Script to setup Wireguard server and peers

atux_null · March 18, 2021, 5:22pm

I would like to ask if there is a script to setup the Wireguard server in Openwrt and then create the peers, please

iplaywithtoys · March 18, 2021, 5:29pm

Google says yes.

This is the first result when searching Google for wireguard openwrt script: https://gist.github.com/dustinlbarnett/2497d71cd0d245979ac2da93e4c6b26b

This is another result when searching Google for wireguard openwrt script: https://www.reddit.com/r/WireGuard/comments/eo33pw/automating_peer_creation_on_openwrt_via_cli/

atux_null · March 18, 2021, 5:51pm

@iplaywithtoys thanks for the quick reply. So i only execute the script

https://gist.github.com/dustinlbarnett/2497d71cd0d245979ac2da93e4c6b26b

to create the server, or do i need something else to do regarding the setup?

iplaywithtoys · March 18, 2021, 5:52pm

I've no idea. I didn't test the scripts. I create my WG servers and clients manually.

vgaetera · March 18, 2021, 10:22pm

atux_null · March 20, 2021, 3:33pm

Hi, i have used the script https://gist.github.com/dustinlbarnett/2497d71cd0d245979ac2da93e4c6b26b and a user created. I used my phone to scan the produced QR code and a new tunnel created. I enabled it, but i do not see any traffic. Do i have to do something else in the router? Here are the steps:

root@OpenWrt_alix: ~ $ ./wireguard_setup.sh
Updating package list and installing:
kmod-wireguard luci-app-wireguard luci-proto-wireguard wireguard wireguard-tools qrencode

Package kmod-wireguard (4.14.215+1.0.20200611-1) installed in root is up to date.
Package luci-app-wireguard (git-21.072.27936-731d2e3-1) installed in root is up to date.
Package luci-proto-wireguard (git-21.072.27936-731d2e3-1) installed in root is up to date.
Package wireguard (1.0.20200611-2) installed in root is up to date.
Package wireguard-tools (1.0.20191226-1) installed in root is up to date.
Package qrencode (4.0.2-2) installed in root is up to date.

What will be the IP Address of the mobile client?
10.8.0.21

What is the DNS server on the server network
8.8.8.8

What is the Host IP address or FQDN including port?
atux.ddns.net:51820


Client config saved to mobile_client.conf

█████████████████████████████████████████████████████████████████████
█████████████████████████████████████████████████████████████████████
████ ▄▄▄▄▄ █▀██▀█▀█▀ ▀▄█▄▀█▀ ▄ ▀▄█▄█▀▀▄▀ ▀  ▄ ▀█▀▄▀▄▀▄█  █ ▄▄▄▄▄ ████
████ █   █ █▀█ ▄███▀▄▀ ▄▀ ██ ▀▀█ █ █▀ ▀▄▀▀ ▄▀▄ █▄▀█▀▀▄ ▄ █ █   █ ████

Any ideas please?

iplaywithtoys · March 20, 2021, 3:45pm

atux.ddns.net returns NXDOMAIN. Is that a valid FQDN?

atux_null · March 20, 2021, 4:16pm

it is an example. it is not a valid domain. The domain that i use and query returns correctly the IP of the router, as it is already checked with a port forwarding to one of my servers and a test webpage

Is this the correct syntax for domain:port? Do i need to add something else?

iplaywithtoys · March 20, 2021, 4:27pm

That depends on what the script is expecting to see. The only way to be certain is to read the script and work out what it's doing.

That said, <fqdn>:<port> is a very common syntax in many applications, so it seems plausible to me.

atux_null · March 20, 2021, 4:35pm

The app shows on the transfer part
rx:0 B, tx:0 B

Does it need anything else to be opened on the router?
Anyt other way to create the server?

iplaywithtoys · March 20, 2021, 4:37pm

Yes. The firewall has to be configured to allow inbound traffic.

Yes. Manually. It's quicker than trying to troubleshoot scripts.

vgaetera · March 20, 2021, 6:03pm

Use the method posted above, it should just work.

atux_null · March 20, 2021, 7:00pm

@vgaetera the method seems to fail

root@OpenWrt_alix: ~ $ opkg install libustream-mbedtls
Unknown package 'libustream-mbedtls'.
Collected errors:
 * opkg_install_cmd: Cannot install package libustream-mbedtls.
root@OpenWrt_alix: ~ $ URL="https://openwrt.org/_export/code/docs/guide-user/services/vpn/wireguard"
root@OpenWrt_alix: ~ $ cat << EOF > wireguard-server.sh
> $(uclient-fetch -O - "${URL}/server?codeblock=0")
> $(uclient-fetch -O - "${URL}/server?codeblock=1")
> $(uclient-fetch -O - "${URL}/server?codeblock=2")
> $(uclient-fetch -O - "${URL}/server?codeblock=3")
> sleep 10
> $(uclient-fetch -O - "${URL}/extras?codeblock=14")
> EOF
uclient-fetch: SSL support not available, please install one of the libustream-.*[ssl|tls] packages as well as the ca-bundle and ca-certificates packages.
uclient-fetch: SSL support not available, please install one of the libustream-.*[ssl|tls] packages as well as the ca-bundle and ca-certificates packages.
uclient-fetch: SSL support not available, please install one of the libustream-.*[ssl|tls] packages as well as the ca-bundle and ca-certificates packages.
uclient-fetch: SSL support not available, please install one of the libustream-.*[ssl|tls] packages as well as the ca-bundle and ca-certificates packages.
uclient-fetch: SSL support not available, please install one of the libustream-.*[ssl|tls] packages as well as the ca-bundle and ca-certificates packages.
root@OpenWrt_alix: ~ $

vgaetera · March 20, 2021, 7:03pm

Did you run this in the beginning?

opkg update

atux_null · March 21, 2021, 7:17am

I was trying to setup everything manually and failed due to Packages missing in 19.07.7? - #4 by hnyman
Since it iis fixed everything came back to normal. I did tĥe manual setup according to openwrt wiki and i have Wireguard working fine.

system · March 31, 2021, 7:17am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.