For those in the dark as to how to configure SurfShark WireGuard Configuration Files
Thanks to all the folks here who keep perfecting this project.
IMPORTANT UPDATE April 17, 2022 - Easter Day
For The Most Simple and Direct Evolution of All
The Collective Hard Work Done Here -
In other words TRULY Easy SurfShark WireGuard
Go Here People For SurfShark WireGurard ~ SSWG
From the dummy file below: Go to the the very bottom of this file and add the following :
The keys and addresses used here are fictional and used only for illustrative purposes.
Set the server's network configuration by editing /etc/config/network to include following parts.
In the default install folder ( /wg/ ) after running script ( sswg.sh ) - you will find SurfShark Wireguard configuration files in the default installation folder /wg/ in the conf directory. In this example I am using us-ash.prod.conf - you can read the file - by running # cat us-ash.prod.conf - while in the conf directory. All configuration files are in /wg/conf directory - my file used here is
/wg/conf/us-ash.prod.conf
1) Set the wireguard server's network configuration by editing
/etc/config/network
to include following parts.
[Interface]
PrivateKey=foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc9Q=
Address=10.16.1.7/8
MTU=1350
[Peer]
PublicKey=/llFOsnvj7GcXasKrojhZl6nRnnn4D8sRuDUKEdiZzM=
AllowedIPs=172.18.0.40/32
Endpoint=wgs.prod.surfshark.com:51820
PersistentKeepalive=25
[Peer]
PublicKey=cxti1XR6uW483xAioP3d1ZaoGSy+obY6WaE4fW1A6Nk=
AllowedIPs=0.0.0.0/0
Endpoint=us-ash.prod.surfshark.com:51820
PersistentKeepalive=25
2 - Open the file: nano /etc/config/network - and go to the very bottom of the file
Here is how you configure the SurfShark WireGuard Interface and Two Peers
The Information is found in the example directly above.
config interface 'wg0'
option proto 'wireguard'
option private_key 'foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc9Q='
list addresses '10.16.1.7/8'
option mtu '1350'
option dns '1.0.0.1 1.1.1.1'
config wireguard_wg0
option public_key '/llFOsnvj7GcXasKrojhZl6nRnnn4D8sRuDUKEdiZzM='
option route_allowed_ips '1'
list allowed_ips '172.18.0.40/32'
option persistent_keepalive '25'
option description 'WG_1'
option endpoint_host 'wgs.prod.surfshark.com'
option endpoint_port '51820'
config wireguard_wg0
option public_key 'cxti1XR6uW483xAioP3d1ZaoGSy+obY6WaE4fW1A6Nk='
list allowed_ips '0.0.0.0/0'
option persistent_keepalive '25'
option description 'WG_2'
option route_allowed_ips '1'
option endpoint_host 'us-ash.prod.surfshark.com'
option endpoint_port '51820'
Save and Exit
3) Configure the OpenWRT firewall for your Surfshark WIRGUARD Client:
Special Thanks to trendy ( from the OpenWRT Forum ) for helping me with this elegant solution
The most simple, effective and efficient method to set up your firewall
for Surfshark WIREGUARD this is to add the 'wg0' network
to the wan zone in the /etc/config/firewall configuration file
Edit /etc/config/firewall file and add the 'wg0' network as follows:
wgzero
Open the file: nano /etc/config/firewall
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
list network 'wg0' ## This is the line you need to add - and you are done
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
Save and Exit
Then issue from command line Step 4 below:
4 ) Apply changes
/etc/init.d/network reload
ifdown wg0
ifup wg0
/etc/init.d/firewall restart
Finally
# wg show ## in order to check connection and data transfer rates