[VU+ Uno4K] Wireguard on enigma2

[dsayers]

Hi I'm looking for help with setting up wireguard via VPN but I can't seem to find much documentation

I can get the wg.conf file from keepsolid VPN.

What I have done so far is


Commands I have done

opkg update && opkg install wireguard-tools

opkg install openresolv


This creates a folder in etc called wireguard so I added my config in there but I'm not sure what to do next

root@vuuno4k:~# wg-quick up wg0                                           

[#] ip link add wg0 type wireguard                                       

[#] wg setconf wg0 /dev/fd/63                                             

[#] ip -4 address add 10.xxx.xxx.xx/32 dev wg0                           

[#] ip link set mtu 1420 up dev wg0                                       

[#] resolvconf -a wg0 -m 0 -x                                             /sbin/resolvconf: illegal option -- x                                     

[#] wg set wg0 fwmark 51820                                               

[#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820                         ip: invalid argument '51820' to 'table'                                   

[#] resolvconf -d wg0 -f                                                  

[#] ip link delete dev wg0

This is an example of my config

[Interface]
PrivateKey = xxxxxxxx=
ListenPort = 51820
Address = 10.xxx.107.xxx/32
DNS = 10.100.0.1

[Peer]
PublicKey = xxxxxxxxxx=
PresharedKey = xxxxxxxxxx=
AllowedIPs = 0.0.0.0/0
Endpoint = 5.xxx.169.xxx:51820
PersistentKeepalive = 25

What I have noticed is openreslov maybe outdated.

Current version on feeds openresolv (3.5.2-r0)

I think latest is openresolv 3.12.0

https://guix.gnu.org/packages/openresolv-3.12.0/

 

[lincsat]

I've just tried with 6.3.001.004 (Dev) on a ZGemma H7 and got the same

/sbin/resolvconf: illegal option -- x

I've found a openresolv-3.12.0-r1.apk file online and extracted the \sbin\resolvconf file and the contents of the \lib\resolvconf\ folder and put them on the box. That removes the message

/sbin/resolvconf: illegal option -- x

I still get an error

[#] ip -4 route add 0.0.0.0/0 dev wg1784 table 51820
ip: invalid argument '51820' to 'table'

when using the

AllowedIPs = 0.0.0.0/0

I have changed that to allow everything except the 192* range and wireguard appears to start. It allocates the interface address and adds the allowed addresses. IP checker shows the correct local address but I get no Internet, I've tried a few different endpoints on NordVPN. I can connect a GL-Net router through wireguard using the same parameters

Here is my current config

[Interface]
PrivateKey = ***********************
ListenPort = 51820
Address = 10.*.0.*/32
DNS = 1.1.1.1

[Peer]
PublicKey = *******************************
AllowedIPs = 0.0.0.0/1, 128.0.0.0/2, 193.0.0.0/8, 194.0.0.0/7, 196.0.0.0/6, 200.0.0.0/5, 208.0.0.0/4, 224.0.0.0/3
Endpoint = uk2007.nordvpn.com:51820
PersistentKeepalive = 25

And the telnet output

root@zgemmah7:~# wg-quick up uk2007
[#] ip link add uk2007 type wireguard
[#] wg setconf uk2007 /dev/fd/63
[#] ip -4 address add 10.*.0.*/32 dev uk2007
[#] ip link set mtu 1420 up dev uk2007
[#] resolvconf -a uk2007 -m 0 -x
[#] ip -4 route add 193.0.0.0/8 dev uk2007
[#] ip -4 route add 194.0.0.0/7 dev uk2007
[#] ip -4 route add 196.0.0.0/6 dev uk2007
[#] ip -4 route add 200.0.0.0/5 dev uk2007
[#] ip -4 route add 208.0.0.0/4 dev uk2007
[#] ip -4 route add 224.0.0.0/3 dev uk2007
[#] ip -4 route add 128.0.0.0/2 dev uk2007
[#] ip -4 route add 0.0.0.0/1 dev uk2007
root@zgemmah7:~#

I get this in the Enigma log which appears to show that Wireguard is not up

17:54:15.2057 [Network] Add new interface: uk2007
17:54:15.2087 [Network] read configured interface: {'lo': {'dhcp': False}, 'wlan0': {'dhcp': True}, 'atml0': {'dhcp': True}, 'eth0': {'dhcp': True}, 'eth1': {'dhcp': True}, 'usb0': {'dhcp': False}, 'bnep0': {'dhcp': True}}
17:54:15.2098 [Network] self.ifaces after loading: {'eth0': {'up': True, 'dhcp': True, 'preup': False, 'predown': False, 'ip': [192, 168, 1, 222], 'netmask': [255, 255, 255, 0], 'bcast': [192, 168, 1, 255], 'mac': '00:17:9a:23:86:fa', 'gateway': [192, 168, 1, 1]}, 'uk2007': {'up': False, 'dhcp': True, 'preup': False, 'predown': False, 'ip': [0, 0, 0, 0], 'netmask': [0, 0, 0, 0], 'gateway': [0, 0, 0, 0]}}

That's as far as I've got and am beyond my skill level - maybe worth trying it with your keepsolid VPN config M8. I have attached the openresolv-3.12.0-r1.apk in a rar for you to try

 

[dsayers]

I've just tried with 6.3.001.004 (Dev) on a ZGemma H7 and got the same

/sbin/resolvconf: illegal option -- x

I've found a openresolv-3.12.0-r1.apk file online and extracted the \sbin\resolvconf file and the contents of the \lib\resolvconf\ folder and put them on the box. That removes the message

/sbin/resolvconf: illegal option -- x

I still get an error

[#] ip -4 route add 0.0.0.0/0 dev wg1784 table 51820
ip: invalid argument '51820' to 'table'

when using the

AllowedIPs = 0.0.0.0/0

I have changed that to allow everything except the 192* range and wireguard appears to start. It allocates the interface address and adds the allowed addresses. IP checker shows the correct local address but I get no Internet, I've tried a few different endpoints on NordVPN. I can connect a GL-Net router through wireguard using the same parameters

Here is my current config

[Interface]
PrivateKey = ***********************
ListenPort = 51820
Address = 10.*.0.*/32
DNS = 1.1.1.1

[Peer]
PublicKey = *******************************
AllowedIPs = 0.0.0.0/1, 128.0.0.0/2, 193.0.0.0/8, 194.0.0.0/7, 196.0.0.0/6, 200.0.0.0/5, 208.0.0.0/4, 224.0.0.0/3
Endpoint = uk2007.nordvpn.com:51820
PersistentKeepalive = 25

And the telnet output

root@zgemmah7:~# wg-quick up uk2007
[#] ip link add uk2007 type wireguard
[#] wg setconf uk2007 /dev/fd/63
[#] ip -4 address add 10.*.0.*/32 dev uk2007
[#] ip link set mtu 1420 up dev uk2007
[#] resolvconf -a uk2007 -m 0 -x
[#] ip -4 route add 193.0.0.0/8 dev uk2007
[#] ip -4 route add 194.0.0.0/7 dev uk2007
[#] ip -4 route add 196.0.0.0/6 dev uk2007
[#] ip -4 route add 200.0.0.0/5 dev uk2007
[#] ip -4 route add 208.0.0.0/4 dev uk2007
[#] ip -4 route add 224.0.0.0/3 dev uk2007
[#] ip -4 route add 128.0.0.0/2 dev uk2007
[#] ip -4 route add 0.0.0.0/1 dev uk2007
root@zgemmah7:~#

I get this in the Enigma log which appears to show that Wireguard is not up

17:54:15.2057 [Network] Add new interface: uk2007
17:54:15.2087 [Network] read configured interface: {'lo': {'dhcp': False}, 'wlan0': {'dhcp': True}, 'atml0': {'dhcp': True}, 'eth0': {'dhcp': True}, 'eth1': {'dhcp': True}, 'usb0': {'dhcp': False}, 'bnep0': {'dhcp': True}}
17:54:15.2098 [Network] self.ifaces after loading: {'eth0': {'up': True, 'dhcp': True, 'preup': False, 'predown': False, 'ip': [192, 168, 1, 222], 'netmask': [255, 255, 255, 0], 'bcast': [192, 168, 1, 255], 'mac': '00:17:9a:23:86:fa', 'gateway': [192, 168, 1, 1]}, 'uk2007': {'up': False, 'dhcp': True, 'preup': False, 'predown': False, 'ip': [0, 0, 0, 0], 'netmask': [0, 0, 0, 0], 'gateway': [0, 0, 0, 0]}}

That's as far as I've got and am beyond my skill level - maybe worth trying it with your keepsolid VPN config M8. I have attached the openresolv-3.12.0-r1.apk in a rar for you to try

I get similar results.

There is a wireguard plugin here but I don't have a VPN that it supports

https://www.linuxsat-support.com/thread/153852-wireguard-vpn-plugin-by-madhouse/?pageNo=1

 

[urie]

Hi I'm looking for help with setting up wireguard via VPN but I can't seem to find much documentation

I can get the wg.conf file from keepsolid VPN.

What I have done so far is


Commands I have done

opkg update && opkg install wireguard-tools

opkg install openresolv


This creates a folder in etc called wireguard so I added my config in there but I'm not sure what to do next

root@vuuno4k:~# wg-quick up wg0                                           

[#] ip link add wg0 type wireguard                                       

[#] wg setconf wg0 /dev/fd/63                                             

[#] ip -4 address add 10.xxx.xxx.xx/32 dev wg0                           

[#] ip link set mtu 1420 up dev wg0                                       

[#] resolvconf -a wg0 -m 0 -x                                             /sbin/resolvconf: illegal option -- x                                     

[#] wg set wg0 fwmark 51820                                               

[#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820                         ip: invalid argument '51820' to 'table'                                   

[#] resolvconf -d wg0 -f                                                  

[#] ip link delete dev wg0

This is an example of my config

[Interface]
PrivateKey = xxxxxxxx=
ListenPort = 51820
Address = 10.xxx.107.xxx/32
DNS = 10.100.0.1

[Peer]
PublicKey = xxxxxxxxxx=
PresharedKey = xxxxxxxxxx=
AllowedIPs = 0.0.0.0/0
Endpoint = 5.xxx.169.xxx:51820
PersistentKeepalive = 25

What I have noticed is openreslov maybe outdated.

Current version on feeds openresolv (3.5.2-r0)

I think latest is openresolv 3.12.0

https://guix.gnu.org/packages/openresolv-3.12.0/

found this info elswere not sure if it may help.

opkg update && opkg upgrade
opkg install wireguard-tools
opkg install wireguard-tools-bash-completion
opkg install openresolv

restart box.

Download Wireguard *.conf and rename it: wg0.conf
Copy wg0.conf to /etc/wireguard .

chmod 600 /etc/wireguard/wg0.conf

Create enigma2_pre_start.sh :

#!/bin/sh

wg-quick up wg0

exit

Copy enigma2_pre_start.sh to /usr/bin/ .

chmod 755 /usr/bin/enigma2_pre_start.sh

restart box.

 

[lincsat]

I get similar results.

There is a wireguard plugin here but I don't have a VPN that it supports

https://www.linuxsat-support.com/thread/153852-wireguard-vpn-plugin-by-madhouse/?pageNo=1

I've just loaded that plugin and works well with both Nord and Surfshark on my H7 box. The plugin thread does show how to check status of the WG using the script from this thread

wg show wg0

That shows a connection to my server but nothing downloading (NOTE: this is using the script only, not the plugin)

root@zgemmah7:/tmp# wg show wg0
interface: wg0
  public key: YgsI5+xsk03hZKXw32jDXLeAk/sCEbMqiZ2DK5Bj6VA=
  private key: (hidden)
  listening port: 51820

peer: K53l2wOIHU3262sX5N/5kAvCvt4r55lNui30EbvaDlE=
  endpoint: 195.206.183.211:51820
  allowed ips: 0.0.0.0/32, 0.0.0.2/31, 0.0.0.4/30, 0.0.0.8/29, 0.0.0.16/28, 0.0.0.32/27, 0.0.0.64/26, 0.0.0.128/25, 0.0.1.0/24, 0.0.2.0/23, 0.0.4.0/22, 0.0.8.0/21, 0.0.16.0/20, 0.0.32.0/19, 0.0.64.0/18, 0.0.128.0/17, 0.1.0.0/16, 0.2.0.0/15, 0.4.0.0/14, 0.8.0.0/13, 0.16.0.0/12, 0.32.0.0/11, 0.64.0.0/10, 0.128.0.0/9, 1.0.0.0/8, 2.0.0.0/7, 4.0.0.0/6, 8.0.0.0/5, 16.0.0.0/4, 32.0.0.0/3, 64.0.0.0/2, 128.0.0.0/1
  latest handshake: 2 minutes, 37 seconds ago
  transfer: 92 B received, 4.07 MiB sent
  persistent keepalive: every 25 seconds

It looks like it's very close to working. If you have the skill, maybe you could look in the plugin to see what it does differently

 

[dsayers]

Does the plugin not copy a config to etc/wireguard? If it does you could see if it modifies the default config

If it does you could also save a copy of the config and stop the wireguard plugin and send the config back to the wireguard folder and start it via command line to see if the plugin is doing something else

 

[lincsat]

Does the plugin not copy a config to etc/wireguard? If it does you could see if it modifies the default config

If it does you could also save a copy of the config and stop the wireguard plugin and send the config back to the wireguard folder and start it via command line to see if the plugin is doing something else

Never thought of that! It does and that connection works with the script - looks like we were missing telling the box how to route to the WG server

# Script created by Madhouse
[Interface]
PrivateKey = **********************
Address = 10.*.*.2/16
DNS = 162.252.172.57, 149.154.159.92
PostUp = ip -4 route add 178.238.10.208 via 192.168.1.1
PostDown = ip -4 route del 178.238.10.208 via 192.168.1.1

[Peer]
PublicKey = iBJRXLZwXuWWrOZE1ZrAXEKMgV/z0WjG0Tks5rnWLBI=
AllowedIps= 0.0.0.0/1,128.0.0.0/1
Endpoint = 178.238.10.208:51820
PersistentKeepalive = 25

 

[dsayers]

Thanks I'll take a look. I was already trying IP routes and I was getting errors when trying above. This morning I have no internet connection on my box although wireguard isn't running.

I'll try a reflash and try again. Thanks

Edit after reconfiguring network connection this is the error I'm getting

[#] ip -4 route add 195.181.164.197: via 192.168.0.1
ip: RTNETLINK answers: File exists

 

[dsayers]

Never thought of that! It does and that connection works with the script - looks like we were missing telling the box how to route to the WG server

# Script created by Madhouse
[Interface]
PrivateKey = **********************
Address = 10.*.*.2/16
DNS = 162.252.172.57, 149.154.159.92
PostUp = ip -4 route add 178.238.10.208 via 192.168.1.1
PostDown = ip -4 route del 178.238.10.208 via 192.168.1.1

[Peer]
PublicKey = iBJRXLZwXuWWrOZE1ZrAXEKMgV/z0WjG0Tks5rnWLBI=
AllowedIps= 0.0.0.0/1,128.0.0.0/1
Endpoint = 178.238.10.208:51820
PersistentKeepalive = 25

Ok got this working now with VPN unlimited. I've been on and off on this since the beginning of the year so thanks for your help

 

[urie]

Ok got this working now with VPN unlimited. I've been on and off on this since the beginning of the year so thanks for your help

And now what do you think wireguard vs openvpn for myself with openvpn with a gigablue quad uhd 4k with Gigabit ethernet port on 200 mb virgin media package most I could get was between 35 - 65 Mbps now with wireguard

 

[lincsat]

Wireguard is much faster than openVPN for me on every device I've used it on, almost as fast as having no VPN at all.

 

[dsayers]

I tested on Canada server using VPN unlimited and only got 35mb lol

Now I know how to configure it it can test different countries to see if I can get a better speed. I also have purevpn I need to test

 

[Ev0]

Wow.

Using Nordvpn previously I was getting between 70 and 100mbps using openvpn.

Just installed wireguard on Ultimo4K and now seeing 435mbps (I don't get more than 500mbps without a vpn anyway).

 

[Lu1981kas]

Hi @all iam New member here. the discussion here make me interesting. Wanna test wireguard with purevpn on my duo 4kse.... Does it work with python 2 and 3 images? Do you know if purevpn works to?

 

[dsayers]

Hi @all iam New member here. the discussion here make me interesting. Wanna test wireguard with purevpn on my duo 4kse.... Does it work with python 2 and 3 images? Do you know if purevpn works to?

If wireguard is available to install via command line then it should work.

I can't seem to get purevpn working although I can get VPN unlimited working.

 

[dsayers]

OE-Alliance has updated openresolv https://github.com/oe-alliance/oe-alliance-core/commit/d1965bd880977a2fa9f4f241092adc4d418404d9 hopefully added on next release build

 

[dsayers]

Wireguard VPN plugin now allows you to add configs to /etc/WgConfig or /hdd/WgConfig without needing to edit the configs making it even easier to run Wireguard

https://www.linuxsat-support.com/thread/153852-wireguard-vpn-plugin-by-madhouse/?pageNo=1

 

[Huevos]

Wireguard VPN plugin now allows you to add configs to /etc/WgConfig or /hdd/WgConfig without needing to edit the configs making it even easier to run Wireguard

https://www.linuxsat-support.com/thread/153852-wireguard-vpn-plugin-by-madhouse/?pageNo=1

That plugin is on vix feeds.

 

[Donnie]

Has anyone got this to work on VIX 6.5 ?
I get an error for wireguard tools.

 

[Huevos]

Has anyone got this to work on VIX 6.5 ?
I get an error for wireguard tools.

What error?