Create Surfshark wireguard connection on OpenWrt easily

@Bill So weird. Today I looked in the config directory and there was no log file. So I removed everything and again ran your sswg script. It didn't produce any config files. Only keys + registration with SurfShark.
Then I thought your script doesn't produce configs (which later I read It should).
So I ran yazdan's script (using keys generated and registered by your script).
Then I created interface and firewall rules + added DNS in DHCP and DNS in luci.
And VOILA I see globe turn into "internet access". It connected to the peers. BUT even though it showed "Internet Access" I couldn't browse anything.
So I started browsing google on a different machine and found out that MSS clamping should be enabled. Now I have internet access through SurfShark. BUUUUUT!!! I run speedtest and speed is only 44mbit for some reason!!!... Cut down 10x from my original 400mbit.
But it might be just my router. I've read in docs for Openwrt for my router (wd n750) that WAN->LAN has software limitations where's it is limited to 100mbit. Even though my wireless supports 450mbit and all ports are Gigabit. I thought maybe with wireguard it'll somehow magically bypass this limitation :stuck_out_tongue: but guess not. Still even 100mbit would be better than 44.
I guess it'll suffice for now until I get access to a better router. :slight_smile:

P.S. there was still no log file. Maybe I should've added some code like "> wg.log" or something.

No I should have been clear.

The cron job automatically calls for the logging. I should have stated that to produce a file wg.log in the directory you should run.

./wg/ -g >>/wg/wg.log


  • -g grabs the conf files.

  • just renews the keys.

  • Having a wg.json file is now something to covet and renew!

Running the script via your favorite terminal ssh you could have copied and pasted the output of the job also, which is what you see in my first post.

The good news is you managed to figure out how to get inet up. After other's jump in and provide further suggestions you may get it tweaked to your satisfaction.

Welcome aboard and I wish you well.

You can’t transfer more than a maximum 100Mbps. Run your speedtest with WG disabled and then run it again with WG enabled to get a better picture.

FWIW, @yazdan script(s) have never failed me once configured properly. My SS PubKey has been successfully updated daily since Dec. 21, 2021. The only thing I have added was 5 lines of code to allow logging PubKey refresh, a syslog entry on refresh, and a daily email sent to my gmail account. I’ve issued a PR to @yazdan asking to merge that into his script.

Edit: PR merged.

1 Like

Sweet to see your work attributed.

^^ Is misleadingly quoted.

The SSWG Script which Bill and Paul have forks for - will one or both of you update your Projects / Scripts to include the 5 ( five ) lines of code which Paul refers to in his post above. The PR which has been merged. BTW, just because I am a bit confused - if I may ask - Paul - what script do you have set up / run on your router?
Peace To All

Hello directnupe. I have always used @yazdan scripts with my additions.

3 of the lines of code you refer to relate to the WG AUTHENTICATION KEY UPDATE and syslog logread -e SSWG when wg auth key refresh successfully updates. You see this on the CLI when you run the script, or redirect the output to a log file.

This code has now been merged into @yazdan repository so our two scripts are now synced.

The other two lines of code was not part of the PR and exists only on my local repository. It lets me send a daily update to my gmail address with same information.

Thanks - @RurlRoots I appreciate the information. Regarding this below :

The other two lines of code was not part of the 
PR and exists only on my local repository. 
It lets me send a daily update to my gmail address 
with same information.

Is there anyway that I can modify the SSWG SCRIPT so that I can have a daily update sent to an email address of my own ? Just asking - not a deal breaker - and as always thank you for being so helpful and instructive.

That would be a question for @Bill. I’m not fully versed in his code to answer either way.

It also requires the msmtp package installed & configured to work with your mail provider. Here is a link to the configuration docs:

1 Like

Thanks for your redirect. I have no desire to involve Google SMTP in's code.

I'm sincerely happy that @yazdan is updating the threads topical script, and that your issue 2 was compiled into PR12.

1 Like


Google requires auth now or rejects.

Either way, it’s out of scope for @yazdan script as well and ergo not included in the PR. Anybody that can set up msmtp and successfully send/receive to their desired SMTP account via CLI should be able to attach the log as message body.

1 Like


And your additions were an eye opener for me even before I joined, I had added the lines to the base @yazdan script and enjoyed the foresight provided. Having logs to the System Log and a well thought out Cron Job, you provided the basis for my attempt to evolving @patrickm script prior to creating a GitHub account; which is my way of apologizing for 'Jumping the Shark' on the account of other's hard earned creds and work.


We have in the community users posting all sorts of ideas, queries and suggestions, and a great movement to think outside the box. Desire is everything. Ideas are born from it and results are paved by it.

Another form of notification is not desired as the work is done, logged, and enjoyed.

1 Like