Jump to content
TorGuard

🔥 HowTo - OpenWRT with any TorGuard's Wireguard IP

Rate this topic


19807409

Recommended Posts

19807409
36 minutes ago, James8078 said:

no, Im online, as I said I cant download with my build, but I can manualy

well, if opkg ends up in an error it means those servers are not reachable and the same will happen with api. This is logical that scripts will not work if you are offline. What you mean with "I am online" is also unclear, as the error which can be seen clearly indicates that you are offline.

What it means "I cant download with my build but can manualy" tells me also not more than that you are offline and if you are offline scripts will not work.

Why cant you download with your build and why do you run that build at all?

Like I said before, script works, but you should have come up with explanation of your setup as it clearly is offline for me by any definition and if you can download manually or not could mean a lot too like that you can download on another pc and download.

Try this script when you are online and when you can ensure that your script can get reply from api, obviously, if you cant reach openwrt servers I doubt torguards are reachable.

Link to post
Share on other sites
  • Replies 167
  • Created
  • Last Reply

Top Posters In This Topic

  • 19807409

    92

  • James8078

    42

  • simschu

    9

  • Keymaster4225

    6

Top Posters In This Topic

Popular Posts

I decided to write a simple guide and share it with most before preparing this guide properly and uploading everything to github. This guide will be updated and scripts uploaded to github, after that

glad it worked, you are welcome Actually yes, simply rerunning tginstall, as your credentials and so on are saved in /etc/config/torguard, just change before that server ip which is saved in /

Excellent. I was able to change it. Previously, I was just deleting the files in /usr/bin but it didn't ask for the new IP, so your solution was very welcome! thank you!   Here are the resul

Posted Images

19807409
44 minutes ago, James8078 said:

here the result from api url: (from new script) 

Whitelabel Error Page

This application has no explicit mapping for /error, so you are seeing this as a fallback.
Thu Jan 14 23:56:46 UTC 2021
There was an unexpected error (type=Internal Server Error, status=500).
Can not add peer with public key '7v9J/PNAM 5GCZ2oxK3Dht3LSpZMhKpbFcQylx7ubBs=' and IP 10.xx.xxx.225/32. /usr/bin/wg returned with exit value 1

ok so I did  the url thing to change, it is working, I got respond from server, the infos are correct, dont know where I had to put :

uci set [email protected]_tg0[0].wgapipubkey='03FhlS2c1EXXXXXXXXXXXXXXPDaog6BoGVPFI%3d'

I paste in my terminal and reinstall after that, after, the wg interface in open wrt, is gone 😉 lol

The error above indicates that public key formating is wrong.

Tginstall will always delete existing interface with same number and recreate it.

Link to post
Share on other sites
James8078
14 minutes ago, 19807409 said:

well, if opkg ends up in an error it means those servers are not reachable and the same will happen with api. This is logical that scripts will not work if you are offline. What you mean with "I am online" is also unclear, as the error which can be seen clearly indicates that you are offline.

What it means "I cant download with my build but can manualy" tells me also not more than that you are offline and if you are offline scripts will not work.

Why cant you download with your build and why do you run that build at all?

Like I said before, script works, but you should have come up with explanation of your setup as it clearly is offline for me by any definition and if you can download manually or not could mean a lot too like that you can download on another pc and download.

Try this script when you are online and when you can ensure that your script can get reply from api, obviously, if you cant reach openwrt servers I doubt torguards are reachable.

I will try with my other router with the 19.07.5 build. Cause as I said 2 times already, with my master build we can't not really update the packages even if WE ARE ONLINE as I am, cause I reply you and using messenger facebook with someone since an hour and Im doing some jobs here and there online without problem. 😉

thanks anyway

Link to post
Share on other sites
19807409
35 minutes ago, James8078 said:

I will try with my other router with the 19.07.5 build. Cause as I said 2 times already, with my master build we can't not really update the packages even if WE ARE ONLINE as I am, cause I reply you and using messenger facebook with someone since an hour and Im doing some jobs here and there online without problem. 😉

thanks anyway

you are welcome. It is already bad precondition if you have unstable image, 19.07.5 is good, but snapshot release is better, if you need gui, install it with opkg install luci.

Which model is it that you run that unstable build as well, you can compile on your own too.

Link to post
Share on other sites
James8078
12 minutes ago, 19807409 said:

you are welcome. It is already bad precondition if you have unstable image, 19.07.5 is good, but snapshot release is better, if you need gui, install it with opkg install luci.

Which model is it that you run that unstable build as well, you can compile on your own too.

it is stable but the packages is update when we upgrade the firmware  /sysupgrade.

Im using https://forum.openwrt.org/t/ipq806x-nss-build-netgear-r7800-tp-link-c2600-linksys-ea8500/82525

and KONG build on my R7800

Link to post
Share on other sites
James8078
23 minutes ago, 19807409 said:

you are welcome. It is already bad precondition if you have unstable image, 19.07.5 is good, but snapshot release is better, if you need gui, install it with opkg install luci.

Which model is it that you run that unstable build as well, you can compile on your own too.

the reason why the I have problem with packages is, snapshot  kmods typically cannot be upgraded on snapshot because the kernel is updated so frequently, vs stable build we are able to update without flashing to a new snapshot.

Link to post
Share on other sites
19807409
3 minutes ago, James8078 said:

the reason why the I have problem with packages is, snapshot  kmods typically cannot be upgraded on snapshot because the kernel is updated so frequently, vs stable build we are able to update without flashing to a new snapshot.

well, its not specifically for kmods but quite for most packages, normally if you install them after fresh upgrade, then they all install correctly.

For those reasons, there are dummy proof sysupgrade procedures, where you upgrade your image by keeping settings as well as all installed packages, meaning that after new flash, you do not need to do anything. You can read more about it here: https://openwrt.org/docs/guide-user/installation/generic.sysupgrade

1. follow the instructions from here (which is simply copy and paste): https://openwrt.org/docs/guide-user/additional-software/opkg#extras

2. If you have some additional/custom files which you want to add to backup, add them to /etc/sysupgrade.conf (like /root/.ssh if you use openssh instead of dropbear or any other user specific path). Editing sysupgrade.conf can be done in Luci too:

 

grafik

 

thats it, after you have done those 2 steps, you can simply flash latest sysupgrade by keeping seetings and all packages, really easy and simple actually offering you simple abiilty to upgrade always to latest version without a need to waste time on reinstalling everything or maintenance installation scripts.

  • Thanks 1
Link to post
Share on other sites
19807409
9 hours ago, James8078 said:

it is stable but the packages is update when we upgrade the firmware  /sysupgrade.

Im using https://forum.openwrt.org/t/ipq806x-nss-build-netgear-r7800-tp-link-c2600-linksys-ea8500/82525

and KONG build on my R7800

I do not have that device but looking at the thread it simply adds few things where I would not be sure if I want Dawn and maybe some other things, however, I assume you built from source and there few things could go wrong, however, with custom builds you get into the problem that for each sysupgrade you have to compile it as it is not compatible anymore with released snapshots/final releases.

By that, in any case, if snapshot build does work properly and includes all drivers you need which I assume it does, then for you it is still easier and quicker to upgrade daily to latest snapshot than to compile it daily which is a little time consuming process. As I described above a process of sysupgrade, you can use it and in difference to that procedure from the forum link you posted, I would use snapshot and install those packages manually.

From what I can see your router is listed here and snapshot as well as stable releases are available, this would be snapshot: https://downloads.openwrt.org/snapshots/targets/ipq806x/generic/

If you want to build exactly the same image on your own for a test, there is always latest config included: https://downloads.openwrt.org/snapshots/targets/ipq806x/generic/config.buildinfo

By that, I would suggest to use snapshot and then install packages which you need and configure it all, when you are finished, you can then even use autoscript upgrading weekly to latest snapshot. Where, I doubt anybody will and does upgrade a router daily, however, after months when I forgot even what I installed I dont need to care about it as the only thing I need to do then is simply download latest sysupgrade and upgrade.

 

9 hours ago, James8078 said:

why you say snapshot is better vs stable ?

Snapshot is latest, stable is known to be working stable and confirmed by time :). It depends on few things, but speaking about wireguard, snapshot has newer kernel and latest packages. But major advance for me is that it comes much cleaner than stable release as stable releases include all luci with httpd, snapshot comes clean and if you need to install luci you can install it as well as httpd and nginx.

Link to post
Share on other sites
James8078

ok, Reflashed my router just for you 😉

stable build, I can upload and download packages, I tried again the script, same thing, a lot of informations are missing in wg interface.

same thing. here log and setup (I removed username, pass and private key) and the url is ok..

look the part just below the certificate in log....? (not downloading)

thanks again, and sorry for the problems.

 

config torguard 'setupconfig'
	option enable_logging '1'
	option logext 'log'
	option logfiledir '/var/log/torguard'
	option binsoutdir '/usr/bin'
	option confsoutdir '/etc/config'
	option bins 'tgfunctions tginit tginit-uci-basic tginstall tguninstall tgsetup tgupgrade speedperf'
	option configs 'speedperf'
	option tgapibin '/etc/init.d/tgapi'

config torguard 'tg0'
	option ifname 'wg'
	option ifstartnr '0'
	option zone '1'

config credentials_tg0
	option username 'X'
	option password 'X'

config interface_tg0
	option proto 'wireguard'
	option listen_port '51820'
	list addresses ''
	option mtu '1420'
	option fwmark '0xFE'
	option delegate '0'
	option nohostroute '0'

config wireguard_tg0
	list allowed_ips '0.0.0.0/0'
	option endpoint_port '1443'
	option vpn_dns0 '10.9.0.1'
	option vpn_dns1 '10.8.0.1'
	option persistent_keepalive '25'
	option route_allowed_ips '1'
	option upgrade '0'
	option apifix '1'
	option description 'TorGuard - Dedicated - tg0'
	option endpoint_host '192.252.213.122'
	option tgprivkey 'XX'
	option tgpubkey 'Qb8GbyUnxti5yBZm9vfAljqYAQnw9TvHjnacOCSHtQY='
	option apifixtimeout '1d'
	option wgapipubkey 'Qb8GbyUnxti5yBZm9vfAljqYAQnw9TvHjnacOCSHtQY%3d'

config serverlist
	option json '/etc/torguard/wireguard.json'

config specification 'spec_wireguard_proto'
	list proto 'udp'

config specification 'spec_wireguard_ports'
	list port '1443'

config specification 'spec_openvpn_proto'
	list proto 'udp'
	list proto 'tcp'

config specification 'spec_openvpn_ports'
	list port '22'
	list port '53'
	list port '80'
	list port '389'
	list port '501'
	list port '443'
	list port '995'
	list port '1195'
	list port '1198'
	list port '1215'
	list port '1912'
	list port '4443'
	list port '9201'

config specification 'spec_openvpn_cipher'
	list cipher 'aes-128-gcm'

config specification 'spec_openvpn_auth'
	list auth 'sha1'
	list auth 'sha256'
	list auth 'sha512'

config specification 'spec_oc'
	list proto 'tcp'
	list proto 'udp'
	list port '443'

config specification 'spec_dns_us1'
	option name 'TorGuard Public DNS - USA'
	list dns '104.223.91.194,104.223.91.210'

config specification 'spec_dns_cloudflare'
	option name 'Cloudflare'
	list dns '1.1.1.1,1.0.0.1'

config specification 'spec_dns_google'
	option name 'Google'
	list dns '8.8.8.8,8.8.4.4'

config specification 'spec_dns_opendns'
	list dns '4.2.2.2,4.2.2.3'
	list dns '208.67.222.222,208.67.220.220'
	option name 'OpenDNS'

config specification 'spec_dns_quad9'
	option name 'Quad9'
	list dns '9.9.9.9'

config specification 'spec_proxy_hostnames'
	list hostname 'proxy.torguard.org'
	list hostname 'proxy.torguard.io'
	list hostname 'proxy.secureconnect.me'

config specification 'spec_socks5'
	list port '1080'
	list port '1085'
	list port '1090'

config specification 'spec_proxy_http'
	list port '6060'
	list port '1337'
	list port '1338'
	list port '1339'
	list port '1340'
	list port '1341'
	list port '1342'
	list port '1343'

config specification 'spec_proxy_ssl'
	list port '23'
	list port '592'
	list port '778'
	list port '489'
	list port '282'
	list port '993'
	list port '465'
	list port '7070'
set globalVars
-----BEGIN CERTIFICATE-----
MIIEujCCAqKgAwIBAgIRAOLkx9DgmetClFsZ11C9TDIwDQYJKoZIhvcNAQENBQAw
PTERMA8GA1UECgwIVG9yR3VhcmQxKDAmBgNVBAMMH1Rvckd1YXJkIFByaXZhdGUg
Um9vdCBDQSAxIDIwMjAwHhcNMjAwODA1MTk1MjUzWhcNMjQwODA0MTk1MjUzWjA0
MREwDwYDVQQKDAhUb3JHdWFyZDEfMB0GA1UEAwwWVG9yR3VhcmQgVlBOIFNlcnZl
ciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKcu3+XcrvJIzhxw
GOnkbn1hA4gjpe9qp0HU2gkaciUG7MyBgulfGAJh2ZhRUtVN2r6ZSdGP/nXTcYmj
6dQLo1ohruTkbgbbwRAynFJQQaFidO6eD1o7snFNMaBwiNNLjK7jlMgjHAPpmMcl
+0adW0xPRalTWlI07Fwl7VO8D7yJtmS1v1Ip8SjutnEw8ynrZIJeldqJTgGrqevk
FWy7f1MhXlnNmNG7edp18hE6fKrRVSN8QmcZ9KgcSsZ9i4MwSeiXV1feGPNfFQxA
DwA652r0TsRNjPUd1bDEad1f8Mb8X5QvSXrCkNn8n1DJK9zOqKaLhztt1ICr9WHQ
QQPXRIkCAwEAAaOBvTCBujAOBgNVHQ8BAf8EBAMCAsQwEgYDVR0TAQH/BAgwBgEB
/wIBADAdBgNVHQ4EFgQUXEcNR/LSidNqZyw5qrXZnWxZsXIwdQYDVR0jBG4wbIAU
r7BhTzn5fCHgXDiUT2Yl86Fm372hQaQ/MD0xETAPBgNVBAoMCFRvckd1YXJkMSgw
JgYDVQQDDB9Ub3JHdWFyZCBQcml2YXRlIFJvb3QgQ0EgMSAyMDIwghEA4uTH0OCZ
60KUWxnXUL1MMDANBgkqhkiG9w0BAQ0FAAOCAgEAFL9QVr1qWVrtctoiq/fI865y
4hb7T5rhWiCGeGh0qqkXX3hOtY0jPD4afjAwbP5rDkxujs08ZRm2RbwfjSBSkFgS
7rFYB88wcmJqVbAzy0vKtMougY/hxZZGqXcL0pAQJuJQVIQlLo1siiVfWk4jb9ue
X/o4zjXnoqGgiziQ/pXd9sgSnWZ9u8obszbNu15Nb/9HYie9ZezB+1VYNkIiCazk
E7zeahcfX/Epje5VX7Am7romcjXpX3zwozD5kEASo7YC0FZsJx1KH5/R4vpSwSB6
QwditKGqS7giA5191lmpeHCxxLH0w4KOAlbnkpHUWWhovDqxxupi4RoxALSTD/c5
ueEck+zjDFLHM11/A7c29UczyOBaVXNmsf969jRgKodTY/gejIW8WH6OnjYpYZhn
5h70Jr0xt8rppo7BqX9UUJbIKIfqHRTBuy9MHIamkYks1SY85TyrfSsSQOSg6AlS
aM92o+jm3qoVza75Ksa8Wel3pgs6FUfAp8aPRaQ+ysYV2Qlp6Byd702VuzdIfc/1
BlMk6TYfMFiaESBensO5GTa6p8ZEXOOsN3OSRc51iZ5OEMRp1w6364JnYNK9vmdA
OJdOz5njXFgb1BetQVuMY06pT861ByCQ0tl5XZycQf2ifFoAlZSwWkP5DFV5Ozq2
dI1mOMT8mRwIDfOfBJc=
-----END CERTIFICATE-----
wget: OK - found: - /usr/bin/wget
Set script messages
initialize luci configs
Found bin: /usr/bin/tgfunctions ... not downloading
Found bin: /usr/bin/tginit ... not downloading
Found bin: /usr/bin/tginit-uci-basic ... not downloading
Found bin: /usr/bin/tginstall ... not downloading
Found bin: /usr/bin/tguninstall ... not downloading
Found bin: /usr/bin/tgsetup ... not downloading
Found bin: /usr/bin/tgupgrade ... not downloading
Found bin: /usr/bin/speedperf ... not downloading
Found: /etc/config/torguard (unattended setup)
get TGUSER value... X
get TGPASS value... X
get WGIFNR value... 0
get FIREWALLZONE value... 1
get WGINTERFACE value... wg
get NOHOSTROUTE value... 0
get TGUSER value... 51820
get MTU value... 1420
get FWMARK value... 0xFE
get DELEGATE value (use IPv6) ... 0
get ROUTEALLOWEDIPS value... 1
get KEEPALIVE value... 25
get ENDPOINT value... 192.252.213.122
get WGPRIVKEY value... X
get WGAPIPUBKEY value... Qb8GbyUnxti5yBZm9vfAljqYAQnw9TvHjnacOCSHtQY%3d
get WGUPGRADE value... 0
get WGAPIFIX value... 1
get WGAPIFIXTIMEOUT value... 1d
get ENPOINTPORT value... 1443
unattended: yes
starting /usr/bin/tginstall...
set global vars
-----BEGIN CERTIFICATE-----
MIIEujCCAqKgAwIBAgIRAOLkx9DgmetClFsZ11C9TDIwDQYJKoZIhvcNAQENBQAw
PTERMA8GA1UECgwIVG9yR3VhcmQxKDAmBgNVBAMMH1Rvckd1YXJkIFByaXZhdGUg
Um9vdCBDQSAxIDIwMjAwHhcNMjAwODA1MTk1MjUzWhcNMjQwODA0MTk1MjUzWjA0
MREwDwYDVQQKDAhUb3JHdWFyZDEfMB0GA1UEAwwWVG9yR3VhcmQgVlBOIFNlcnZl
ciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKcu3+XcrvJIzhxw
GOnkbn1hA4gjpe9qp0HU2gkaciUG7MyBgulfGAJh2ZhRUtVN2r6ZSdGP/nXTcYmj
6dQLo1ohruTkbgbbwRAynFJQQaFidO6eD1o7snFNMaBwiNNLjK7jlMgjHAPpmMcl
+0adW0xPRalTWlI07Fwl7VO8D7yJtmS1v1Ip8SjutnEw8ynrZIJeldqJTgGrqevk
FWy7f1MhXlnNmNG7edp18hE6fKrRVSN8QmcZ9KgcSsZ9i4MwSeiXV1feGPNfFQxA
DwA652r0TsRNjPUd1bDEad1f8Mb8X5QvSXrCkNn8n1DJK9zOqKaLhztt1ICr9WHQ
QQPXRIkCAwEAAaOBvTCBujAOBgNVHQ8BAf8EBAMCAsQwEgYDVR0TAQH/BAgwBgEB
/wIBADAdBgNVHQ4EFgQUXEcNR/LSidNqZyw5qrXZnWxZsXIwdQYDVR0jBG4wbIAU
r7BhTzn5fCHgXDiUT2Yl86Fm372hQaQ/MD0xETAPBgNVBAoMCFRvckd1YXJkMSgw
JgYDVQQDDB9Ub3JHdWFyZCBQcml2YXRlIFJvb3QgQ0EgMSAyMDIwghEA4uTH0OCZ
60KUWxnXUL1MMDANBgkqhkiG9w0BAQ0FAAOCAgEAFL9QVr1qWVrtctoiq/fI865y
4hb7T5rhWiCGeGh0qqkXX3hOtY0jPD4afjAwbP5rDkxujs08ZRm2RbwfjSBSkFgS
7rFYB88wcmJqVbAzy0vKtMougY/hxZZGqXcL0pAQJuJQVIQlLo1siiVfWk4jb9ue
X/o4zjXnoqGgiziQ/pXd9sgSnWZ9u8obszbNu15Nb/9HYie9ZezB+1VYNkIiCazk
E7zeahcfX/Epje5VX7Am7romcjXpX3zwozD5kEASo7YC0FZsJx1KH5/R4vpSwSB6
QwditKGqS7giA5191lmpeHCxxLH0w4KOAlbnkpHUWWhovDqxxupi4RoxALSTD/c5
ueEck+zjDFLHM11/A7c29UczyOBaVXNmsf969jRgKodTY/gejIW8WH6OnjYpYZhn
5h70Jr0xt8rppo7BqX9UUJbIKIfqHRTBuy9MHIamkYks1SY85TyrfSsSQOSg6AlS
aM92o+jm3qoVza75Ksa8Wel3pgs6FUfAp8aPRaQ+ysYV2Qlp6Byd702VuzdIfc/1
BlMk6TYfMFiaESBensO5GTa6p8ZEXOOsN3OSRc51iZ5OEMRp1w6364JnYNK9vmdA
OJdOz5njXFgb1BetQVuMY06pT861ByCQ0tl5XZycQf2ifFoAlZSwWkP5DFV5Ozq2
dI1mOMT8mRwIDfOfBJc=
-----END CERTIFICATE-----
wget: OK - found: - /usr/bin/wget
consturct download and git vars (requirement for setTginitMsgs), set Info message Variables passed by script, usage info, examples vars and current script messages
---
Example single ip usage:
  tginit "VPNUsername" "VPNPass" "wg" "0" "0" "41820" "1420" "AA" "25" "0" "1" "1" "AAAABBBBCCCCDDDDEEEEFFFFGGGGHHHHIIIIJJJJLLL=" "1.2.3.4:1443" 
---
Example serverlist usage:
    tginit "VPNUsername" "VPNPass" "wg" "0" "1" "41820" "1420" "AA" "25" "0" "0" "1" "AAAABBBBCCCCDDDDEEEEFFFFGGGGHHHHIIIIJJJJLLL=" "1.2.3.4:1443 5.6.7.8:1443 9.10.11.12:1443"
---
In example about with serverlist:	route allowed ip's is disabled for each entry
									Do not create host routes to peers enabled, please uncheck before use.
---
Cleanup/Uninstall:
   rm -f /usr/bin/tgapitest /usr/bin/tginit      /usr/bin/tginstall      /usr/bin/tginit-uci-basic      /etc/init.d/tgapi      /etc/config/torguard
---
Download with curl:
    curl -o /usr/bin/tginit https://raw.githubusercontent.com/TorGuard/openwrt-scripts/master/usr/bin/tginit && chmod +x /usr/bin/tginit
    curl -o /usr/bin/tginstall https://raw.githubusercontent.com/TorGuard/openwrt-scripts/master/usr/bin/tginstall && chmod +x /usr/bin/tginstall
---
Download with wget
 	wget -O /usr/bin/tginit https://raw.githubusercontent.com/TorGuard/openwrt-scripts/master/usr/bin/tginit && chmod +x /usr/bin/tginit
 	wget -O /usr/bin/tginstall https://raw.githubusercontent.com/TorGuard/openwrt-scripts/master/usr/bin/tginstall && chmod +x /usr/bin/tginstall
---
Change your credentials and server:
	  TGSERVERLIST='123.123.123.123:1443 124.125.124.125:1443'
	  sed -i 's/YourVPNUsername//' /usr/bin/tginstall
	  sed -i 's/YourVPNPassword//' /usr/bin/tginstall
	  sed -i 's/TorguardServer1:1443 TorguardServer2:1443 TorguardServer3:1443/192.252.213.122:1443/' /usr/bin/tginstall
---
--- # Variables passed by script --- TorGuard VPN username: X TorGuard VPN password: X Wireguard interface name: wg Wireguard interface number: 0 do not create host routes to peers: 0 UDP port for out-/incoming packets: 51820 Maximum Transmission Unit of tunnel: 1420 32-bit mark for outgoing packets: 0xFE Seconds between keep alive messages: 25 Use builtin IPv6-management: 0 Route allowed IPs: 1 TorGuard firewall zone: 1 TorGuard wireguard private key: sN6//+pUJOFLBGX/aKWIP7jutrJ5sFwwVKHSQehsrFs= API Fix /usr/bin/tgapitest API Fix timeout 1d Sevice file path /etc/init.d/tgapi TorGuard Server List: 192.252.213.122:1443 ---
API key from /etc/config/torguard OK - X
createwgpubkey... generating public key ... OK: Qb8GbyUnxti5yBZm9vfAljqYAQnw9TvHjnacOCSHtQY=
set vars for server for ip: 192.252.213.122:1443 ...
PORT: 51820
FWMARK: fe
Wireguard interface number: 0
Description: wg0 (TorGuard)
Firewall zone: wan 
Endpoint host: 192.252.213.122
Endpoint port: 1443
delete wireguard interface with same name... (192.252.213.122:1443)
delete existing default peer 0 and commit changes...
delete existing wireguard interface and commit changes...
restart network...
'radio2' is disabled
using API key from /etc/config/torguard: OK (X)
createwgpubkey... generating public key ... OK: Qb8GbyUnxti5yBZm9vfAljqYAQnw9TvHjnacOCSHtQY=
USED PUBLIC AND API KEYS:
Private: X=
Public:  Qb8GbyUnxti5yBZm9vfAljqYAQnw9TvHjnacOCSHtQY=
API Public key:Qb8GbyUnxti5yBZm9vfAljqYAQnw9TvHjnacOCSHtQY=
API: https://ninjanoir78:[email protected]:1443/api/v1/setup?public-key=Qb8GbyUnxti5yBZm9vfAljqYAQnw9TvHjnacOCSHtQY=
#!/bin/sh
# Copyright (c) 2021 TorGuard forum user 19807409
# endless loop running every 1 minutes (60 seconds)
WAITTIME=1d
while true
do
	/usr/bin/wget --ca-certificate /etc/torguard/ca.crt -qO- https://X:[email protected]:1443/api/v1/setup?public-key=Qb8GbyUnxti5yBZm9vfAljqYAQnw9TvHjnacOCSHtQY=
	sleep ${WAITTIME}
done
Make cronjob script executable: /usr/bin/tgapitest
#!/bin/sh /etc/rc.common
# Copyright (c) 2021 TorGuard forum user 19807409

START=50
STOP=50

USE_PROCD=1

reload_service() {
	procd_send_signal /usr/bin/tgapitest
}

start_service() {
	procd_open_instance
	procd_set_param command /usr/bin/tgapitest
	procd_set_param respawn
	procd_close_instance
}
Make init script executable: /etc/init.d/tgapi
Public key: 
Peer server: 
IP Addresses: 
Allowd IPs: 
DNS1: 
DNS2: 
Endpoint host: 
Endpoint Port: 
Expiration date epoch: 
create new wireguard interface with torguards server: 192.252.213.122:1443
add new network interface (torguard wireguard interface)
cfg066d96
rename new interface to: wg0
set new interface's proto: wireguard
set new interface's private key: X=
set new interface's listen port: 51820
set new interface's addresses: 
set new interface's MTU (default 1420): 1420
set new interface's fwmark (default 0xFE): 0xfe
use of builtin IPv6-management (disabled by default, 0): 0
set new interface's nohostrouter (disabled by default, 0): 0
add wireguard peer wg0
cfg0796fc
add wireguard peer wg0 description: wg0 (TorGuard)
add wireguard peer wg0 public key: 
add wireguard peer wg0 allowed ip's: 
add wireguard peer wg0 Endpoint host: 
add wireguard peer wg0 Endpoint port: 
add wireguard peer wg0 Keepalive: 25
add wireguard peer wg0 Route allowed ip's: 1
commit network ...
Add created wireguard interface to lan zone (this will overwrite any other [email protected][0].network setting, please recheck if using non default settings)
'radio2' is disabled
TGINIT - RESULTS

Show Network inteface: wg0
network.wg0=interface
network.wg0.proto='wireguard'
network.wg0.private_key='X='
network.wg0.listen_port='51820'
network.wg0.addresses=''
network.wg0.mtu='1420'
network.wg0.fwmark='0xfe'
network.wg0.delegate='0'
network.wg0.nohostroute='0'
network.cfg0796fc=wireguard_wg0
network.cfg0796fc.description='wg0 (TorGuard)'
network.cfg0796fc.allowed_ips=''
network.cfg0796fc.persistent_keepalive='25'
network.cfg0796fc.route_allowed_ips='1'
wait 10 seconds before checking for current IP...
IP ADDRESS - 		
Torguard wireguard initialization finished, please reboot to complete
install speedperf: no
apifix:         enabled
apifixtimeout:  1d
Enable apifixtimeout service: yes
tgapi status: running
tginstall script finished
### â„¹ï¸ How to FAQ - Torguard wireguard server ###
How to show your configs
- Show full torguard config:      uci show torguard
- Show only default server:       uci show [email protected]_tg0[0]

How to set your configs
- Set/edit/change server:             uci set [email protected]_tg0[0].endpoint_host='173.244.200.119'
- Set/edit/change description:        uci set [email protected]_tg0[0].description='wg0 (TorGuard)'
- Set/edit/change allowed ips:        uci set [email protected]_tg0[0].allowed_ips='0.0.0.0/0'
- Set/edit/change endpoint port:      uci set [email protected]_tg0[0].endpoint_port='1443'
- Set/edit/change keepalive:          uci set [email protected]_tg0[0].persistent_keepalive='25'
- Set/edit/change route allowed ip's: uci set [email protected]_tg0[0].route_allowed_ips='1'
- Remove allowed ips list entry:      uci del_list [email protected]_tg0[0].allowed_ips='0.0.0.0/0'
- Add additional allowed ips:         uci add_list [email protected]_tg0[0].allowed_ips='0.0.0.0/0'

After changing value with uci, you have to commit changes
- Commit changes:                 uci commit torguard

 

Capture d’écran du 2021-01-15 07-07-04.png

Link to post
Share on other sites
James8078

FInaly it worked after tried with your default setting.

after I tried to change the endpoint using congif generator for toronto, not dedicated ip, only toronto.

with :

# set your torguard server IP in this example to 173.244.200.119
uci set [email protected]_tg0[0].endpoint_host='173.244.200.119'

# commit and save changes
uci commit torguard  + tginstall

nothing happens except that, Im not connected anymore to new york, neither toronto, come back to local

problem with generator and script with our username and passwd??

Link to post
Share on other sites
19807409
31 minutes ago, James8078 said:

FInaly it worked after tried with your default setting.

after I tried to change the endpoint using congif generator for toronto, not dedicated ip, only toronto.

with :

# set your torguard server IP in this example to 173.244.200.119
uci set [email protected]_tg0[0].endpoint_host='173.244.200.119'

# commit and save changes
uci commit torguard  + tginstall

nothing happens except that, Im not connected anymore to new york, neither toronto, come back to local

problem with generator and script with our username and passwd??

can you install curl and rerun tginstall?

opkg install curl

When you change server to some other, then you did it correctly, uci set then uci commit and then tginstall.

Considering that default New York server works, other should work.

to show only that part of a config, run:

uci show [email protected]_tg0[0]

 

It looks to me that for some reason you do not get data from api data, need to get more info on that for ability to understand why it is not working for you, I retried it again on a fresh installed snapshot and everything works on my side.

Link to post
Share on other sites
James8078
59 minutes ago, 19807409 said:

can you install curl and rerun tginstall?


opkg install curl

When you change server to some other, then you did it correctly, uci set then uci commit and then tginstall.

Considering that default New York server works, other should work.

to show only that part of a config, run:


uci show [email protected]_tg0[0]

 

It looks to me that for some reason you do not get data from api data, need to get more info on that for ability to understand why it is not working for you, I retried it again on a fresh installed snapshot and everything works on my side.

ok, I did /curl.. and tginstall, NEw york was back and working. After, tried Toronto (192.252.213.230) :
uci set [email protected]_tg0[0].endpoint_host='192.252.213.230'

uci commit torguard

tginstall

after that, back to local address... no more vpn.

look here on my terminal, from working new york, switch toronto.... btw 2-3x I see ''curl error'' ?

 

[email protected]:~# uci set [email protected]_tg0[0].endpoint_host='192.252.213.23
0'
[email protected]:~# uci commit
[email protected]:~# uci commit torguard
[email protected]:~# tginstall
tee: /etc/torguard/ca.crt: Is a directory
-----BEGIN CERTIFICATE-----
MIIEujCCAqKgAwIBAgIRAOLkx9DgmetClFsZ11C9TDIwDQYJKoZIhvcNAQENBQAw
PTERMA8GA1UECgwIVG9yR3VhcmQxKDAmBgNVBAMMH1Rvckd1YXJkIFByaXZhdGUg
Um9vdCBDQSAxIDIwMjAwHhcNMjAwODA1MTk1MjUzWhcNMjQwODA0MTk1MjUzWjA0
MREwDwYDVQQKDAhUb3JHdWFyZDEfMB0GA1UEAwwWVG9yR3VhcmQgVlBOIFNlcnZl
ciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKcu3+XcrvJIzhxw
GOnkbn1hA4gjpe9qp0HU2gkaciUG7MyBgulfGAJh2ZhRUtVN2r6ZSdGP/nXTcYmj
6dQLo1ohruTkbgbbwRAynFJQQaFidO6eD1o7snFNMaBwiNNLjK7jlMgjHAPpmMcl
+0adW0xPRalTWlI07Fwl7VO8D7yJtmS1v1Ip8SjutnEw8ynrZIJeldqJTgGrqevk
FWy7f1MhXlnNmNG7edp18hE6fKrRVSN8QmcZ9KgcSsZ9i4MwSeiXV1feGPNfFQxA
DwA652r0TsRNjPUd1bDEad1f8Mb8X5QvSXrCkNn8n1DJK9zOqKaLhztt1ICr9WHQ
QQPXRIkCAwEAAaOBvTCBujAOBgNVHQ8BAf8EBAMCAsQwEgYDVR0TAQH/BAgwBgEB
/wIBADAdBgNVHQ4EFgQUXEcNR/LSidNqZyw5qrXZnWxZsXIwdQYDVR0jBG4wbIAU
r7BhTzn5fCHgXDiUT2Yl86Fm372hQaQ/MD0xETAPBgNVBAoMCFRvckd1YXJkMSgw
JgYDVQQDDB9Ub3JHdWFyZCBQcml2YXRlIFJvb3QgQ0EgMSAyMDIwghEA4uTH0OCZ
60KUWxnXUL1MMDANBgkqhkiG9w0BAQ0FAAOCAgEAFL9QVr1qWVrtctoiq/fI865y
4hb7T5rhWiCGeGh0qqkXX3hOtY0jPD4afjAwbP5rDkxujs08ZRm2RbwfjSBSkFgS
7rFYB88wcmJqVbAzy0vKtMougY/hxZZGqXcL0pAQJuJQVIQlLo1siiVfWk4jb9ue
X/o4zjXnoqGgiziQ/pXd9sgSnWZ9u8obszbNu15Nb/9HYie9ZezB+1VYNkIiCazk
E7zeahcfX/Epje5VX7Am7romcjXpX3zwozD5kEASo7YC0FZsJx1KH5/R4vpSwSB6
QwditKGqS7giA5191lmpeHCxxLH0w4KOAlbnkpHUWWhovDqxxupi4RoxALSTD/c5
ueEck+zjDFLHM11/A7c29UczyOBaVXNmsf969jRgKodTY/gejIW8WH6OnjYpYZhn
5h70Jr0xt8rppo7BqX9UUJbIKIfqHRTBuy9MHIamkYks1SY85TyrfSsSQOSg6AlS
aM92o+jm3qoVza75Ksa8Wel3pgs6FUfAp8aPRaQ+ysYV2Qlp6Byd702VuzdIfc/1
BlMk6TYfMFiaESBensO5GTa6p8ZEXOOsN3OSRc51iZ5OEMRp1w6364JnYNK9vmdA
OJdOz5njXFgb1BetQVuMY06pT861ByCQ0tl5XZycQf2ifFoAlZSwWkP5DFV5Ozq2
dI1mOMT8mRwIDfOfBJc=
-----END CERTIFICATE-----
curl: OK - found: - /usr/bin/curl
logCleanupOldLogFolder
Check for existing logs... Logs folder found
Move log dir... moved existing log folder to /tmp/1610719660.backup
tee: /var/log/torguard/tginstall/tginstall.log: No such file or directory
initLogFiles
tee: /var/log/torguard/tginstall/tginstall.log: No such file or directory
Log: enabled
Create new logfolder... OK
Create new logdir ... OK (/var/log/torguard/tginstall
Create new logfile ... OK (/var/log/torguard/tginstall/tginstall.log)
set globalVars
tee: /etc/torguard/ca.crt: Is a directory
-----BEGIN CERTIFICATE-----
MIIEujCCAqKgAwIBAgIRAOLkx9DgmetClFsZ11C9TDIwDQYJKoZIhvcNAQENBQAw
PTERMA8GA1UECgwIVG9yR3VhcmQxKDAmBgNVBAMMH1Rvckd1YXJkIFByaXZhdGUg
Um9vdCBDQSAxIDIwMjAwHhcNMjAwODA1MTk1MjUzWhcNMjQwODA0MTk1MjUzWjA0
MREwDwYDVQQKDAhUb3JHdWFyZDEfMB0GA1UEAwwWVG9yR3VhcmQgVlBOIFNlcnZl
ciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKcu3+XcrvJIzhxw
GOnkbn1hA4gjpe9qp0HU2gkaciUG7MyBgulfGAJh2ZhRUtVN2r6ZSdGP/nXTcYmj
6dQLo1ohruTkbgbbwRAynFJQQaFidO6eD1o7snFNMaBwiNNLjK7jlMgjHAPpmMcl
+0adW0xPRalTWlI07Fwl7VO8D7yJtmS1v1Ip8SjutnEw8ynrZIJeldqJTgGrqevk
FWy7f1MhXlnNmNG7edp18hE6fKrRVSN8QmcZ9KgcSsZ9i4MwSeiXV1feGPNfFQxA
DwA652r0TsRNjPUd1bDEad1f8Mb8X5QvSXrCkNn8n1DJK9zOqKaLhztt1ICr9WHQ
QQPXRIkCAwEAAaOBvTCBujAOBgNVHQ8BAf8EBAMCAsQwEgYDVR0TAQH/BAgwBgEB
/wIBADAdBgNVHQ4EFgQUXEcNR/LSidNqZyw5qrXZnWxZsXIwdQYDVR0jBG4wbIAU
r7BhTzn5fCHgXDiUT2Yl86Fm372hQaQ/MD0xETAPBgNVBAoMCFRvckd1YXJkMSgw
JgYDVQQDDB9Ub3JHdWFyZCBQcml2YXRlIFJvb3QgQ0EgMSAyMDIwghEA4uTH0OCZ
60KUWxnXUL1MMDANBgkqhkiG9w0BAQ0FAAOCAgEAFL9QVr1qWVrtctoiq/fI865y
4hb7T5rhWiCGeGh0qqkXX3hOtY0jPD4afjAwbP5rDkxujs08ZRm2RbwfjSBSkFgS
7rFYB88wcmJqVbAzy0vKtMougY/hxZZGqXcL0pAQJuJQVIQlLo1siiVfWk4jb9ue
X/o4zjXnoqGgiziQ/pXd9sgSnWZ9u8obszbNu15Nb/9HYie9ZezB+1VYNkIiCazk
E7zeahcfX/Epje5VX7Am7romcjXpX3zwozD5kEASo7YC0FZsJx1KH5/R4vpSwSB6
QwditKGqS7giA5191lmpeHCxxLH0w4KOAlbnkpHUWWhovDqxxupi4RoxALSTD/c5
ueEck+zjDFLHM11/A7c29UczyOBaVXNmsf969jRgKodTY/gejIW8WH6OnjYpYZhn
5h70Jr0xt8rppo7BqX9UUJbIKIfqHRTBuy9MHIamkYks1SY85TyrfSsSQOSg6AlS
aM92o+jm3qoVza75Ksa8Wel3pgs6FUfAp8aPRaQ+ysYV2Qlp6Byd702VuzdIfc/1
BlMk6TYfMFiaESBensO5GTa6p8ZEXOOsN3OSRc51iZ5OEMRp1w6364JnYNK9vmdA
OJdOz5njXFgb1BetQVuMY06pT861ByCQ0tl5XZycQf2ifFoAlZSwWkP5DFV5Ozq2
dI1mOMT8mRwIDfOfBJc=
-----END CERTIFICATE-----
curl: OK - found: - /usr/bin/curl
Set script messages
initialize luci configs
Found bin: /usr/bin/tgfunctions ... not downloading
Found bin: /usr/bin/tginit ... not downloading
Found bin: /usr/bin/tginit-uci-basic ... not downloading
Found bin: /usr/bin/tginstall ... not downloading
Found bin: /usr/bin/tguninstall ... not downloading
Found bin: /usr/bin/tgsetup ... not downloading
Found bin: /usr/bin/tgupgrade ... not downloading
Found bin: /usr/bin/speedperf ... not downloading
Found: /etc/config/torguard (unattended setup)
get TGUSER value... XXXXXXXXXXXXXXXXXXXX
get TGPASS value... XXXXXXXXXXXXXXXXXXXX
get WGIFNR value... 0
get FIREWALLZONE value... 1
get WGINTERFACE value... wg
get NOHOSTROUTE value... 0
get TGUSER value... 51820
get MTU value... 1420
get FWMARK value... 0xFE
get DELEGATE value (use IPv6) ... 0
get ROUTEALLOWEDIPS value... 1
get KEEPALIVE value... 25
get ENDPOINT value... 192.252.213.230
get WGPRIVKEY value... 8JM72F5XXXXXXXXXXXXXXXXXXXXXXXXXXXXAhtRWbxXk=
get WGAPIPUBKEY value... FjI84e0LUxbfxt0p93JKxx1uRXZxiBob94sySwuhgFM=
get WGUPGRADE value... 1
get WGAPIFIX value... 0
get WGAPIFIXTIMEOUT value... 1d
get ENPOINTPORT value... 1443
unattended: yes
starting /usr/bin/tginstall...
sh: 1: unknown operand
set global vars
tee: /etc/torguard/ca.crt: Is a directory
-----BEGIN CERTIFICATE-----
MIIEujCCAqKgAwIBAgIRAOLkx9DgmetClFsZ11C9TDIwDQYJKoZIhvcNAQENBQAw
PTERMA8GA1UECgwIVG9yR3VhcmQxKDAmBgNVBAMMH1Rvckd1YXJkIFByaXZhdGUg
Um9vdCBDQSAxIDIwMjAwHhcNMjAwODA1MTk1MjUzWhcNMjQwODA0MTk1MjUzWjA0
MREwDwYDVQQKDAhUb3JHdWFyZDEfMB0GA1UEAwwWVG9yR3VhcmQgVlBOIFNlcnZl
ciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKcu3+XcrvJIzhxw
GOnkbn1hA4gjpe9qp0HU2gkaciUG7MyBgulfGAJh2ZhRUtVN2r6ZSdGP/nXTcYmj
6dQLo1ohruTkbgbbwRAynFJQQaFidO6eD1o7snFNMaBwiNNLjK7jlMgjHAPpmMcl
+0adW0xPRalTWlI07Fwl7VO8D7yJtmS1v1Ip8SjutnEw8ynrZIJeldqJTgGrqevk
FWy7f1MhXlnNmNG7edp18hE6fKrRVSN8QmcZ9KgcSsZ9i4MwSeiXV1feGPNfFQxA
DwA652r0TsRNjPUd1bDEad1f8Mb8X5QvSXrCkNn8n1DJK9zOqKaLhztt1ICr9WHQ
QQPXRIkCAwEAAaOBvTCBujAOBgNVHQ8BAf8EBAMCAsQwEgYDVR0TAQH/BAgwBgEB
/wIBADAdBgNVHQ4EFgQUXEcNR/LSidNqZyw5qrXZnWxZsXIwdQYDVR0jBG4wbIAU
r7BhTzn5fCHgXDiUT2Yl86Fm372hQaQ/MD0xETAPBgNVBAoMCFRvckd1YXJkMSgw
JgYDVQQDDB9Ub3JHdWFyZCBQcml2YXRlIFJvb3QgQ0EgMSAyMDIwghEA4uTH0OCZ
60KUWxnXUL1MMDANBgkqhkiG9w0BAQ0FAAOCAgEAFL9QVr1qWVrtctoiq/fI865y
4hb7T5rhWiCGeGh0qqkXX3hOtY0jPD4afjAwbP5rDkxujs08ZRm2RbwfjSBSkFgS
7rFYB88wcmJqVbAzy0vKtMougY/hxZZGqXcL0pAQJuJQVIQlLo1siiVfWk4jb9ue
X/o4zjXnoqGgiziQ/pXd9sgSnWZ9u8obszbNu15Nb/9HYie9ZezB+1VYNkIiCazk
E7zeahcfX/Epje5VX7Am7romcjXpX3zwozD5kEASo7YC0FZsJx1KH5/R4vpSwSB6
QwditKGqS7giA5191lmpeHCxxLH0w4KOAlbnkpHUWWhovDqxxupi4RoxALSTD/c5
ueEck+zjDFLHM11/A7c29UczyOBaVXNmsf969jRgKodTY/gejIW8WH6OnjYpYZhn
5h70Jr0xt8rppo7BqX9UUJbIKIfqHRTBuy9MHIamkYks1SY85TyrfSsSQOSg6AlS
aM92o+jm3qoVza75Ksa8Wel3pgs6FUfAp8aPRaQ+ysYV2Qlp6Byd702VuzdIfc/1
BlMk6TYfMFiaESBensO5GTa6p8ZEXOOsN3OSRc51iZ5OEMRp1w6364JnYNK9vmdA
OJdOz5njXFgb1BetQVuMY06pT861ByCQ0tl5XZycQf2ifFoAlZSwWkP5DFV5Ozq2
dI1mOMT8mRwIDfOfBJc=
-----END CERTIFICATE-----
curl: OK - found: - /usr/bin/curl
consturct download and git vars (requirement for setTginitMsgs), set Info message Variables passed by script, usage info, examples vars and current script messages
---
Example single ip usage:
  tginit "VPNUsername" "VPNPass" "wg" "0" "0" "41820" "1420" "AA" "25" "0" "1" "1" "AAAABBBBCCCCDDDDEEEEFFFFGGGGHHHHIIIIJJJJLLL=" "1.2.3.4:1443" 
---
Example serverlist usage:
    tginit "VPNUsername" "VPNPass" "wg" "0" "1" "41820" "1420" "AA" "25" "0" "0" "1" "AAAABBBBCCCCDDDDEEEEFFFFGGGGHHHHIIIIJJJJLLL=" "1.2.3.4:1443 5.6.7.8:1443 9.10.11.12:1443"
---
In example about with serverlist:	route allowed ip's is disabled for each entry
									Do not create host routes to peers enabled, please uncheck before use.
---
Cleanup/Uninstall:
   rm -f /usr/bin/tgapitest /usr/bin/tginit      /usr/bin/tginstall      /usr/bin/tginit-uci-basic      /etc/init.d/tgapi      /etc/config/torguard
---
Download with curl:
    curl -o /usr/bin/tginit https://raw.githubusercontent.com/TorGuard/openwrt-scripts/master/usr/bin/tginit && chmod +x /usr/bin/tginit
    curl -o /usr/bin/tginstall https://raw.githubusercontent.com/TorGuard/openwrt-scripts/master/usr/bin/tginstall && chmod +x /usr/bin/tginstall
---
Download with wget
 	wget -O /usr/bin/tginit https://raw.githubusercontent.com/TorGuard/openwrt-scripts/master/usr/bin/tginit && chmod +x /usr/bin/tginit
 	wget -O /usr/bin/tginstall https://raw.githubusercontent.com/TorGuard/openwrt-scripts/master/usr/bin/tginstall && chmod +x /usr/bin/tginstall
---
Change your credentials and server:
	  TGSERVERLIST='123.123.123.123:1443 124.125.124.125:1443'
	  sed -i 's/YourVPNUsername//' /usr/bin/tginstall
	  sed -i 's/YourVPNPassword//' /usr/bin/tginstall
	  sed -i 's/TorguardServer1:1443 TorguardServer2:1443 TorguardServer3:1443/192.252.213.230:1443/' /usr/bin/tginstall
---
--- # Variables passed by script --- TorGuard VPN username: ninjanoir78 TorGuard VPN password: HBKpMict..2Udx2 Wireguard interface name: wg Wireguard interface number: 0 do not create host routes to peers: 0 UDP port for out-/incoming packets: 51820 Maximum Transmission Unit of tunnel: 1420 32-bit mark for outgoing packets: 0xFE Seconds between keep alive messages: 25 Use builtin IPv6-management: 0 Route allowed IPs: 1 TorGuard firewall zone: 1 TorGuard wireguard private key: 8JM72FXXXXXXXXXXXXXXXXXXXXXXXhtRWbxXk= API Fix /usr/bin/tgapitest API Fix timeout 1d Sevice file path /etc/init.d/tgapi TorGuard Set: 192.252.213.230:1443 ---
API key from /etc/config/torguard OK - 8JM72F5XXXXXXXXXXXXXXXXXXXX6YVaAhtRWbxXk=
createwgpubkey... generating public key ... OK: FjI84e0LUxbfxt0p93JKxx1uRXZxiBob94sySwuhgFM=
set vars for server for ip: 192.252.213.230:1443 ...
PORT: 51820
FWMARK: fe
Wireguard interface number: 0
Description: wg0 (TorGuard)
Firewall zone: wan   
Endpoint host: 192.252.213.230
Endpoint port: 1443
delete wireguard interface with same name... (192.252.213.230:1443)
delete existing default peer 0 and commit changes...
delete existing wireguard interface and commit changes...
restart network...
curl: (7) Error
using API key from /etc/config/torguard: OK (8JM72XXXXXXXXXXXXXXXXXXXXXXXVaAhtRWbxXk=)
createwgpubkey... generating public key ... OK: FjI84e0LUxbfxt0p93JKxx1uRXZxiBob94sySwuhgFM=
USED PUBLIC AND API KEYS:
Private: 8JM72FXXXXXXXXXXXXXXXXXXXXaAhtRWbxXk=
Public:  FjI84e0LUxbfxt0p93JKxx1uRXZxiBob94sySwuhgFM=
API Public key:FjI84e0LUxbfxt0p93JKxx1uRXZxiBob94sySwuhgFM=
API: https://XXXXXXXXXX:[email protected]:1443/api/v1/setup?public-key=FjI84e0LUxbfxt0p93JKxx1uRXZxiBob94sySwuhgFM=
curl: (7) Error
#!/bin/sh
# Copyright (c) 2021 TorGuard forum user 19807409
# endless loop running every 1 minutes (60 seconds)
WAITTIME=1d
while true
do
	/usr/bin/curl --cacert /etc/torguard/ca.crt -k https://XXXXXXXXX:[email protected]:1443/api/v1/setup?public-key=FjI84e0LUxbfxt0p93JKxx1uRXZxiBob94sySwuhgFM=
	sleep ${WAITTIME}
done
Make cronjob script executable: /usr/bin/tgapitest
#!/bin/sh /etc/rc.common
# Copyright (c) 2021 TorGuard forum user 19807409

START=50
STOP=50

USE_PROCD=1

reload_service() {
	procd_send_signal /usr/bin/tgapitest
}

start_service() {
	procd_open_instance
	procd_set_param command /usr/bin/tgapitest
	procd_set_param respawn
	procd_close_instance
}
Make init script executable: /etc/init.d/tgapi
Public key: 
Peer server: 
IP Addresses: 
Allowd IPs: 
DNS1: 
DNS2: 
Endpoint host: 
Endpoint Port: 
Expiration date epoch: 
date: invalid date '@'
create new wireguard interface with torguards server: 192.252.213.230:1443
add new network interface (torguard wireguard interface)
cfg066d96
rename new interface to: wg0
set new interface's proto: wireguard
set new interface's private key: 8JM7XXXXXXXXXXXXXXXXXXXYVaAhtRWbxXk=
set new interface's listen port: 51820
set new interface's addresses: 
set new interface's MTU (default 1420): 1420
set new interface's fwmark (default 0xFE): 0xfe
use of builtin IPv6-management (disabled by default, 0): 0
set new interface's nohostrouter (disabled by default, 0): 0
add wireguard peer wg0
cfg0796fc
add wireguard peer wg0 description: wg0 (TorGuard)
add wireguard peer wg0 public key: 
add wireguard peer wg0 allowed ip's: 
add wireguard peer wg0 Endpoint host: 
add wireguard peer wg0 Endpoint port: 
add wireguard peer wg0 Keepalive: 25
add wireguard peer wg0 Route allowed ip's: 1
commit network ...
Add created wireguard interface to lan zone (this will overwrite any other [email protected][0].network setting, please recheck if using non default settings)
Warning: Section @zone[1] (wan) cannot resolve device of network 'wg0'
 * Flushing IPv4 filter table
 * Flushing IPv4 nat table
 * Flushing IPv4 mangle table
 * Flushing IPv6 filter table
 * Flushing IPv6 mangle table
 * Flushing conntrack table ...
 * Populating IPv4 filter table
   * Rule 'Allow-DHCP-Renew'
   * Rule 'Allow-Ping'
   * Rule 'Allow-IGMP'
   * Rule 'Allow-IPSec-ESP'
   * Rule 'Allow-ISAKMP'
   * Forward 'lan' -> 'wan'
   * Zone 'lan'
   * Zone 'wan'
 * Populating IPv4 nat table
   * Zone 'lan'
   * Zone 'wan'
 * Populating IPv4 mangle table
   * Zone 'lan'
   * Zone 'wan'
 * Populating IPv6 filter table
   * Rule 'Allow-DHCPv6'
   * Rule 'Allow-MLD'
   * Rule 'Allow-ICMPv6-Input'
   * Rule 'Allow-ICMPv6-Forward'
   * Rule 'Allow-IPSec-ESP'
   * Rule 'Allow-ISAKMP'
   * Forward 'lan' -> 'wan'
   * Zone 'lan'
   * Zone 'wan'
 * Populating IPv6 mangle table
   * Zone 'lan'
   * Zone 'wan'
 * Set tcp_ecn to off
 * Set tcp_syncookies to on
 * Set tcp_window_scaling to on
 * Running script '/etc/firewall.user'
TGINIT - RESULTS

Show Network inteface: wg0
network.wg0=interface
network.wg0.proto='wireguard'
network.wg0.private_key='8JM72XXXXXXXXXXXXXXXXXXXXtRWbxXk='
network.wg0.listen_port='51820'
network.wg0.addresses=''
network.wg0.mtu='1420'
network.wg0.fwmark='0xfe'
network.wg0.delegate='0'
network.wg0.nohostroute='0'
network.cfg0796fc=wireguard_wg0
network.cfg0796fc.description='wg0 (TorGuard)'
network.cfg0796fc.allowed_ips=''
network.cfg0796fc.persistent_keepalive='25'
network.cfg0796fc.route_allowed_ips='1'
wait 10 seconds before checking for current IP...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    12  100    12    0     0     44      0 --:--:-- --:--:-- --:--:--    52
IP ADDRESS - 		2x.xx.xx.xx
Torguard wireguard initialization finished, please reboot to complete
install speedperf: no
apifix: disabled
tginstall script finished
### ℹ️ How to FAQ - Torguard wireguard server ###
How to show your configs
- Show full torguard config:      uci show torguard
- Show only default server:       uci show [email protected]_tg0[0]

How to set your configs
- Set/edit/change server:             uci set [email protected]_tg0[0].endpoint_host='173.244.200.119'
- Set/edit/change description:        uci set [email protected]_tg0[0].description='wg0 (TorGuard)'
- Set/edit/change allowed ips:        uci set [email protected]_tg0[0].allowed_ips='0.0.0.0/0'
- Set/edit/change endpoint port:      uci set [email protected]_tg0[0].endpoint_port='1443'
- Set/edit/change keepalive:          uci set [email protected]_tg0[0].persistent_keepalive='25'
- Set/edit/change route allowed ip's: uci set [email protected]_tg0[0].route_allowed_ips='1'
- Remove allowed ips list entry:      uci del_list [email protected]_tg0[0].allowed_ips='0.0.0.0/0'
- Add additional allowed ips:         uci add_list [email protected]_tg0[0].allowed_ips='0.0.0.0/0'

After changing value with uci, you have to commit changes
- Commit changes:                 uci commit torguard
[email protected]:~# uci commit torguard
[email protected]:~# uci show [email protected]_tg0[0]
torguard.cfg058a39=wireguard_tg0
torguard.cfg058a39.description='TorGuard - United States (New York)'
torguard.cfg058a39.allowed_ips='0.0.0.0/0'
torguard.cfg058a39.endpoint_port='1443'
torguard.cfg058a39.vpn_dns0='10.9.0.1'
torguard.cfg058a39.vpn_dns1='10.8.0.1'
torguard.cfg058a39.persistent_keepalive='25'
torguard.cfg058a39.route_allowed_ips='1'
torguard.cfg058a39.upgrade='1'
torguard.cfg058a39.apifixtimeout='1d'
torguard.cfg058a39.tgprivkey='8JM72F5UJtXXXXXXXXXXXXXXXXXXXXXXXXXXXXtRWbxXk='
torguard.cfg058a39.wgapipubkey='FjI84e0LUxbfxt0p93JKxx1uRXZxiBob94sySwuhgFM='
torguard.cfg058a39.apifix='0'
torguard.cfg058a39.endpoint_host='192.252.213.230'
[email protected]:~# 

 

 

Link to post
Share on other sites
19807409

what happens if you open your api url with curl by running curl http://username:[email protected]/... ? Do you get any results?

same with wget. For some reason it seems that you do not get reply from that server, I picked now randomly 37.120.155.10, can you try changing your endpoint host to that ip and rerun tginstall?

Maybe toronto server has some issue (which would wonder me, but to test it for ability to exclude this error is good)

Additionaly, in logs which you posted,please delete your IP so that you dont expose it. During the runtime I check for the ip before and after the script so that I can see them both by running and am sure I got correct one.

You can find it in log:

IP ADDRESS - 		24.xxx.xxx.57

 

as you see, stable version has quite old v4 kernel. Wireguard should work with it too, but better you for snapshot. I do realize that most have issue with snapshot because there is no gui/web interface, but run after flashing:

opkg update

opkg install luci

then you will have your webui.

On my few months old images, kernel is 5.4.66, meaning current one is above that.

Link to post
Share on other sites
James8078
15 minutes ago, 19807409 said:

what happens if you open your api url with curl by running curl http://username:[email protected]/... ? Do you get any results?

same with wget. For some reason it seems that you do not get reply from that server, I picked now randomly 37.120.155.10, can you try changing your endpoint host to that ip and rerun tginstall?

Maybe toronto server has some issue (which would wonder me, but to test it for ability to exclude this error is good)

Additionaly, in logs which you posted,please delete your IP so that you dont expose it. During the runtime I check for the ip before and after the script so that I can see them both by running and am sure I got correct one.

You can find it in log:


IP ADDRESS - 		24.xxx.xxx.xxx

I do nothing with what you asked me to do cause, just before that, I retried one more time with toronto endpoint uci commit + tginstall and ''bang'' working now, dont know why...

😉

Also, if I sysupgrade my image, your script config will still be there?

and Im looking to see how to do script to upgrade snapshot automatically

Link to post
Share on other sites
19807409
3 minutes ago, James8078 said:

I do nothing with what you asked me to do cause, just before that, I retried one more time with toronto endpoint uci commit + tginstall and ''bang'' working now, dont know why...

😉

Also, if I sysupgrade my image, your script config will still be there?

and Im looking to see how to do script to upgrade snapshot automatically

thats great, finally. Dont touch a working system ;)

However, it would be interesting to know what it was and I assume it was wget issue, by using curl it seems to work. Probably you had old interface and required reboot.

 

About sysupgrade:

Your wg interface would be kept and if you use the method I described yesterday with opkg backup, then everything would work after sysupgrade, because wireguard packages would be kept too, so, after flashing you should be actually immediately connected to the vpn

Scripts backup:

You can upgrade without any issues, as /etc/config/torguard would be part of backup automaticly.

You can keep my scripts, simply add /usr/bin/tg* files and /etc/init.d/tgapi, here is a list of all bins/scripts:

/usr/bin/tgapitest         /usr/bin/tginstall
/usr/bin/tgapitest.bkp     /usr/bin/tgsetup
/usr/bin/tgfunctions       /usr/bin/tguninstall
/usr/bin/tginit            /usr/bin/tgupgrade
/usr/bin/tginit-uci-basic

 

You do not need to backup certificate, as it would be recreated, do not forget to add /etc/init.d/tgapi too, however, rerunning tginstall would recreate it.

 

Link to post
Share on other sites
James8078
18 minutes ago, 19807409 said:

 

opkg update

opkg install luci

then you will have your webui.

On my few months old images, kernel is 5.4.66, meaning current one is above that.

I flashed this morning and uploaded the last snapshot (without Gui) but before to be able to do ''opkg update and install luci'' we need to have internet, Ive had to setup /network/wireless/password without Gui.... but I managed finaly.

Link to post
Share on other sites
James8078
5 minutes ago, 19807409 said:

thats great, finally. Dont touch a working system ;)

However, it would be interesting to know what it was and I assume it was wget issue, by using curl it seems to work. Probably you had old interface and required reboot.

I have that:

Firmware Version	OpenWrt SNAPSHOT r15501-f841855f10 / LuCI Master git-21.013.41342-df2a135
Kernel Version	5.4.87

 

Link to post
Share on other sites
19807409
2 minutes ago, James8078 said:

I flashed this morning and uploaded the last snapshot (without Gui) but before to be able to do ''opkg update and install luci'' we need to have internet, Ive had to setup /network/wireless/password without Gui.... but I managed finaly.

Oh, ok, I got it. Normally, after flashing defualt address is 192.168.1.1 and simply manually setting the ip on your pc would do the trick.

However, to make it quicker, simply upgrade your stable release with snapshop by keeping configs, that way after reboot your network would be already setup and you can connect to the IP you have defined before.

Link to post
Share on other sites
19807409
1 minute ago, James8078 said:

I have that:

Firmware Version	OpenWrt SNAPSHOT r15501-f841855f10 / LuCI Master git-21.013.41342-df2a135
Kernel Version	5.4.87

 

Yes, that seems to be correct/actual. Remember, this is not the latest mainline kernel, latest one is 5.10 which I use on ubuntu, for openwrt and your device I guess 5.4.87 is latest:

Linux legion 5.10.6-051006-generic #202101091334 SMP Sat Jan 9 13:40:22 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

 

For kernel 5, everything above 5.6 has wireguard support integrated and performance is slightly better on high speed networks.

Link to post
Share on other sites
James8078
6 minutes ago, 19807409 said:

Oh, ok, I got it. Normally, after flashing defualt address is 192.168.1.1 and simply manually setting the ip on your pc would do the trick.

However, to make it quicker, simply upgrade your stable release with snapshop by keeping configs, that way after reboot your network would be already setup and you can connect to the IP you have defined before.

ok, I did not know about pc and internet, I have 3 routers now and flash pretty often to try different things, usually I have to do wired and configure all things offline before I setup again the wireless.....(i mean when I reset routers and/or install new firmware etc)

Link to post
Share on other sites
James8078
7 minutes ago, 19807409 said:

Yes, that seems to be correct/actual. Remember, this is not the latest mainline kernel, latest one is 5.10 which I use on ubuntu, for openwrt and your device I guess 5.4.87 is latest:

Linux legion 5.10.6-051006-generic #202101091334 SMP Sat Jan 9 13:40:22 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

 

For kernel 5, everything above 5.6 has wireguard support integrated and performance is slightly better on high speed networks.

nice, I just installed ubuntu, linux mint and manjaro to try it, I have 3 laptop so I will try to see which one I prefer and it is to learning about linux, new on that + router's world open firmware

Link to post
Share on other sites
19807409
5 minutes ago, James8078 said:

nice, I just installed ubuntu, linux mint and manjaro to try it, I have 3 laptop so I will try to see which one I prefer and it is to learning about linux, new on that + router's world open firmware

Sounds like you will have some nice and interesting time ;), glad it helped. If you install main line kernel on your laptop then most people have troubles in setting up nvidia/amd drivers. Few things could be confusing but as soon as you get used you will probably never go back to windows. This thread is probably wrong to discuss about it and there are better places like SE (stackexchange) for you to ask. By that, I wish you a lot fun, your router is quite decent too which probably will make it even more fun for you.

 

Maybe you should also try debian. I am not really fan of manjaro but they all are good as long as you like them and can work on them.

  • Thanks 1
Link to post
Share on other sites
James8078
15 minutes ago, 19807409 said:

Sounds like you will have some nice and interesting time ;), glad it helped. If you install main line kernel on your laptop then most people have troubles in setting up nvidia/amd drivers. Few things could be confusing but as soon as you get used you will probably never go back to windows. This thread is probably wrong to discuss about it and there are better places like SE (stackexchange) for you to ask. By that, I wish you a lot fun, your router is quite decent too which probably will make it even more fun for you.

 

Maybe you should also try debian. I am not really fan of manjaro but they all are good as long as you like them and can work on them.

last thing here, cause I dont know where I can reach you anyway, but about debian, the kernel is out to date, and not good compatibility with drivers..

Link to post
Share on other sites
19807409
3 minutes ago, James8078 said:

last thing here, cause I dont know where I can reach you anyway, but about debian, the kernel is out to date, and not good compatibility with drivers..

indeed, I am really hard to reach, however, you are lucky to know that I am active here as well as you can always drop a message to github account I created here: https://github.com/torguard

Maybe torguard will setup some communication channel like discord, slack, zoom (or whatever fits better), then we all could discuss a little bit easier about non important things, for the rest, best here and github as it never gets lost (better github).

ubuntu is based on debian, I am not sure which packages default desktop installation uses, but you can use always latest repository as well as latest kernel. For me biggest difference to ubuntu is that I can trust debian but I can not trust ubuntu, launchpad and their projects, not only that it is known that they abuse their positions and services, but they openly support it which leaves some bad taste considering livepatch and similar packages are installed on a system, for me, ubuntu is problematic and I use it only for purpose of development so that I am sure that everything works and compiles on ubuntu. Debian is clean on that side and yes, sometimes debian requires you to configure few things (wow, big deal right :) ), that is why many write that debian is not user friendly etc. In general never trust those reviews, try it all by yourself, most people who come from windows are simply impressed (or not) by the gui (gnome, cinnamon, lxde, ...), they all can use also same desktop managers (lightdm, gdm, ...).

If you are freaky about security, probably you should go for freebsd, but freebsd is for sure not OS which I would recommend you as replacement for your desktop/notebook windows pc.

But like I said before, I use debian over ubuntu mainly due to security/spying issues related to ubuntu/launchpad as well as their incompetent staff breaking things.

Main point for you is to get used to it, probably its more important now for you to decide which desktop manager and gui you will use, as at the end of the day, you can make each of them look the same way, difference is simply under the hood.

If we speak about server usage, then here 100% no to ubuntu, simply as I do not trust them and few chances they had to make it better, they used it to make it worse and prove their true faces.

  • Like 1
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...