

Change /mnt/shared/wgapi anywhere you see it in my instructions to wherever on your overlay you placed the gen_wg_config.sh.

Replace the . to the same value.

~/mnt/shared/wgapi was just an example I used because that is where I placed my folder.

directnupe · 2022-03-08T21:26:52.101Z

Dear RuralRoots,
Thanks -

are the snippet ( s ) - I was unable to see / find which your post you reference regarding

a code snippet to the .sh script from an issue I posted 
on https://github.com/yazdan/openwrt-surfshark-wireguard  
regarding added verbosity.

I assiduously and diligently searched for your post to no avail - should I add ( after line 122 )

-v   /  -g  /  -f 

I believe that  -v  is the only one I need  - am I correct ? - 
or is something else totally different required ?

I created my install folder as below

mkdir -p /mnt/shared/wgapi/

and my log file as below

mkdir -p /mnt/shared/wgapi/wg.log/

I corrected my config.json entry "config_folder": ".", dot to the full path to below :

{
    "config_folder": "/mnt/shared/wgapi/",

Finally given all the information above - should I just

cd /mnt/shared/wgapi

and from there

cat /wg.log

Thanks My Brother for the guidance

PS - Are You Referring to your fork ?

https://github.com/ruralroots/openwrt-surfshark-wireguard

With regards to the code snippet to the .sh script ?

I found your fork and issue your raised here

https://github.com/yazdan/openwrt-surfshark-wireguard/issues/2

RuralRoots · 2022-03-08T21:58:51.106Z

directnupe:

are the snippet ( s )

added this code snippet to gen_wg_config.sh after line 122

        echo "TODAYS DATE"              # Display Run Date
        echo ""${now}""                 # and Time
        echo ""                         #
        echo "KEYS EXPIRE ON:"          # Display Authentication Token
        echo "${expire_date}"           # Expiry Date and Time
        logger -t SSWG "RUN DATE:${now}   KEYS EXPIRE ON: ${expire_date}"       # Log Status Information

directnupe:

and my log file as below

mkdir -p /mnt/shared/wgapi/wg.log/

You can remove the log file. It is set up in the crontabs/root entries.

directnupe:

Finally given all the information above - should I just

cd /mnt/shared/wgapi

You won't find any logs until the cron jobs run. You can copy the cron entries:
/mnt/shared/wgapi/gen-wg-config.sh -f -g >/mnt/shared/wgapi/wg-f.log 2>&1
/mnt/shared/wgapi/gen-wg-config.sh -g >>/mnt/shared/wgapi/wg-g.log 2>&1
run each seperately 5 minutes apart and you should see the 2 logs populate.

directnupe · 2022-03-08T22:04:39.444Z

Should I just use your forked script here :

https://github.com/ruralroots/openwrt-surfshark-wireguard

That would seem to just add the snippet as it is found natively in your script

I found your issue here

github.com/yazdan/openwrt-surfshark-wireguard

Add verbosity when using '-force' command line option.

opened 11:00AM - 22 Feb 22 UTC

ruralroots

I wanted additional verbosity both from the daily cron run and when manually run…ning the ./gen_wg_config.sh using '-f' command line option. I have added this code snippet to `gen_wg_config.sh` after line 122 that addresses the issue. ```` echo "TODAYS DATE" # Display Run Date echo ""${now}"" # and Time echo "" # echo "KEYS EXPIRE ON:" # Display Authentication Token echo "${expire_date}" # Expiry Date and Time logger -t SSWG "RUN DATE:${now} KEYS EXPIRE ON: ${expire_date}" # Log Status Information ````

Thanks for all your help

RuralRoots · 2022-03-08T22:12:32.449Z

directnupe:

Should I just use your forked script here :

Yes, you can do that. The credit goes to @yazdan though.

You will still need the cron entries as well.

directnupe · 2022-03-08T22:22:37.875Z

Thanks - my man - I appreciate your modesty - and yes @yazdan deserves the credit for being the founder and innovator - like Henry Ford - but we have to give Elon Musk - some credit for Tesla as well
Moreover, I want to thank you greatly for your patience, kindness - and tutelage in assisting me in order to get this up and running.
God Bless You and Your Friends and Family -

Thank you one more again

directnupe · 2022-03-08T23:31:28.267Z

Getting this error in your fork and when I add snippet to @yazdan script

parse error: Invalid numeric literal at line 1, column 42

RuralRoots · 2022-03-08T23:44:13.506Z

cat gen_wg_config.sh | head -n20

directnupe · 2022-03-08T23:48:08.671Z

2022-03-08_184726825×521 18.1 KB

I am going to do a fresh OpenWRT install hnyman Build for Netgear R7800
maybe I mucked up everything on this router

Q1 - Should I use @yazdan script for initial install / and then replace @yazdan script with yours for
automated cron job ?

I ask because I have never had issue with @yazdan script - this is why I will do fresh install.
Anyway - thanks for all your assistance

RuralRoots · 2022-03-09T07:27:08.830Z

directnupe:

parse error: Invalid numeric literal at line 1, column 42

This is an error from jq that parses your config.json. So there is a misconfiguration of your config.json following the change to your full path to the script.

I diff’d the repo gen_wg_config.sh and my local copy that runs here and they are identical.

There is no need to re-flash.

Post the cd command that gets you to your gen_wg_config.sh

directnupe · 2022-03-09T23:21:00.601Z

2022-03-09_175441825×521 16.7 KB

Thanks

RuralRoots · 2022-03-10T15:41:49.721Z

What do you use as an editor? vi, nano, a windows editor.

I would strongly suggest using “nano” to edit config files.

If you count characters including spaces from the start of your config.json you’ll see the point at which jq parse fails.

parse error: Invalid numeric literal at line 1, column 42

I suggest you copy the config.json.sample from the repo and use nano to re-edit it.

directnupe · 2022-03-10T20:21:29.738Z

Dear RuralRoots,
I did as you suggested - thanks for that I got your fork's gen_wg_config.sh to run / install properly
using this command ./gen_wg_config.sh - I got

Loggin in if needed ...
Getting the list of servers ...
Selecting servers ...
Generating keys ...
Checking pubkey ...
Unauthorized. Please run again

running - ./gen_wg_config.sh -f everything completed successfully

Loggin in if needed ...
Getting the list of servers ...
servers list already exist
Selecting servers ...
Generating keys ...
wg keys already exist
Registring pubkey ...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   102    0    44  100    58    165    218 --:--:-- --:--:-- --:--:--   387
Generating profiles...
generating config for al-tia.prod.surfshark.com

The issue may have been not configuring config.json.sample properly
as you suggested using nano.

Regarding the cron job - for my install folder - I am using as seen below

mkdir -p /root/wgapi/

So - would the correct / appropriate cron job ( s ) be as below :
After I mkdir wg.log in my install folder - i.e. - /root/wgapi

0 0 * * * now=$(date) ; echo "$now Start of Day - wg.log" >/root/wgapi/wg.log 2>&1  ## clear wg.log daily @ 00:00
5 00 * * * /root/wgapi/gen_wg_config.sh -f -g >>/root/wgapi/wg.log 2>&1 ## force registration daily @00:05
10 00 * * */root/wgapi/wgapi/gen_wg_config.sh -g >>/root/wgapi/wgapi/wg.log 2>&1 ## run once daily @00:10 after force

RuralRoots · 2022-03-10T21:13:59.157Z

directnupe:

Regarding the cron job - for my install folder - I am using as seen below
mkdir -p /root/wgapi/
So - would the correct / appropriate cron job ( s ) be as below :
After I mkdir wg.log in my install folder - i.e. - /root/wgapi

No. remove the /root/wgapi/ folder.

./ "means current working directory" ie. when you cd /mnt/shared/wgapi ./ simply means run gen_wg_config.sh from here.

The cron needs to know the Full Path to know where the script is located. Ergo, /mnt/shared/wgapi/. So use the cron entries I posted verbatim.

directnupe · 2022-03-11T19:15:11.147Z

I keep encountering this last issue. Seems that I don't know how to create /mnt/shared directory.
When creating my usb exroot - I put /dev/sda1
Mount point = / ( root ) - should it be mount point = overlay instead ?
I Googled /mnt/shared - and I got cifs - windows - samba - basically information about file sharing. My setup is not that elaborate or sophisticated.
Is there an installation directory that I can use which is less complex to use for the cron job ?
Maybe something like -

mkdir -p /mnt/opt/wgapi

I successfully run AdguardHome on / from this directory on my current setup

Anyway - no matter the outcome of this attempt to get this working; I wish to thank you to the Nth degree for sticking with me - through all my fumbling, stumbling and ignorance. I am not ashamed that there are many things that I simply don't know. I try to the best of my ability to find the answers on my own ( in part - not to become a perpetual giant PITA ) ; however, there are times where I still remain in the dark - and have to reach out in order to led into the light.
Thanks RuralRoots - hopefully - this will be it on this topic.

PS - If you do suggest an alternate installation folder / directory - if you would include an illustration of the correct corresponding cron job I would appreciate it -

RuralRoots · 2022-03-11T20:08:32.634Z

directnupe:

When creating my usb exroot - I put /dev/sda1

Yes, I was curious about that when you were talking overlay.

I’m not up on, but I’ll get back to you to work it out.

The cron was just a way to set and forget and the log was just to check key update because there wasn’t any visibility.

You can still run this once a day to update. /mnt/shared/wgapi/gen_wg_config.sh -f -g
Wait a few minutes and run /mnt/shared/wgapi/gen_wg_config.sh -g

RuralRoots · 2022-03-11T21:02:13.068Z

find / -iname gen_wg_config.sh Should return path.