Yes with some more tinkering I made it work. Also put some improvements in the script but it's not finished yet :D. It seems there are some quirks like when you get a new token and immediately register a pubkey it doesn't work. Also if you register the key again you get empty response. I'm not sure if all servers are suitable or how the selection is supposed to work? But i can generate configs, and manually configure my wireguard interface.
I'm not sure about writing uci commands. I don't fully understand wireguard and VPNs in general, so would you create a peer for all remote hosts? And then use routing etc to divide traffic over different peers? Or would each connection use a random peer? Also why do you generate a peer for wgs.prod.surfshark.com with a static pub key?
Not sure if it is worth fully automating, i will monitor it for a while and check how often servers change.
You have to remember that this is the API that is handling/interacting with all the various apps/platforms that SS provides a WG option. They tend to be transitory by their nature. It’s not intended to support/allow us to use a manual WG interface on our routers that at this point they don’t support. Them’s the quirks you come across as you’ve found.
Your Authentication Tokentoken.json only has a limited lifespan (about 30 minutes~).
That’s why the -g switch gives you an unauthorized response beyond that until you get a new token.json using the -f -g switch.
So, bottom line - run once daily with -f -g switch, run once more within that ~30 minute window with just the -g switch to confirm the update.
SS has promised to give us a WG manual install for routers first quarter of 2022. I’ll believe it when I see it, but at the moment, this script works exceptionally well for me.
Dear RuralRoots,
Hello and I hope that you are well. I took my first crack at setting up the script as you were kind enough to outline in your previous post / instructions. I ran across a few speed bumps. I think I went off course here -
You might also want to add a code snippet to the .sh script from
an issue I posted on https://github.com/yazdan/openwrt-surfshark-wireguard
regarding added verbosity. It helps to verify your current update
SSWG validation timespan.
Q1 -Would you please indicate where to add the snippet in the script - you know - on which line ?
I just caught this - I did not change :
config.json entry "config_folder": ".", dot to the full path
of your install folder ie. /mnt/shared/wgapi
I will correct this - I used install folder /mnt/shared/wgapi as I used exroot on usb just as you do in your directions
Q2 - Lastly - how do I get to this point below on the shell command prompt ?
~/mnt/shared/wgapi# cat wg.log
I can't cd to this point - once again I am an advanced novice at best - please bear with me
~/mnt/shared/wgapi#
I will fix the folder full path error and hopefully hear from you regarding the other matters.
Thanks in your assistance - and hopefully I am getting closer to the top of the hill
added this code snippet to gen_wg_config.sh after line 122
echo "TODAYS DATE" # Display Run Date
echo ""${now}"" # and Time
echo "" #
echo "KEYS EXPIRE ON:" # Display Authentication Token
echo "${expire_date}" # Expiry Date and Time
logger -t SSWG "RUN DATE:${now} KEYS EXPIRE ON: ${expire_date}" # Log Status Information
You can remove the log file. It is set up in the crontabs/root entries.
You won't find any logs until the cron jobs run. You can copy the cron entries: /mnt/shared/wgapi/gen-wg-config.sh -f -g >/mnt/shared/wgapi/wg-f.log 2>&1 /mnt/shared/wgapi/gen-wg-config.sh -g >>/mnt/shared/wgapi/wg-g.log 2>&1
run each seperately 5 minutes apart and you should see the 2 logs populate.
Thanks - my man - I appreciate your modesty - and yes @yazdan deserves the credit for being the founder and innovator - like Henry Ford - but we have to give Elon Musk - some credit for Tesla as well
Moreover, I want to thank you greatly for your patience, kindness - and tutelage in assisting me in order to get this up and running.
God Bless You and Your Friends and Family -
This is an error from jq that parses your config.json. So there is a misconfiguration of your config.json following the change to your full path to the script.
I diff’d the repo gen_wg_config.sh and my local copy that runs here and they are identical.
There is no need to re-flash.
Post the cd command that gets you to your gen_wg_config.sh
Dear RuralRoots,
I did as you suggested - thanks for that I got your fork's gen_wg_config.sh to run / install properly
using this command ./gen_wg_config.sh - I got
Loggin in if needed ...
Getting the list of servers ...
Selecting servers ...
Generating keys ...
Checking pubkey ...
Unauthorized. Please run again
Loggin in if needed ...
Getting the list of servers ...
servers list already exist
Selecting servers ...
Generating keys ...
wg keys already exist
Registring pubkey ...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 102 0 44 100 58 165 218 --:--:-- --:--:-- --:--:-- 387
Generating profiles...
generating config for al-tia.prod.surfshark.com
The issue may have been not configuring config.json.sample properly
as you suggested using nano.
Regarding the cron job - for my install folder - I am using as seen below
mkdir -p /root/wgapi/
So - would the correct / appropriate cron job ( s ) be as below :
After I mkdir wg.log in my install folder - i.e. - /root/wgapi
0 0 * * * now=$(date) ; echo "$now Start of Day - wg.log" >/root/wgapi/wg.log 2>&1 ## clear wg.log daily @ 00:00
5 00 * * * /root/wgapi/gen_wg_config.sh -f -g >>/root/wgapi/wg.log 2>&1 ## force registration daily @00:05
10 00 * * */root/wgapi/wgapi/gen_wg_config.sh -g >>/root/wgapi/wgapi/wg.log 2>&1 ## run once daily @00:10 after force
I keep encountering this last issue. Seems that I don't know how to create /mnt/shared directory.
When creating my usb exroot - I put /dev/sda1
Mount point = / ( root ) - should it be mount point = overlay instead ?
I Googled /mnt/shared - and I got cifs - windows - samba - basically information about file sharing. My setup is not that elaborate or sophisticated.
Is there an installation directory that I can use which is less complex to use for the cron job ?
Maybe something like -
mkdir -p /mnt/opt/wgapi
I successfully run AdguardHome on / from this directory on my current setup
Anyway - no matter the outcome of this attempt to get this working; I wish to thank you to the Nth degree for sticking with me - through all my fumbling, stumbling and ignorance. I am not ashamed that there are many things that I simply don't know. I try to the best of my ability to find the answers on my own ( in part - not to become a perpetual giant PITA ) ; however, there are times where I still remain in the dark - and have to reach out in order to led into the light.
Thanks RuralRoots - hopefully - this will be it on this topic.
PS - If you do suggest an alternate installation folder / directory - if you would include an illustration of the correct corresponding cron job I would appreciate it -