Jump to content

Search the Community

Showing results for tags 'wireguard'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • The Lounge
    • General Stuff
    • Member Tutorials
    • TorGuard Reviews
  • TorGuard Software Releases
    • Network Status
    • TorGuard Client Releases
    • Android Client Releases
    • iOS App Releases
    • Chrome Extension Releases
    • Firefox Extension Releases
  • TorGuard VPN Support
    • VPN Questions and General Support
    • VPN Windows Support
    • VPN Mac Support
    • VPN Linux Support
    • VPN Router Support
    • iOS VPN Support
    • Android VPN Support
  • TorGuard Proxy Support
    • Proxy Questions and General Support
    • Firefox Extension Support
    • Chrome Extension Support

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

Found 12 results

  1. I decided to write a simple guide and share it with most before preparing this guide properly and uploading everything to github. This guide will be updated and scripts uploaded to github, after that you will have just to download and run the latest available. Current one is just a scratch and var names as maybe some formatting is not optimal, but this is how I install and use TorGuard Shared, dedicated etc.. (all torguards ips where wireguard is available). I described already in this post how it is done. Enjoy Guide Requirements: OS: OpenWRT with Luci web interface Short description all commands can be copy pasted from codeboxes below, just edit in step 4 like your server, mtu and so on ssh to your router ssh [email protected] install required packages opkg update opkg install luci-app-wireguard Create auto installation script mkdir -p ~/bin cat <<"EOF" | tee ~/bin/tginit.sh #!/bin/sh # Example single usage: tginit.sh "VPNUsername" "VPNPass" "tgwg" "0" "0" "41820" "1420" "AA" "25" "0" "1" "1" "us-la.secureconnect.me:1443 us-la.secureconnect.me:1443 us-atl.secureconnect.me:1443" # Example multi usage: tginit.sh "VPNUsername" "VPNPass" "tgwg" "0" "1" "41820" "1420" "AA" "25" "0" "0" "1" "us-la.secureconnect.me:1443" # Info on multi usage example above: route allowed ip's is disabled for each entry, enable manually genwgkey () { PRIVATE=$(wg genkey) PUBLIC=$(echo "${PRIVATE}" | wg pubkey) } wgettginfo () { #$1 - VPN Username #$2 - VPN Password #$3 - Wireguard Endpoint #$4 - Wireguard Port #$5 - My wireguard public key #wget -O $6 --no-check-certificate https://$1:[email protected]$3:$4/api/v1/setup?public-key=$5 URL="https://${1}:${2}@${3}:${4}/api/v1/setup?public-key=${5}" echo "API: ${URL}" TGINFO=$(wget --no-check-certificate -qO- ${URL}) } cgettginfo () { #$1 - VPN Username #$2 - VPN Password #$3 - Wireguard Endpoint #$4 - Wireguard Port #$5 - My wireguard public key #wget -O $6 --no-check-certificate https://$1:[email protected]$3:$4/api/v1/setup?public-key=$5 URL="https://${1}:${2}@${3}:${4}/api/v1/setup?public-key=${5}" echo "API: https://$1:[email protected]$3:$4/api/v1/setup?public-key=$5" TGINFO=$(curl -k ${URL}) } addwginterface () { # $1 - network internaface, Example: wg0 # $2 - private_key # $3 - listen_port # $4 - addresses # $5 - mtu # $6 - fwmark # add wireguard interface uci delete network.${1} uci commit network uci add network interface uci rename [email protected][-1]=${1} uci set [email protected][-1].proto='wireguard' uci set [email protected][-1].private_key="${2}" uci set [email protected][-1].listen_port="${3}" uci add_list [email protected][-1].addresses="${4}" uci set [email protected][-1].mtu="${5}" uci set [email protected][-1].fwmark="0x${6}" # disable use of builtin IPv6-management uci set [email protected][-1].delegate="${7}" # disabled by default, 0 uci set [email protected][-1].nohostroute="${8}" # add peers uci add network wireguard_${1} uci set [email protected]_${1}[-1].description="${9}" uci set [email protected]_${1}[-1].public_key="${10}" uci add_list [email protected]_${1}[-1].allowed_ips="${11}" uci set [email protected]_${1}[-1].endpoint_host="${12}" uci set [email protected]_${1}[-1].endpoint_port="${13}" uci set [email protected]_${1}[-1].persistent_keepalive="${14}" uci set [email protected]_${1}[-1].route_allowed_ips="${15}" uci commit network # Add created wireguard interface to lan zone (this will overwrite any other [email protected][0].network setting, please recheck if using non default settings) uci set [email protected][${16}].network="${17} ${1}" uci commit firewall } # Each server in a string must be provided by server and port "server:port" and separated by space "srv1:1234 srv2:5678" TGSERVERLIST="${13}" # TorGuard Server List separated by space, "srv1:1234 srv2:5678" # TorGuard credentials VPNUSERNAME="${1}" # TorGuard VPN username VPNPASS="${2}" # TorGuard VPN password WGINTERFACE="${3}" # Wireguard interface name, default: tgwg WGIFNR="${4}" # Wireguard interface number, default 0 NOHOSTROUTE="${5}" # Optional. Do not create host routes to peers, default 0 LISTENPORT="${6}" # Optional. UDP port used for outgoing and incoming packets. MTU="${7}" # Optional. Maximum Transmission Unit of tunnel interface. FWMARK="${8}" # Optional. 32-bit mark for outgoing encrypted packets. Enter value in hex, starting with 0x. KEEPALIVE="${9}" # Optional. Seconds between keep alive messages. Default is 0 (disabled). Recommended value if this device is behind a NAT is 25. USEBUILTINIPV6="${10}" # Use builtin IPv6-management 0 to disable, 1 to enable ROUTEALLOWEDIPS="${11}" # Route allowed IPs, 0 to disable, 1 to enable FIREWALLZONE="${12}" # Assign firewall-zone, 1 is wan, 0 is lan, default: 1 echo " TorGuard VPN username: ${1} TorGuard VPN password: ${2} Wireguard interface name: ${3} Wireguard interface number: ${4} do not create host routes to peers: ${5} UDP port for out-/incoming packets: ${6} Maximum Transmission Unit of tunnel: ${7} 32-bit mark for outgoing packets: ${8} Seconds between keep alive messages: ${9} Use builtin IPv6-management: ${10} Route allowed IPs: ${11} TorGuard Server List: ${12} " # initialize vars PRIVATE="" PUBLIC="" ENDPOINT="" ENDPOINTPORT="" TGINFO="" DESCRIPTION="" TMPPORT=$(( $LISTENPORT - 1 )) TMPFWMARK=$(printf "%x\n" $(( $(printf "%d\n" 0x${FWMARK}) - 1 ))) for i in ${TGSERVERLIST}; do TMPPORT=$(( $TMPPORT + 1 )) TMPFWMARK=$(printf "%x\n" $(( $(printf "%d\n" 0x${TMPFWMARK}) + 1 ))) DESCRIPTION="${WGINTERFACE}${WGIFNR} (TorGuard)" ZONEINTERFACES=$(uci get [email protected][${FIREWALLZONE}].network) ENDPOINT=$(echo $i | awk -F'[:]' '{print $1}') ENDPOINTPORT=$(echo $i | awk -F'[:]' '{print $2}') genwgkey wgettginfo "${VPNUSERNAME}" "${VPNPASS}" "${ENDPOINT}" "${ENDPOINTPORT}" "${PUBLIC}" echo "Private: ${PRIVATE}" echo "Public: ${PUBLIC}" WGPUBLIC=$(echo ${TGINFO} | awk -F'[,]' '{print $1}' | awk -F'[:]' '{print $2}' | sed 's/"//g') && echo "Public key: ${WGPUBLIC}" SERVERIP=$(echo ${TGINFO} | awk -F'[,]' '{print $2}' | awk -F'[:]' '{print $2}' | sed 's/"//g') && echo "Peer server: ${SERVERIP}" CLIENTIP=$(echo ${TGINFO} | awk -F'[,]' '{print $3}' | awk -F'[:]' '{print $2}' | sed 's/"//g') && echo "IP Addresses: ${CLIENTIP}" ALLOWEDIPS=$(echo ${TGINFO} | awk -F'[,]' '{print $4}' | awk -F'[:]' '{print $2}' | sed 's/"//g') && echo "Allowd IPs: ${ALLOWEDIPS}" WGDNS1=$(echo ${TGINFO} | awk -F'[,]' '{print $5}' | awk -F'[:]' '{print $2}' | sed 's/"//g' | sed 's/\[//g') && echo "DNS1: ${WGDNS1}" WGDNS2=$(echo ${TGINFO} | awk -F'[,]' '{print $6}' | awk -F'[:]' '{print $1}' | sed 's/"//g' | sed 's/\]//g') && echo "DNS2: ${WGDNS2}" WGSERVER=$(echo ${TGINFO} | awk -F'[,]' '{print $7}' | awk -F'[:]' '{print $2}' | sed 's/"//g') && echo "Endpoint host: ${WGSERVER}" WGPORT=$(echo ${TGINFO} | awk -F'[,]' '{print $8}' | awk -F'[:]' '{print $2}' | sed 's/"//g' | sed 's/}//g') && echo "Endpoint Port: ${WGPORT}" addwginterface "${WGINTERFACE}${WGIFNR}" "${PRIVATE}" "${TMPPORT}" "${CLIENTIP}" "${MTU}" "${TMPFWMARK}" "${USEBUILTINIPV6}" "${NOHOSTROUTE}" "${DESCRIPTION}" "${WGPUBLIC}" "${ALLOWEDIPS}" "${WGSERVER}" "${WGPORT}" "${KEEPALIVE}" "${ROUTEALLOWEDIPS}" "${FIREWALLZONE}" "${ZONEINTERFACES}" WGIFNR=$(( $WGIFNR + 1 )) done /etc/init.d/firewall restart /etc/init.d/network restart echo "Torguard wireguard initialization finished, please reboot to complete" EOF chmod +x ~/bin/tginit.sh Install wireguard with any TorGuard server (or server list, check the script for more info) . You can delete, reconfigure and rerun in any wished combination TGSERVER="us-la.secureconnect.me:1443" VPNUSERNAME="YourVPNUsername" # Your torguard vpn username (same as in torguard client) VPNPASS="YourVPNPassword" # Your torguard vpn passsword (same as in torguard client) WGINTERFACE="tgwg" # Wireguard interface name, default: tgwg WGIFNR="0" # Wireguard interface number, default 0 NOHOSTROUTE="0" # Optional. Do not create host routes to peers, default 0 LISTENPORT="51820" # Optional. UDP port used for outgoing and incoming packets. MTU="1420" # Optional. Maximum Transmission Unit of tunnel interface. FWMARK="AA" # Optional. 32-bit mark for outgoing encrypted packets. Enter value in hex, starting with 0x. KEEPALIVE="25" # Optional. Seconds between keep alive messages. Default is 0 (disabled). Recommended value if this device is behind a NAT is 25. USEBUILTINIPV6="0" # Use builtin IPv6-management 0 to disable, 1 to enable ROUTEALLOWEDIPS="1" # Route allowed IPs, 0 to disable, 1 to enable FIREWALLZONE="1" # Assign firewall-zone, 1 is wan, 0 is lan, default: 1 # INSTALL TORGUARD, PLEASE CHECK INTERFACES AFTER SCRIPT FINISHES AND REBOOT ~/bin/tginit.sh "${VPNUSERNAME}" "${VPNPASS}" "${WGINTERFACE}" "${WGIFNR}" "${NOHOSTROUTE}" "${LISTENPORT}" "${MTU}" "${FWMARK}" "${KEEPALIVE}" "${USEBUILTINIPV6}" "${ROUTEALLOWEDIPS}" "${FIREWALLZONE}" "${TGSERVER}"
  2. Hi Wireguard is working perfectly on my end, but I haven't had any luck figuring out how to port forward yet. Anybody had any luck with this who'd like to share how they did it? I'm using the Windows client. Thanks!
  3. Redback813

    Torguard + Wireguard + DD-WRT

    I would like torguard operating from the DD-WRT router through wireguard and not openvpn given that the openvpn is both resource and CPU intensive. There are plenty of articles on how to setup a wireguard on a router but without the proper configuration procedure it next to impossible to setup the wireguard so when do does Torguard think they will have the configuration setup method ready for those who wish to run VPN system from their routers as oppose to desktop.
  4. Hi folks I just downloaded version 4.0.1 as directed but I do not see any "WireGuard” option under Tunnel Type. I am sure I am missing something I just don't know what.
  5. EricD

    Wireguard is rubbish

    I accepted the new wireguard in my latest upgrade and after a couple of days of use it just hangs on "reconnecting". Lucky it's not a car as I would have no brakes or steering.
  6. As of the update a few days ago, each time I wake up my pc from hybrid sleep, the torguard service will appear to be running in the task tray but after a minute or two it disappears and I have to relaunch the client. This has happened twice so far and, only when I am connected to the wireguard service. (note i have not tested otherwise so far so, this could be happening on the other connection types as well) This did not happen on the previous version so i do not know whether it is the new client causing it or wireguard. I will be doing more testing on my part soon when I get some spare time, until then I was wondering if anyone else is experiencing the same issues.
  7. Usefulvid

    Wireguard fails on Windows 10

    I tried to get in touch with your support staff but I have the impression that they do not really understand the problem. The first problem was that in the TG software it looked like a successful wire guard connection has been established. But on my adapter I could see 0 incoming packages. So no internet connection was possible and one symptom of it was DNS failing. I tried to reinstall the software and uninstalled the wireguard adapter and tried to reinstall it via the TG software. But this also fails, the wireguard adapter is not shown anymore in my adapter overview. I also submitted a debug log to your support staff Security software is only Windows Defender
  8. Guide Requirements TorGuard credentials and Enabled Wireguard on your account (at least until you have to enable it manually, at the time of this guide's writing you had to enable it manually) rock pi 4 (or similar device) Debian9/Ubuntu 18.04 or higher Wireguard is compatible from kernel 3-5 and by that it should make no difference for those running manually compiled kernel 5 Description Hardware used for test RADXA Rock Pi 4A v1.3, v1.4 RADXA Rock Pi 4B v1.3, v1.4 OS and kernel used during creation of this guide Ubuntu 18.04 aarch64 architecture Linux rock1 4.4.154-109-rockchip-gb04eccb4588e #1 SMP Mon May 18 09:22:02 UTC 2020 aarch64 aarch64 aarch64 GNU/Linux In the attachment you can find example script which can be used for the installation on rock pi 4 devices, make sure to replace your variables in script before usage This guide is mainly intended for RADXA's 🐼 Rock Pi 4 users. ℹ️¹ - Currently latest available linux kernel for rock pi's is kernel 4.4.154, there is no official kernel 5, but there are guides how to compile kernel 5. ℹ️² - For Ubuntu 18.04 and lower, recommended way of installing wireguard would be adding PPA and then installing from repository. For Ubuntu higher than 18.04, wireguard is available over ubuntu's default repo and adding PPA is not required. sudo add-apt-repository ppa:wireguard/wireguard # you skip this step on Ubuntu 20.04 sudo apt-get update # you can skip this on Ubuntu 18.04 sudo apt-get install -y wireguard In case of RADXA's Rock Pi 4, we run into issue that wireguard can't be installed from repository due to some raspberry related dependencies like linux-*-raspi2 which can not be installed on RADXA's Rock Pi 4. If you do not use Rock Pi 4, try first installing from PPA and if your device boots properly after installation, proceed to step 4. of this guide skipping all previous steps. What will we have at the end of this setup On every boot we will be connected automatically to TorGuard's wireguard server Reconnecting on connection drops happens automatically Installation and compilation instructions Install required packages # wireguard build dependencies sudo apt-get install -y libelf-dev linux-headers-$(uname -r) build-essential pkg-config # wg-quick dependencies, requires network service restart sudo apt-get install -y resolvconf sudo service networking restart Fix missing scripts this step is required, otherwise build will fail with following error: /bin/sh: 1: ./scripts/recordmcount: Exec format error cd /usr/src/linux-headers-$(uname -r) sudo make scripts Build wireguard from source and install # Set folder where you want to save and compile your sources WIREGUARDSOURCEDIR="/opt/wireguard" # here all sources will be saved and compiled sudo mkdir -p $WIREGUARDSOURCEDIR cd $WIREGUARDSOURCEDIR # Get wireguard sources sudo git clone https://git.zx2c4.com/wireguard-linux-compat sudo git clone https://git.zx2c4.com/wireguard-tools echo "Wireguard: Compile the module" sudo make -C wireguard-linux-compat/src -j$(nproc) echo "Wireguard: Install the module" sudo make -C wireguard-linux-compat/src install echo "Wireguard: Compile the wg(8) tool" sudo make -C wireguard-tools/src -j$(nproc) echo "Wireguard: Install the wg(8) tool" sudo make -C wireguard-tools/src install Create wireguard config Option A (preffered option as typos are excluded) You can get your configs from your torguard account. Login and go to "Servers", "Wireguard Network". Every enabled server has a config download button. Save your downloaded file as /etc/wireguard/wg0.conf # Example with Canada-Toronto1 server, assumed you downloaded it as ~/Downloads/Canada-Toronto1.conf sudo cp ~/Downloads/Canada-Toronto1.conf /etc/wireguard/wg0.conf # Wireguard: restrict permissions to make sure the config file is safe" sudo chmod 600 /etc/wireguard/wg0.conf Option B (if you know your credentials and servers, you can create your own config) # Please change variables below before usage COMMENT="TorGuard WireGuard Config - Canada-Toronto1" PRIVATEKEY="YOURPRIVATEKEY" PUBLICKEY="YOURPUBLICKEY" ADDRESS="" # Example :, login to torguard to get your wireguard address ENDPOINTHOST="" # Example:, login to torguard to get your wireguard server address ENDPOINTPORT="443" # Example: 443, currently 443 is used for torguards wireguard connections DNS="" # login to torguard to get your wireguard DNS address LISTENPORT="51820" # login to torguard to get your wireguard listen port KEEPALIVE="25" # login to torguard to get keepalive value ALLOWEDIPS="" # login to torguard to get your wireguard allowed ip's default setting # Please do not change anything from here ENDPOINT="$ENDPOINTHOST:$ENDPOINTPORT" cat <<EOF | sudo tee /etc/wireguard/wg0.conf # $COMMENT [Interface] Address = $ADDRESS PrivateKey = $PRIVATEKEY SaveConfig = true ListenPort = $LISTENPORT DNS = $DNS [Peer] PublicKey = $PUBLICKEY Endpoint = $ENDPOINT PersistentKeepalive = $KEEPALIVE AllowedIPs = $ALLOWEDIPS EOF Quick test of wireguard config sudo wg-quick up wg0 You should see something like this as a result [#] ip link add wg0 type wireguard [#] wg setconf wg0 /dev/fd/63 [#] ip -4 address add dev wg0 [#] ip link set mtu 1420 up dev wg0 [#] ip -4 route add dev wg0 table 51820 [#] ip -4 rule add not fwmark 51820 table 51820 [#] ip -4 rule add table main suppress_prefixlength 0 [#] sysctl -q net.ipv4.conf.all.src_valid_mark=1 [#] iptables-restore -n If you need to make any changes to your /etc/wireguard/wg0.conf, you have to stop wireguard: (otherwise all changes you made will be overwritten) sudo wg-quick down wg0 as result you should see something like this: [#] wg showconf wg0 [#] ip -4 rule delete table 51820 [#] ip -4 rule delete table main suppress_prefixlength 0 [#] ip link delete dev wg0 [#] iptables-restore -n Enable wireguard to start automatically on boot sudo systemctl enable [email protected] Activate kernel module WireGuard works as a kernel module that is installed using DKMS every time we upgrade our kernel the WireGuard kernel module is automatically compiled and ready to use for our new kernel as well. In order to use the kernel module right after the installation we have to either reboot or run modprobe to activate it: sudo modprobe wireguard You can check whether the kernel module is loaded using: sudo lsmod | grep wireguard As a result you should see something like this: wireguard 135168 0 ip6_udp_tunnel 16384 1 wireguard udp_tunnel 16384 1 wireguard Optional firewall configuration If you have a firewall installed (ufw) or any other firewall, allow wireguard's listen port: ufw allow ${LISTENPORT}/udp Finished. You can test your speed/performance with various tools, maybe most known is speedtest-cli despite having some issues (especially on upload statistics), if you see correct IP and have a connection, then you are safe to reboot.
  9. Dear TorGuard Pfsense WireGuard Users, Please Read The Entire Guide / Tutorial Before You Begin - It Will Save You Potential Setup Issues and Detail All Setup Options First you all know the drill by now - " The Intro " to pay homage to an all time oft forgotten Stax Great who speaks my mind right about now / lyrics - https://genius.com/Otis-redding-respect-lyrics and video : https://www.youtube.com/watch?v=7BDw-H_hUzw - and Nina Simone to boot : lyrics : https://genius.com/Nina-simone-mississippi-goddam-lyrics and video : https://www.youtube.com/watch?v=LJ25-U3jNWM Hello and I hope all are safe and well. Ascrod has been kind enough to make available a package for WireGuard on pfsense. I have tested the package and would like to recommend this to all of those who might be interested. The package thread and discussion are found here : https://forum.netgate.com/topic/150943/i-made-a-wireguard-package-for-pfsense and here on Github : https://github.com/Ascrod/pfSense-pkg-wireguard Here are Ascrod assets in releases on github : https://github.com/Ascrod/pfSense-pkg-wireguard/releases There is a webgui for WireGuard and it works well.The package works very well on pfsense 2.4.5. I was finally able to build my own Lucasnz pfsense 2.5.0 package successfully - and it worked as intended. Read the update for pfsense 2.5.0 pfSense-pkg-wireguard below. There also is a fork of this pfsense package developed by Ashus / pfSense-pkg-wireguard found here : https://github.com/Ashus/pfSense-pkg-wireguard Lucasnz see here for homepage : https://github.com/lucasnz/pfSense-pkg-wireguard lucasnz/pfSense-pkg-wireguard forked from Ascrod/pfSense-pkg-wireguard Here are Lucasnz assets in releases on github : https://github.com/lucasnz/pfSense-pkg-wireguard/releases/tag/v1.0.1 Please Note He Has Only One Package Which Is For pfSense 2.4.5 . If you want Lucasnz for pfSense 2.5.0 then you may either use the pre-compiled package I offer up here or build your own by following the tutorial provided below. For those interested - I have one link to a tutorial and another which points you to an already compiled Lucasnz package for pfsense 2.5.0 - which is based on FreeBSD 12. The tutorial illustrates and instructs you how to build your own Lucasnz pfSense-pkg-wireguard-1.0.1.txz package. The reason that I chose Lucasnz is because " that it just works ". Lucasnz WireGuard for pfsense survives reboots, upgrades - and has no issues with DNS or any such other related problems. The links are here below for all those interested : https://drive.google.com/file/d/1b8coPZvqmhisHpoFBfOBV9BYaH917yaC/view?usp=sharing / tutorial link https://drive.google.com/file/d/1SaggDk6-1BOwcSa4-498jQfGZICqqvsb/view?usp=sharing / package download These really work well IMHO - so I hope this helps and a word to the wise should be sufficient. I am going to try to get Ashus / pfSense-pkg-wireguard to work on pfsense 2.5.0 and I will report my findings. UPDATE BELOW : Well, I got in touch with Ashus - and he was kind enough to build and compile a " proper and official " pfSense-pkg-wireguard-1.0.1-freebsd12-amd64.txz ( this is the package needed for pfsense 2.5.0 ) . Here are Ashus assets in releases on github : https://github.com/Ashus/pfSense-pkg-wireguard/releases by using Ashus packages you can either install pfSense-pkg-wireguard-1.0.1-freebsd11-amd64.txz ( for pfsense 2.4.5 / based on FreeBsd 11 ) or use his new pfSense-pkg-wireguard-1.0.1-freebsd12-amd64.txz ( for pfsense 2.5.0 -devel - based on FreeBsd 12 ) . Always check https://pkg.freebsd.org/FreeBSD:12:amd64/latest/All/ or https://pkg.freebsd.org/FreeBSD:11:amd64/latest/All/ for the latest packages in the FreeBsd Repo depending on your architecture - especially as bash, wireguard-go, and wireguard packages are updated periodically. I have found as of late that if you try to access the main FreeBSD repo by entering the " https://pkg.freebsd.org/FreeBSD:12:amd64/latest/All/ " url - you will get the " 403 Forbidden - nginx error ". This precludes you from viewing the current FreeBSD package list. I searched around and found a FreeBSD package repo that seems to be up and stable - it is " http://pkg0.jinx.freebsd.org/FreeBSD:12:amd64/latest/All/ " or http://pkg0.jinx.freebsd.org/FreeBSD:11:amd64/latest/All/ which is located in South Africa. Virtually all of the FreeBSD package repos are inaccessible as well. Oddly, enough you are still able to download the FreeBSD packages from the main repo - it is just that you can not see the repo packages ( to check package latest versions by entering the url ). With that being said - let's proceed. the complete needed software installation is outlined like this here - see below : Use Putty or Kitty to enter an SSH session on your pfsense router in order to proceed : Or Use FreeBsd Mirror - http://pkg0.jinx.freebsd.org/FreeBSD:12:amd64/latest/All/ The procedure detailed below is for pfsense 2.5.0 / FreeBsd 12 : 1. pkg add http://pkg0.jinx.freebsd.org/FreeBSD:12:amd64/latest/All/bash-5.0.18_2.txz 2. (opt.) pkg add https://pkg.freebsd.org/FreeBSD:12:amd64/latest/All/bash-completion-2.10,2.txz 3. pkg add https://pkg.freebsd.org/FreeBSD:12:amd64/latest/All/wireguard-go-0.0.20200320.txz 4. pkg add https://pkg.freebsd.org/FreeBSD:12:amd64/latest/All/wireguard-1.0.20200513.txz 5. pkg add https://github.com/Ashus/pfSense-pkg-wireguard/releases/download/v1.0.1b/pfSense-pkg-wireguard-1.0.1-freebsd12-amd64.txz Or Use FreeBsd Mirror - http://pkg0.jinx.freebsd.org/FreeBSD:11:amd64/latest/All/ This procedure detailed below is for pfsense 2.4.5 / FreeBsd 11 : 1. pkg add http://pkg0.jinx.freebsd.org/FreeBSD:11:amd64/latest/All/bash-5.0.18_2.txz 2. (opt.) pkg add http://pkg.freebsd.org/FreeBSD:11:amd64/latest/All/bash-completion-2.10,2.txz 3. pkg add http://pkg.freebsd.org/FreeBSD:11:amd64/latest/All/wireguard-go-0.0.20200320.txz 4. pkg add http://pkg.freebsd.org/FreeBSD:11:amd64/latest/All/wireguard-1.0.20200513.txz 5. pkg add https://github.com/Ashus/pfSense-pkg-wireguard/releases/download/v1.0.1b/pfSense-pkg-wireguard-1.0.1-freebsd11-amd64.txz Please Note and Understand : I strongly recommend using Lucasnz pfSense-pkg-wireguard-1.0.1.txz package for the reasons detailed above. For pfSense 2.4.5 ( Based on FreeBsd 11 ) in step # 5 substitute the line below : 5. pkg add https://github.com/lucasnz/pfSense-pkg-wireguard/releases/download/v1.0.1/pfSense-pkg-wireguard-1.0.1-freebsd11-amd64.txz For Lucasnz for pfSense 2.5.0 ( Based on FreeBsd 12 ) - 1 - Download the already compiled Lucasnz pfSense-pkg-wireguard-1.0.1.txz package above ( or build your own from tutorial above ) to usb drive or desktop folder where you can find this later. 2 - Next fire up your pfSense 2.5.0 router. WinSCP ( scp protocol ) into your 2.5.0 router and transfer ( drag and drop ) the Lucasnz pfSense-pkg-wireguard-1.0.1.txz from the local directory you exported it to earlier ( in this case on my Windows 10 machine ) into the /root directory of your pfSense 2.5.0 router. 3 - Finally, for pfSense 2.5.0 in step # 5 substitute the line below : 5. pkg add pfSense-pkg-wireguard-1.0.1.txz ( Use / substitute your WinSCP transferred package here ) You can also try Ascrod's Wireguard package but this is described in detail in the first link above. Ashus has more features - you can read the documentation for each and make your decision. These are Ashus' Wireguard setup directions below : Configuration Configure an interface and any number of peers. Then go to the Assign Interfaces screen and create a new interface for tunwg0. Name it, enable it, and don't touch any other settings. Once the interface is up, you can create firewall rules for it, forward ports to it, and generally treat it the same as a physical interface. It should also persist across reboots. If there is a need for more interfaces, add the tunwg1.conf or more files with incremental interface number to /usr/local/etc/wireguard/. Unfortunately those cannot be currently edited via GUI, and everytime you add more, you need to reinstall this package or wireguard service. Each time the service is reinstalled, all tunnels are detected from files again, so they could persist across reboots and could be reloaded from GUI all at once. For help with configuring WireGuard, please read the official documentation . The unofficial documentation and examples may also be helpful. 1 - You must fill in your TorGuard WirGuard information in the WireGuard webgui - under VPN > WireGuard > Interface and VPN > WireGuard > Peers - and Save Both entries See this tutorial here for directions as to how to generate your TorGuard Wireguard Configuration Files : https://forums.torguard.net/index.php?/topic/1698-pfsense-wireguard-client-working-with-catch-22/ Read Step 2 on that page for detailed explanation 2- Create WireGuard Interface with this command : # wg-quick up tunwg0 Then go to Interfaces > Assign Interfaces Add tunwg0 ( opt 1 , 2 etc depending on your setup ) Name it, enable it, and don't touch any other settings. 3 - Then setup firewall rules for tunwg0 - there are many firewall setup options to be found here : https://forum.netgate.com/topic/150943/i-made-a-wireguard-package-for-pfsense Just read through the thread. If you want a simple firewall rule setup see below : 4 - Now head to pfSense WEBGUI in order to configure Wireguard Interface ( created earlier ) and FireWall Rule. First, go to Interfaces > Assignments -you will see tunwg0 interface - click (+) add button /symbol. Once the tunwg0 interface is listed as ( OPT 1 - 2 depending on your setup ) - Click underneath it - - enter check in " Enable interface " - and enter description - I call mine " WIRE " - DO NOTHING ELSE HERE ! Save and Apply - Done with this phase. 5 - Next - Firewall Rule - go to Firewall > NAT > Outbound Once on this Landing Page put a Dot in radio button Hybrid outbound NAT rule generation - Click on Save - Do Not - Repeat Do Not Click Save and Apply At This Time - Instead Click on Add Square with Up Arrow (underneath Mappings ) on the page which opens change Interface from WAN in drop down menu to your WireGuard ( tunwg0 ) Interface which you created and labeled previously - in this example " WIRE " . Next - Change Source Address to " ANY " from the drop down menu. Leave / Set Translation/target to Interface address. Enter " Description -e.g. " Made For Wire " now Click " Save " at bottom of page. You will be taken back to Firewall:Nat:Outbound Landing Page - Click on " Apply Changes " in right upper hand corner - Done with Firewall Rule. This rule is the only one you need. Now that your TorGuard WireGuard Client is installed and ready - you may enter command # /usr/local/etc/rc.d/wireguard.sh restart in order to start it up. You may also reboot your pfsense Router Hope this helps someone - See screenshots below for illustrative purposes - enjoy !!! Naturally substitute your own TorGuard WireGuard connection information Peace, directnupe
  10. tastievalues

    whole-home Wireguard VPN on dd-wrt

    I've been looking around, and I know it's still relatively new and all, but I haven't been able to find a whole-home torguard dd-wrt wireguard guide/set-up... I have seen the excellent OpenVPN write ups like this one on how to set up OpenVPN on newer DD-WRT setups: https://torguard.net/knowledgebase.php?action=displayarticle&id=262 I'm looking for that article, just with wireguard instructions instead. If someone can write one up, I'm sure it would be beneficial to a lot of people. On the other hand, I may be a lousy searcher and it may already have been written. If this is the case, please remind me that search is my friend and be a pal and throw in the link for me too please ;x -cheers
  11. James8078

    Wireguard upload speed

    Hi, I have wireguard on my router as client and also via the wireguard app on my android cell. The download speed is awesome, the same as my ISP is. But the upload is about 0 to 1 mbps instead of 15. Idea? Thanks
  12. Dear Community, Original OPNsnese Forum Post Here : https://forum.opnsense.org/index.php?topic=13461.0 And I quote " Jimi ": I see that we meet again hmmm " see here: https://youtu.be/gFAQWjdCO8o and for the purpose as stated by the leader of The Family Stone " I Want To Take You Higher - see here : https://www.youtube.com/watch?v=LQkdiJQIX5Y Now after the intro - let's get down to business. This tutorial guide details dead simple GUARANTEED method(s) to get WIREGUARD Client up and running on OPNsense Firewall. I will explore the one I prefer first. Some of you may remember my work with GETDNS and STUBBY. Please read Mimugmail's comments ( the developer and maintainer of os-wireguard-devel plugin ) below in the first reply to this tutorial. He was kind enough to inform me of a few points so no one does extra work. Specifically, Mimugmail details methods for easier OPNsense ports installation and / or easier method to install WireGuard and WireGuard-Go packages. This installation is for commercial WireGuard Clients ONLY ! - where creation of keys and how to exchange them is not needed. The keys are generated and managed by your WireGuard VPN service provider - in my case - TorGuard. 1 - As per Mimugmail's advice you can choose to install WireGuard either through ports or pkg install method. From his reply : You can install wireguard just via # pkg install wireguard && pkg install wireguard-go The pkg versions are always the latest which were available at the time of the release. The version you mention here is already in the ports tree but the pkg will be in the next minor release. To speed this up you could also do on your opnsense installation: # opnsense-code ports && cd /usr/ports/net/wireguard && make install - As I wanted the latest package ( I did not care to wait for pkg update on OPNsense and I do not like installing the entire OPNsense Ports collection on my OPNsnese Instance ) - I did the following and it worked out great. 2 - First install the necessary packages which are in the OPNsense repository by default with the command : # pkg install wireguard && pkg install wireguard-go - As Mimugmail points out, this will install latest versions of these packages. Ready to get this going and up and running then follow steps below. 3 - To begin you need to get your WIREGUARD configuration files from the TORGUARD website. To do so login your TORGUARD account then go to Tools ( along the top of Login Page ) from drop Down Menu click on Enable WIREGUARD Access. You will then be in your TorGuard Account Area. You will see this message along the top : Below is a list of WireGuard VPN Servers, Please click enable in front of the servers you like to connect to, and use the returned keys shown to connect. Currently, TORGUARD offers WIREGUARD Servers in USA - New York ( quite actually situated in Clifton, New Jersey ), Asia - Singapore and Europe - UK. Click on your preferred Server - Enable WIREGUARD. This will result in a green box below the now grayed out box - which states now Disable WIREGUARD - naturally leave your server enabled as you want to connect to the now enabled server. Next, .Download Config file as the box allows you to do now that you have enabled your WIREGUARD Server. You will also see in the adjoining box the following : Location VPN Server Keys Manage USA - New York 1 159.xx.xxx.xx:xxx Server Public key: 62lKu9HsDVbyiPenApnc4sfmSYTHOVfFgL3pyB+cBL4= Your Private Key: cE2ecALeE5B+urJhDrJlVFmf38cJLAvqekONvjvpqUA= Your Address: 10.xx.x.xxx/24 4 - Now I used this guide as the template for my manual installation of WIREGUARD on OPNsense see here : https://genneko.github.io/playing-with-bsd/networking/freebsd-wireguard-quicklook/ I will make this simple for you step by step. You may sing and / or hum along as we proceed. A- First - configure WireGuard Client. TorGuard, AzireVPN, VPN.ac, Mullvad, IVPN, are commercial VPN providers which offer LIVE ! WireGuard Services now. I use TorGuard here is a sample file. Keys are dummies - only used for illustrative purposes in this tutorial- Use your real WireGuard configuration file here: Create file by command line - # nano /usr/local/etc/wireguard/wg0.conf - and enter the configuration file below ( copy and paste ) - substitute your real one. Save and Close. Done with this file. # TorGuard WireGuard Config [Interface] PrivateKey = cE2ecALeE5B+urJhDrJlVFmf38cJLAvqekONvjvpqUA= ListenPort = 51820 DNS = Address = 10.xx.x.xxx/24 [Peer] PublicKey = 62lKu9HsDVbyiPenApnc4sfmSYTHOVfFgL3pyB+cBL4= AllowedIPs = Endpoint = 159.xx.xx.xxx:xxx PersistentKeepalive = 25 B - Secondly, run command via SSH # wg-quick up wg0 ( wireguard-go is in package and this action creates wireguard interface ) You may also run # wireguard-go wg0 to create wg0 but I prefer the first method mentioned here. 5 - Configure WireGuard Service with rc.d - for automatic startup/shutdown of the tunnel. In order to achieve this there’s already an rc.d script /usr/local/etc/rc.d/wireguard which came with the wireguard package. You need to issue this command : # mv /usr/local/etc/rc.d/wireguard /usr/local/etc/rc.d/wireguard.sh then enter the file - # nano /usr/local/etc/rc.d/wireguard.sh Then go to bottom of file - lines 46 and 47 - change : ${wireguard_enable="NO"} to : ${wireguard_enable="YES"} and then add wg0 on line 47 : ${wireguard_interfaces=""} to : ${wireguard_interfaces="wg0"} ( wgZero ) - Save and Close - Make it executable, I run two commands - it works for me: # chmod a+x /usr/local/etc/rc.d/wireguard.sh # chmod 744 /usr/local/etc/rc.d/wireguard.sh - Done with this file. 6 - In order to have OPNsense use default start up script ( /usr/local/etc/rc.d/wireguard.sh ) at boot time you will have to create a boot time start up script for it in /etc/rc.conf.d/. Not to prolong this - do the following : # nano /etc/rc.conf.d/wireguard - in the new file enter the following two lines: wireguard_enable="YES" wireguard_bootup_run="/usr/local/etc/rc.d/wireguard.sh" Save and Close - Make it executable- # chmod a+x /etc/rc.conf.d/wireguard # chmod 744 /etc/rc.conf.d/wireguard / Done with this file. 7 - Now head to OPNsense WEBGUI in order to configure Wireguard Interface ( created earlier ) and FireWall Rule. First, on Left Side WebGui Column - go to Interfaces > Assignments -you will see wg0 interface - click (+) add button /symbol. Once the wg0 interface is listed as OPT ( 1 - 2 depending on your setup ) - Click underneath it - - enter checks in " Prevent interface removal' and " Enabled " - and enter description - I call mine " WIRE " - DO NOTHING ELSE HERE ! Save and Apply - Done with this phase. Second - Firewall Rule - on Left Side WebGui Column - go to Firewall > NAT > Outbound > Once on this Landing Page put a Dot in radio button Hybrid outbound NAT rule generation - Click on Save - Do Not - Repeat Do Not Click Save and Apply At This Time - Instead Click on Add (+) Button on right side top of page - on the page which opens change Interface from WAN in drop down menu to your Wireguard ( wg0 ) Interface - in my case " WIRE " as I labeled it in the description of the interface I added earlier. Next - Change Translation/target to Interface address. Enter " Description -e.g. " Made For Wire " now Click " Save " at bottom of page. You will be taken back to Firewall:Nat:Outbound Landing Page - Click on " Apply Changes " in right upper hand corner - Done with Firewall Rule. This rule is the only one you need. When using these updated packages as I did, in order to stop nagging messages to re-install outdated OPNsense wireguard and wireguard-go packages use FreeBSD pkg lock option. Issue commands in order : # pkg lock wireguard and # pkg lock wireguard-go It may be necessary to reboot OPNsense after locking wireguard and wireguard-go packages in order to restart WireGuard from command line. Your WireGuard Client is now installed and ready - you may enter command # /usr/local/etc/rc.d/wireguard.sh restart in order to start it up. You may also reboot your OPNsense Router. Lastly, issue command # wg show which prints out your WireGuard Connection statistics and configuration. I will install wireguard via # pkg install wireguard && pkg install wireguard-go as my go to method in the future. Peace and Grace Be Unto All God's Creation
  • Create New...