Jump to content
TorGuard

Search the Community

Showing results for tags 'ubuntu'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • The Lounge
    • General Stuff
    • Member Tutorials
    • TorGuard Reviews
  • TorGuard Software Releases
    • Network Status
    • TorGuard Client Releases
    • Android Client Releases
    • iOS App Releases
    • Chrome Extension Releases
    • Firefox Extension Releases
  • TorGuard VPN Support
    • VPN Questions and General Support
    • VPN Windows Support
    • VPN Mac Support
    • VPN Linux Support
    • VPN Router Support
    • iOS VPN Support
    • Android VPN Support
  • TorGuard Proxy Support
    • Proxy Questions and General Support
    • Firefox Extension Support
    • Chrome Extension Support

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 6 results

  1. I've been using Wireguard on windows to connect to Torguard using the default Wireguard app for some time, everything works, so I know the problem is not with the config file or server setup. I'm using the exact same config (while the windows client is down, of course) to connect from Ubuntu 20.04 and the routing doesn't seem to work. I'm out of ideas, maybe someone can help me. Same thing happens on AMD64 (VM under Hyper-V) and on ARM64 (raspberry-pi/4 with 8 gigs or RAM). Here's the config: [Interface] PrivateKey = ******** ListenPort = 51820 Address = 10.29.0.***/24 DNS = 1.1.1.1 [Peer] PublicKey = ****************** AllowedIPs = 0.0.0.0/1, 128.0.0.0/1 Endpoint = 178.62.238.***:443 PersistentKeepalive = 25 I do 'wq-quick up wg0' and get this output: [email protected]:~/mystack$ wg-quick up wg0 [#] ip link add wg0 type wireguard [#] wg setconf wg0 /dev/fd/63 [#] ip -4 address add 10.29.0.***/24 dev wg0 [#] ip link set mtu 1420 up dev wg0 [#] resolvconf -a wg0 -m 0 -x [#] ip -4 route add 128.0.0.0/1 dev wg0 [#] ip -4 route add 0.0.0.0/1 dev wg0 [email protected]:~/mystack$ And indeed an interface is created, and routing is set up: (192.168.86.0/24 is google-wifi's network, 10.1.*,10.10.*, and 172.* are docker's networks) [email protected]:~/mystack$ ip link show wg0 194: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/none [email protected]:~/mystack$ ip r 0.0.0.0/1 dev wg0 scope link default via 192.168.86.1 dev eth0 proto dhcp src 192.168.86.122 metric 100 10.1.1.0/24 dev br-4f3e279976ca proto kernel scope link src 10.1.1.1 10.10.10.0/24 dev br-9c24576b7aa1 proto kernel scope link src 10.10.10.1 10.29.0.0/24 dev wg0 proto kernel scope link src 10.29.0.*** 128.0.0.0/1 dev wg0 scope link 172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown 192.168.86.0/24 dev eth0 proto kernel scope link src 192.168.86.122 192.168.86.1 dev eth0 proto dhcp scope link src 192.168.86.122 metric 100 [email protected]:~/mystack$ ifconfig wg0 wg0: flags=209<UP,POINTOPOINT,RUNNING,NOARP> mtu 1420 inet 10.29.0.*** netmask 255.255.255.0 destination 10.29.0.*** unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 1000 (UNSPEC) RX packets 1 bytes 92 (92.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 2 bytes 180 (180.0 B) TX errors 0 dropped 1378 overruns 0 carrier 0 collisions 0 [email protected]:~/mystack$ However, the routing doesn't work, ping doesn't work [email protected]:~/mystack$ traceroute 1.1.1.1 traceroute to 1.1.1.1 (1.1.1.1), 64 hops max 1 * * * 2 * * * ^C [email protected]:~/mystack$ ping 10.29.0.1 PING 10.29.0.1 (10.29.0.1) 56(84) bytes of data. ^C --- 10.29.0.1 ping statistics --- 23 packets transmitted, 0 received, 100% packet loss, time 22535ms [email protected]:~/mystack$ On a hunch I added the 'table=off' directive, to prevent Wireguard from setting up routing. And suddenly ping works! [email protected]:~/mystack$ wg-quick down wg0 [#] ip link delete dev wg0 [#] resolvconf -d wg0 -f [email protected]:~/mystack$ sudo -E vi /etc/wireguard/wg0.conf [email protected]:~/mystack$ wg-quick up wg0 [#] ip link add wg0 type wireguard [#] wg setconf wg0 /dev/fd/63 [#] ip -4 address add 10.29.0.***/24 dev wg0 [#] ip link set mtu 1420 up dev wg0 [#] resolvconf -a wg0 -m 0 -x [email protected]:~/mystack$ ip link show wg0 197: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/none [email protected]:~/mystack$ ip r default via 192.168.86.1 dev eth0 proto dhcp src 192.168.86.122 metric 100 10.1.1.0/24 dev br-4f3e279976ca proto kernel scope link src 10.1.1.1 10.10.10.0/24 dev br-9c24576b7aa1 proto kernel scope link src 10.10.10.1 10.29.0.0/24 dev wg0 proto kernel scope link src 10.29.0.*** 172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown 192.168.86.0/24 dev eth0 proto kernel scope link src 192.168.86.122 192.168.86.1 dev eth0 proto dhcp scope link src 192.168.86.122 metric 100 [email protected]:~/mystack$ ifconfig wg0 wg0: flags=209<UP,POINTOPOINT,RUNNING,NOARP> mtu 1420 inet 10.29.0.*** netmask 255.255.255.0 destination 10.29.0.*** unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 1000 (UNSPEC) RX packets 1 bytes 92 (92.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 2 bytes 180 (180.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [email protected]:~/mystack$ ping 10.29.0.1 PING 10.29.0.1 (10.29.0.1) 56(84) bytes of data. 64 bytes from 10.29.0.1: icmp_seq=1 ttl=64 time=45.9 ms 64 bytes from 10.29.0.1: icmp_seq=2 ttl=64 time=45.0 ms 64 bytes from 10.29.0.1: icmp_seq=3 ttl=64 time=46.3 ms 64 bytes from 10.29.0.1: icmp_seq=4 ttl=64 time=46.6 ms 64 bytes from 10.29.0.1: icmp_seq=5 ttl=64 time=46.2 ms 64 bytes from 10.29.0.1: icmp_seq=6 ttl=64 time=47.7 ms ^C --- 10.29.0.1 ping statistics --- 6 packets transmitted, 6 received, 0% packet loss, time 5007ms rtt min/avg/max/mdev = 45.018/46.280/47.720/0.808 ms [email protected]:~/mystack$ Now I tried adding the routing of the lower half manually and got traceroute working: [email protected]:~/mystack$ sudo ip r add 0.0.0.0/1 dev wg0 [email protected]:~/mystack$ ip r 0.0.0.0/1 dev wg0 scope link ................... [email protected]:~/mystack$ traceroute 1.1.1.1 traceroute to 1.1.1.1 (1.1.1.1), 64 hops max 1 10.29.0.1 46.497ms 45.750ms 44.777ms 2 128.199.32.254 45.407ms 46.283ms 54.180ms 3 138.197.250.122 46.796ms 46.541ms 45.867ms 4 138.197.250.94 45.288ms 45.667ms 45.754ms 5 80.249.211.140 57.569ms 59.616ms 66.315ms 6 1.1.1.1 46.149ms 47.032ms 47.249ms [email protected]:~/mystack$ However if I add the upper half everything breaks. [email protected]:~/mystack$ sudo ip r add 128.0.0.0/1 dev wg0 [email protected]:~/mystack$ ip r 0.0.0.0/1 dev wg0 scope link ... 128.0.0.0/1 dev wg0 scope link ... [email protected]:~/mystack$ traceroute cnn.com traceroute to cnn.com (151.101.193.67), 64 hops max 1 * * * 2 * * * 3 * * * 4 * * * 5 * * * 6 * * Any ideas?
  2. Guide Requirements TorGuard credentials and Enabled Wireguard on your account (at least until you have to enable it manually, at the time of this guide's writing you had to enable it manually) rock pi 4 (or similar device) Debian9/Ubuntu 18.04 or higher Wireguard is compatible from kernel 3-5 and by that it should make no difference for those running manually compiled kernel 5 Description Hardware used for test RADXA Rock Pi 4A v1.3, v1.4 RADXA Rock Pi 4B v1.3, v1.4 OS and kernel used during creation of this guide Ubuntu 18.04 aarch64 architecture Linux rock1 4.4.154-109-rockchip-gb04eccb4588e #1 SMP Mon May 18 09:22:02 UTC 2020 aarch64 aarch64 aarch64 GNU/Linux In the attachment you can find example script which can be used for the installation on rock pi 4 devices, make sure to replace your variables in script before usage This guide is mainly intended for RADXA's 🐼 Rock Pi 4 users. ℹ️¹ - Currently latest available linux kernel for rock pi's is kernel 4.4.154, there is no official kernel 5, but there are guides how to compile kernel 5. ℹ️² - For Ubuntu 18.04 and lower, recommended way of installing wireguard would be adding PPA and then installing from repository. For Ubuntu higher than 18.04, wireguard is available over ubuntu's default repo and adding PPA is not required. sudo add-apt-repository ppa:wireguard/wireguard # you skip this step on Ubuntu 20.04 sudo apt-get update # you can skip this on Ubuntu 18.04 sudo apt-get install -y wireguard In case of RADXA's Rock Pi 4, we run into issue that wireguard can't be installed from repository due to some raspberry related dependencies like linux-*-raspi2 which can not be installed on RADXA's Rock Pi 4. If you do not use Rock Pi 4, try first installing from PPA and if your device boots properly after installation, proceed to step 4. of this guide skipping all previous steps. What will we have at the end of this setup On every boot we will be connected automatically to TorGuard's wireguard server Reconnecting on connection drops happens automatically Installation and compilation instructions Install required packages # wireguard build dependencies sudo apt-get install -y libelf-dev linux-headers-$(uname -r) build-essential pkg-config # wg-quick dependencies, requires network service restart sudo apt-get install -y resolvconf sudo service networking restart Fix missing scripts this step is required, otherwise build will fail with following error: /bin/sh: 1: ./scripts/recordmcount: Exec format error cd /usr/src/linux-headers-$(uname -r) sudo make scripts Build wireguard from source and install # Set folder where you want to save and compile your sources WIREGUARDSOURCEDIR="/opt/wireguard" # here all sources will be saved and compiled sudo mkdir -p $WIREGUARDSOURCEDIR cd $WIREGUARDSOURCEDIR # Get wireguard sources sudo git clone https://git.zx2c4.com/wireguard-linux-compat sudo git clone https://git.zx2c4.com/wireguard-tools echo "Wireguard: Compile the module" sudo make -C wireguard-linux-compat/src -j$(nproc) echo "Wireguard: Install the module" sudo make -C wireguard-linux-compat/src install echo "Wireguard: Compile the wg(8) tool" sudo make -C wireguard-tools/src -j$(nproc) echo "Wireguard: Install the wg(8) tool" sudo make -C wireguard-tools/src install Create wireguard config Option A (preffered option as typos are excluded) You can get your configs from your torguard account. Login and go to "Servers", "Wireguard Network". Every enabled server has a config download button. Save your downloaded file as /etc/wireguard/wg0.conf # Example with Canada-Toronto1 server, assumed you downloaded it as ~/Downloads/Canada-Toronto1.conf sudo cp ~/Downloads/Canada-Toronto1.conf /etc/wireguard/wg0.conf # Wireguard: restrict permissions to make sure the config file is safe" sudo chmod 600 /etc/wireguard/wg0.conf Option B (if you know your credentials and servers, you can create your own config) # Please change variables below before usage COMMENT="TorGuard WireGuard Config - Canada-Toronto1" PRIVATEKEY="YOURPRIVATEKEY" PUBLICKEY="YOURPUBLICKEY" ADDRESS="10.99.0.2/24" # Example : 10.99.0.2/24, login to torguard to get your wireguard address ENDPOINTHOST="123.145.167.189" # Example: 123.145.167.189, login to torguard to get your wireguard server address ENDPOINTPORT="443" # Example: 443, currently 443 is used for torguards wireguard connections DNS="1.1.1.1" # login to torguard to get your wireguard DNS address LISTENPORT="51820" # login to torguard to get your wireguard listen port KEEPALIVE="25" # login to torguard to get keepalive value ALLOWEDIPS="0.0.0.0/0" # login to torguard to get your wireguard allowed ip's default setting # Please do not change anything from here ENDPOINT="$ENDPOINTHOST:$ENDPOINTPORT" cat <<EOF | sudo tee /etc/wireguard/wg0.conf # $COMMENT [Interface] Address = $ADDRESS PrivateKey = $PRIVATEKEY SaveConfig = true ListenPort = $LISTENPORT DNS = $DNS [Peer] PublicKey = $PUBLICKEY Endpoint = $ENDPOINT PersistentKeepalive = $KEEPALIVE AllowedIPs = $ALLOWEDIPS EOF Quick test of wireguard config sudo wg-quick up wg0 You should see something like this as a result [#] ip link add wg0 type wireguard [#] wg setconf wg0 /dev/fd/63 [#] ip -4 address add 10.29.0.120/24 dev wg0 [#] ip link set mtu 1420 up dev wg0 [#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820 [#] ip -4 rule add not fwmark 51820 table 51820 [#] ip -4 rule add table main suppress_prefixlength 0 [#] sysctl -q net.ipv4.conf.all.src_valid_mark=1 [#] iptables-restore -n If you need to make any changes to your /etc/wireguard/wg0.conf, you have to stop wireguard: (otherwise all changes you made will be overwritten) sudo wg-quick down wg0 as result you should see something like this: [#] wg showconf wg0 [#] ip -4 rule delete table 51820 [#] ip -4 rule delete table main suppress_prefixlength 0 [#] ip link delete dev wg0 [#] iptables-restore -n Enable wireguard to start automatically on boot sudo systemctl enable [email protected] Activate kernel module WireGuard works as a kernel module that is installed using DKMS every time we upgrade our kernel the WireGuard kernel module is automatically compiled and ready to use for our new kernel as well. In order to use the kernel module right after the installation we have to either reboot or run modprobe to activate it: sudo modprobe wireguard You can check whether the kernel module is loaded using: sudo lsmod | grep wireguard As a result you should see something like this: wireguard 135168 0 ip6_udp_tunnel 16384 1 wireguard udp_tunnel 16384 1 wireguard Optional firewall configuration If you have a firewall installed (ufw) or any other firewall, allow wireguard's listen port: ufw allow ${LISTENPORT}/udp Finished. You can test your speed/performance with various tools, maybe most known is speedtest-cli despite having some issues (especially on upload statistics), if you see correct IP and have a connection, then you are safe to reboot.
  3. poly_boi

    Port Forwarding in Ubuntu 16.04

    I'm trying to forward ports in Ubuntu 16.04. I was trying to edit the .ovpn file I used to import the settings to include something like this... iptables -I FORWARD -i tun0 -p udp -d 10.35.0.30 --dport 51413 -j ACCEPT iptables -I FORWARD -i tun0 -p tcp -d 10.35.0.30 --dport 51413 -j ACCEPT iptables -t nat -I PREROUTING -i tun0 -p tcp --dport 51413 -j DNAT --to-destination 10.35.0.30 iptables -t nat -I PREROUTING -i tun0 -p udp --dport 51413 -j DNAT --to-destination 10.35.0.30 Am I on the right track? Are there other commands I need to add? I was thinking that maybe I need to somehow use a command that forwards packets from enp3s0 to tun0? Is that how it works? I connect to the internet through enp3s0=>tun0=>VPN Server=>Internet? I'm really out of my depth here and I just don't have the time to research all of it. I have already been trying for 4 hours. Any help would be appreciated.
  4. 166312_1511348153

    Ubuntu Tray Icon Support

    This question was asked last year and was answered saying there will be support for this in the next update. Still no option for this in version 0.3.78. As said before, this application is something that stays on constantly so having it with running applications can make it quite cluttered. Any idea if a tray icon will be implemented soon?
  5. Hi! I am running Ubuntu (Kubuntu 14.04). I would like TorGuard to start automatically on login. I have a Bash script that runs on login and starts various things, so I put a command in there to start TorGuard. The problem is that TorGuard pops up and asks for my root password. I would like TorGuard to start silently without my having to input root password. What is a nice way to do this? Thanks in advance! Best regards Spectrum
  6. MonkeyFoo

    Set MTU on Linux (Ubuntu)

    If the MTU is being set by DHCP, we can override that with some changes to /etc/dhcp/dhclient.conf ```option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;send host-name = gethostname();#added these two lines before the request linedefault interface-mtu 1500;supercede interface-mtu 1500;request subnet-mask, broadcast-address, time-offset, routers, domain-name, domain-name-servers, domain-search, host-name, dhcp6.name-servers, dhcp6.domain-search, netbios-name-servers, netbios-scope, interface-mtu, rfc3442-classless-static-routes, ntp-servers, dhcp6.fqdn, dhcp6.sntp-servers; ```
×
×
  • Create New...