Jump to content
TorGuard

Search the Community

Showing results for tags 'howto'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • The Lounge
    • General Stuff
    • Member Tutorials
    • TorGuard Reviews
  • TorGuard Software Releases
    • Network Status
    • TorGuard Client Releases
    • Android Client Releases
    • iOS App Releases
    • Chrome Extension Releases
    • Firefox Extension Releases
  • TorGuard VPN Support
    • VPN Questions and General Support
    • VPN Windows Support
    • VPN Mac Support
    • VPN Linux Support
    • VPN Router Support
    • iOS VPN Support
    • Android VPN Support
  • TorGuard Proxy Support
    • Proxy Questions and General Support
    • Firefox Extension Support
    • Chrome Extension Support

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 3 results

  1. Guide Requirements TorGuard credentials and Enabled Wireguard on your account (at least until you have to enable it manually, at the time of this guide's writing you had to enable it manually) rock pi 4 (or similar device) Debian9/Ubuntu 18.04 or higher Wireguard is compatible from kernel 3-5 and by that it should make no difference for those running manually compiled kernel 5 Description Hardware used for test RADXA Rock Pi 4A v1.3, v1.4 RADXA Rock Pi 4B v1.3, v1.4 OS and kernel used during creation of this guide Ubuntu 18.04 aarch64 architecture Linux rock1 4.4.154-109-rockchip-gb04eccb4588e #1 SMP Mon May 18 09:22:02 UTC 2020 aarch64 aarch64 aarch64 GNU/Linux In the attachment you can find example script which can be used for the installation on rock pi 4 devices, make sure to replace your variables in script before usage This guide is mainly intended for RADXA's 🐼 Rock Pi 4 users. ℹ️¹ - Currently latest available linux kernel for rock pi's is kernel 4.4.154, there is no official kernel 5, but there are guides how to compile kernel 5. ℹ️² - For Ubuntu 18.04 and lower, recommended way of installing wireguard would be adding PPA and then installing from repository. For Ubuntu higher than 18.04, wireguard is available over ubuntu's default repo and adding PPA is not required. sudo add-apt-repository ppa:wireguard/wireguard # you skip this step on Ubuntu 20.04 sudo apt-get update # you can skip this on Ubuntu 18.04 sudo apt-get install -y wireguard In case of RADXA's Rock Pi 4, we run into issue that wireguard can't be installed from repository due to some raspberry related dependencies like linux-*-raspi2 which can not be installed on RADXA's Rock Pi 4. If you do not use Rock Pi 4, try first installing from PPA and if your device boots properly after installation, proceed to step 4. of this guide skipping all previous steps. What will we have at the end of this setup On every boot we will be connected automatically to TorGuard's wireguard server Reconnecting on connection drops happens automatically Installation and compilation instructions Install required packages # wireguard build dependencies sudo apt-get install -y libelf-dev linux-headers-$(uname -r) build-essential pkg-config # wg-quick dependencies, requires network service restart sudo apt-get install -y resolvconf sudo service networking restart Fix missing scripts this step is required, otherwise build will fail with following error: /bin/sh: 1: ./scripts/recordmcount: Exec format error cd /usr/src/linux-headers-$(uname -r) sudo make scripts Build wireguard from source and install # Set folder where you want to save and compile your sources WIREGUARDSOURCEDIR="/opt/wireguard" # here all sources will be saved and compiled sudo mkdir -p $WIREGUARDSOURCEDIR cd $WIREGUARDSOURCEDIR # Get wireguard sources sudo git clone https://git.zx2c4.com/wireguard-linux-compat sudo git clone https://git.zx2c4.com/wireguard-tools echo "Wireguard: Compile the module" sudo make -C wireguard-linux-compat/src -j$(nproc) echo "Wireguard: Install the module" sudo make -C wireguard-linux-compat/src install echo "Wireguard: Compile the wg(8) tool" sudo make -C wireguard-tools/src -j$(nproc) echo "Wireguard: Install the wg(8) tool" sudo make -C wireguard-tools/src install Create wireguard config Option A (preffered option as typos are excluded) You can get your configs from your torguard account. Login and go to "Servers", "Wireguard Network". Every enabled server has a config download button. Save your downloaded file as /etc/wireguard/wg0.conf # Example with Canada-Toronto1 server, assumed you downloaded it as ~/Downloads/Canada-Toronto1.conf sudo cp ~/Downloads/Canada-Toronto1.conf /etc/wireguard/wg0.conf # Wireguard: restrict permissions to make sure the config file is safe" sudo chmod 600 /etc/wireguard/wg0.conf Option B (if you know your credentials and servers, you can create your own config) # Please change variables below before usage COMMENT="TorGuard WireGuard Config - Canada-Toronto1" PRIVATEKEY="YOURPRIVATEKEY" PUBLICKEY="YOURPUBLICKEY" ADDRESS="10.99.0.2/24" # Example : 10.99.0.2/24, login to torguard to get your wireguard address ENDPOINTHOST="123.145.167.189" # Example: 123.145.167.189, login to torguard to get your wireguard server address ENDPOINTPORT="443" # Example: 443, currently 443 is used for torguards wireguard connections DNS="1.1.1.1" # login to torguard to get your wireguard DNS address LISTENPORT="51820" # login to torguard to get your wireguard listen port KEEPALIVE="25" # login to torguard to get keepalive value ALLOWEDIPS="0.0.0.0/0" # login to torguard to get your wireguard allowed ip's default setting # Please do not change anything from here ENDPOINT="$ENDPOINTHOST:$ENDPOINTPORT" cat <<EOF | sudo tee /etc/wireguard/wg0.conf # $COMMENT [Interface] Address = $ADDRESS PrivateKey = $PRIVATEKEY SaveConfig = true ListenPort = $LISTENPORT DNS = $DNS [Peer] PublicKey = $PUBLICKEY Endpoint = $ENDPOINT PersistentKeepalive = $KEEPALIVE AllowedIPs = $ALLOWEDIPS EOF Quick test of wireguard config sudo wg-quick up wg0 You should see something like this as a result [#] ip link add wg0 type wireguard [#] wg setconf wg0 /dev/fd/63 [#] ip -4 address add 10.29.0.120/24 dev wg0 [#] ip link set mtu 1420 up dev wg0 [#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820 [#] ip -4 rule add not fwmark 51820 table 51820 [#] ip -4 rule add table main suppress_prefixlength 0 [#] sysctl -q net.ipv4.conf.all.src_valid_mark=1 [#] iptables-restore -n If you need to make any changes to your /etc/wireguard/wg0.conf, you have to stop wireguard: (otherwise all changes you made will be overwritten) sudo wg-quick down wg0 as result you should see something like this: [#] wg showconf wg0 [#] ip -4 rule delete table 51820 [#] ip -4 rule delete table main suppress_prefixlength 0 [#] ip link delete dev wg0 [#] iptables-restore -n Enable wireguard to start automatically on boot sudo systemctl enable [email protected] Activate kernel module WireGuard works as a kernel module that is installed using DKMS every time we upgrade our kernel the WireGuard kernel module is automatically compiled and ready to use for our new kernel as well. In order to use the kernel module right after the installation we have to either reboot or run modprobe to activate it: sudo modprobe wireguard You can check whether the kernel module is loaded using: sudo lsmod | grep wireguard As a result you should see something like this: wireguard 135168 0 ip6_udp_tunnel 16384 1 wireguard udp_tunnel 16384 1 wireguard Optional firewall configuration If you have a firewall installed (ufw) or any other firewall, allow wireguard's listen port: ufw allow ${LISTENPORT}/udp Finished. You can test your speed/performance with various tools, maybe most known is speedtest-cli despite having some issues (especially on upload statistics), if you see correct IP and have a connection, then you are safe to reboot.
  2. Requirements openwrt (or any openwrt based firmware like LEDE openwrt) tor libevent2-openssl libevent2 libminiupnpc libnatpmp tor-geoip (optional) tor-fw-helper (optional) Description In this guide I will install and create tor on my openwrt router. My Wireless is isolated. You can change these setting as you wish, take only care that nobody from outside can reach your LAN's. At the end of this post is a script doing everything for you. You need only to adapt the script for your settings. For this guide, my router's lan ip is 192.168.1.3 This setup works for those who do use only proxy/socks product, vpn products or mix of them. It is very high grade of anonimity if all this works in some VPN, like TorGuard's which does work perfectly! What will we have at the end of this setup tor socks5 server on router's lan IP:9050 (in this example 192.168.1.3:9050) (you can set your system, browser or anything else to use socks5 which goes always over tor) Simple usage by joining WLAN (no need to setup anything on any device) set specific LAN port to go always through Tor, (especially usefull for those who use C-Lines for Card Sharing) Isolated Wireless Network (which is secured and can't communicate with LAN devices) Traffic is sent through TorGuard's proxy/socks5 (all tor's traffic sent through socks ot https proxy, Torguard Proxy port: 6060, TorGuard socks5 ports: 1080/1085/1090) (in this guide, we set only .onion and .exit urls to go over tor, all other pages will go over TorGuard's socks/proxy used by tor) (We also restrict usage on port 80 and 443 for the case that you need to hide from your ISP/VPN provder, TorGuard does not block) (if you are not using VPN, then you do hide the traffic from your ISP in using socks and from your socks provider by using only ports 80/443) (even if this setup is higly secure, consider using as addition obfsproxy which I will not cover in this guide) (socks5/proxy acts also as a fallback if your VPN stops working) This setup works if you are connected to a VPN (like TorGuard and openvpn, my router is currently in TorGuard's VPN) Installation of required packages: opkg update opkg install libevent2-openssl libevent2 libminiupnpc libnatpmp tor tor-fw-helper tor-geoip Create Tor interface with static IP 172.x.x.x Create DHCP server for tor interface Create 5Ghz and 2,4Ghz isolated wireless interfaces Add firewall zone and configure firewall for tor Configure tor with TorGuard services Download geoip and geoipv6 Reboot your router Script installing tor requirements, creating interface, configuring firewall If you are connected with TorGuards VPN and everything runs over VPN, then your tor might be inactive if it starts before openvpn during the boot because openvpn changes routes and tor needs to be restarted. In this case you can edit openvpn's start scripts, or tor's startscripts or simply adding this command under System->Startup section "Local Startup" # Put your custom commands here that should be executed once # the system init finished. By default this file does nothing. sleep 10 /etc/init.d/tor reload /etc/init.d/tor restart exit 0 How to get geoip and geoipv6 files TorGuard works blazing fast with Tor Network (!!!TORGUARD TEAM IS AMAZING, THANKS FOR GREAT SERVICES!!!) Thats it, enjoy tor network.
  3. I have posted already how to prevent hijacking of your DNS by your IP. There are some ISP's like Verizon, T-Mobile, ... which do send all traffic over port 53 (yes, they hijack your DNS), regardless of which DNS servers you use. Here is how to get rid of that and redirect it to some another address with help of iptables instead editing dnsmasq in WebIF (which is still my preferable solution for most tasks), in this example I'll redirect all dns requests to my custom dns server, to lan1 in this case, which is my local DNS Server Openwrt (I think ddwrt should work too, but I did not test it on ddwrt but basicly it should be the same, just check the names of devices) iptables -t nat -A PREROUTING -i br-lan -p udp --dport 53 -j DNAT --to 192.168.1.1 On openwrt and other releases, switch on masquerading, it is required. Now a question to TorGuard, do you/can you offer alternative ports for those who maybe can't use first method described, neither this second solution. To find out what is going on through your DNS port, read here.
×
×
  • Create New...