Jump to content
TorGuard

🔥 HowTo - OpenWRT with any TorGuard's Wireguard IP

Rate this topic


19807409

Recommended Posts

James8078
2 minutes ago, 19807409 said:

This post made my day today 💥💥💥  🤣

Yes, thats a screenshot and they are clickable in the original post. You have to be logged in for ability to download it, you should see it like in a screenshot which you tried to click in hope to be download links :)

IM logged yes, and here what it is when I click on the original post

 

Capture d’écran_2021-01-24_15-02-45.png

Link to post
Share on other sites
  • Replies 167
  • Created
  • Last Reply

Top Posters In This Topic

  • 19807409

    92

  • James8078

    42

  • simschu

    9

  • Keymaster4225

    6

Top Posters In This Topic

Popular Posts

I decided to write a simple guide and share it with most before preparing this guide properly and uploading everything to github. This guide will be updated and scripts uploaded to github, after that

glad it worked, you are welcome Actually yes, simply rerunning tginstall, as your credentials and so on are saved in /etc/config/torguard, just change before that server ip which is saved in /

Excellent. I was able to change it. Previously, I was just deleting the files in /usr/bin but it didn't ask for the new IP, so your solution was very welcome! thank you!   Here are the resul

Posted Images

19807409
4 minutes ago, James8078 said:

IM logged yes, and here what it is when I click on the original post

 

Capture d’écran_2021-01-24_15-02-45.png

I sent it over email, gpg encrypted, check your email

Link to post
Share on other sites
19807409
6 minutes ago, James8078 said:

IM logged yes, and here what it is when I click on the original post

 

Capture d’écran_2021-01-24_15-02-45.png

@Support by definition, :) I would claim my attachment got silent banned as I clearly downloaded it and can see it, would be good if that is clarified, I would not attach a file if I could post that script as codebox which does not work due to forum claiming it has something invalid like u na m e command which if written immediately block/bans the post

Link to post
Share on other sites
James8078
17 minutes ago, 19807409 said:

I sent it over email, gpg encrypted, check your email

btw. no email received.

you sent to : nixxxxxxr78 @ g ma il ?

Link to post
Share on other sites
19807409
8 minutes ago, James8078 said:

btw. no email received.

you sent to : nixxxxxxr78 @ g ma il ?

Check in about 10-30 minutes again if you do not see it, I replied to your email, must be right.

Link to post
Share on other sites
James8078
12 hours ago, 19807409 said:

I already explained it in several posts. I do not know what and why you build and with which settings, for that help you should go to openwrt, once again, I suggest and suggested you to use snapshot images and not to compile. You probably added luci modified, but again, this would be fully offtopic here to talk/explain about how to build openwrt images, especially as it is done daily and found under snapshots as well as those online are upgradeable and your compiled is not compatible to them.

 

I posted you links to sysupgrade but your questions tell me that you did not read it which you should do. Sysupgrade documentation explains you all what I write and wrote in details and by that I feel it is a waste of time to explain what is written there if one can read it up.

Read and run this script (upgradefw-wrt3200acm.zip in the attachment) and inspect it and how it works and what it does. It will flash your router.

Before you run it, add tginstall, opkg backup script and other things which you might need to /etc/sysupgrade.conf

# if this script IS NOT available after reboot, then delete comment sign, if it is available, leave it as it is or delete
# /etc/profile.d/opkg.sh
# torguard and tgapi
/etc/torguard/
/etc/config/torguard
/etc/init.d/tgapi
/usr/bin/tgapitest
/usr/bin/tginit
/usr/bin/tgsetup
/usr/bin/tginit-uci-basic
/usr/bin/tguninstall
/usr/bin/tgfunctions
/usr/bin/tginstall
/usr/bin/tgupgrade
# root folder
/root/

save upgradefw on your router, lets say as /root/bin/upgradefw. It will create restore script in /root/bin/restore (that is why I included /root in sysupgrade.conf)

/root/bin/upgradefw

and make it executable with

chmod +x /root/bin/upgradefw

Thats it, now you can upgrade only firmware and then manually restore. In my example, I run those commands from my notebook, this is just a scratch, as example, you can add a check for when your device gets up so that waiting 240 seconds can be skipped and done automatically:

#!/bin/sh
LOG="upgradefw.log"
ROUTERIP="IPOFYOURROUTER"
ssh [email protected]${ROUTERIP} "/root/bin/upgradefw" | tee ${LOG};
echo "Wait 240 seconds until router reboots" && sleep 240 &&
ssh [email protected]${ROUTERIP} "/root/bin/restore" | tee -a ${LOG}
echo "firmware upgrade finished"

 

There are also other ways of how one can keep automated upgrade but I will get not deeper into it in this thread as it is fully offtopic here, we already slide too much away from wireguard on openwrt away. If you go and read sysupgrade documentation you will know much more about it and different options.

PS: I tested and did run the script on archer-c5v1, it should work with any openwrt, just edit the script var in the header of upgradefw. I do not have wrt3200acm and can not test it.

upgradefw-wrt3200acm.zipUnavailable upgrade-and-restore.log-archer-c5v1-snapshot.zipUnavailable

.....

 

[email protected]:~# chmod +x /root/bin/upgradefw
chmod: /root/bin/upgradefw: No such file or directory

 

and yet...... :

 

ow.png

Link to post
Share on other sites
19807409
32 minutes ago, James8078 said:

.....

 

[email protected]:~# chmod +x /root/bin/upgradefw
chmod: /root/bin/upgradefw: No such file or directory

 

and yet...... :

 

ow.png

 

Well, pay a little bit attention in reading, will spare you time asking obvious things. Your screenshot shows that you copied it to:

/bin

 

instead, not sure why you again did not follow instructions/guide, as you should copy it to:

/root/bin

 

The reason why chmod gives the error is correct, there is no file. If you do not have bin folder in /root folder, then create it:

mkdir /root/bin

 

You could run it from /bin folder too if you want, but according to my post above, change in sysupgrade.conf's entry /root/ to /bin/upgradefw and run chmod +x /bin/upgradefw

/root folder is simply home folder of root user.

  • Thanks 1
Link to post
Share on other sites
19807409

one additional note about if you use different locations etc.., if as example you for some reason want to use /bin/upgradefw, then you need to edit this part:

 create restore script if it does not exist in /root/bin folder which is backed up
if [ ! -f /root/bin/restore ]; then
cat <<"EOF_restore" | tee /root/bin/restore
#!/bin/sh
echo "Load /etc/profile.d/opkg.sh"
. /etc/profile.d/opkg.sh
opkg update
opkg_restore
EOF_restore
chmod +x /root/bin/restore 
fi

 

to:

 create restore script if it does not exist in /root/bin folder which is backed up
if [ ! -f /bin/restore ]; then
cat <<"EOF_restore" | tee /bin/restore
#!/bin/sh
echo "Load /etc/profile.d/opkg.sh"
. /etc/profile.d/opkg.sh
opkg update
opkg_restore
EOF_restore
chmod +x /bin/restore 
fi

 

just make sure you changed all /root/bin occurencies to /bin in script if you want to enforce other location than one which I wrote for the example script

Link to post
Share on other sites
James8078

good, I did it, it seems everyhting works great and a log has been created in /root,  : upgradefw.log but it is empty ...

 

Btw, wireguard was up after reboot.

 

Link to post
Share on other sites
19807409
10 hours ago, James8078 said:

good, I did it, it seems everyhting works great and a log has been created in /root,  : upgradefw.log but it is empty ...

it means you did run it from the device, in my example I run those commands over ssh on my pc, where upgradefw.log is then on my notebook (not in root. The script has this commented, if you use it in any other way, then adapt settings, here is header comment from script:

# How to use/upgrade from another pc:
#   ssh [email protected] "/root/bin/upgradefw" | tee upgradefw.log;
#   echo "Wait 240 seconds until router reboots"; sleep 240;
#   ssh [email protected] "/root/bin/restore" | tee -a upgradefw.log

 

10 hours ago, James8078 said:

Btw, wireguard was up after reboot.

This means that flash and restore worked, congrats.

Link to post
Share on other sites
19807409
2 hours ago, James8078 said:

when I upgrade build,  after rebooting


tgapi

is disabled in startup initscript..

normal?

 

yes. Yesterday I explained it in separate post, read please once again:

#!/bin/sh
LOG="upgradefw.log"
ROUTERIP="IPOFYOURROUTER"
ssh [email protected]${ROUTERIP} "/root/bin/upgradefw" | tee ${LOG};
echo "Wait 240 seconds until router reboots" && sleep 240 &&
ssh [email protected]${ROUTERIP} "/root/bin/restore" | tee -a ${LOG}
echo "Run Torguard api on router to make sure that settings are valid"
ssh [email protected]${ROUTERIP} "/etc/init.d/tgapi enable;/etc/init.d/tgapi restart" | tee -a ${LOG}
echo "firmware upgrade finished"

echo "Reboot your router"
ssh [email protected]${ROUTERIP} "reboot -f" | tee -a ${LOG}

 

Link to post
Share on other sites
James8078

@19807409

EDIT : on my other router, still working ) script +tginstall

hi,

have there been any changes in your script? I installed the script on a another router and in log, it is pretty weird, look the public key , it is a non sense, I restart from scratch 3x.. everytime the same result. Im gonna reset the router and restart to be sure.

Make init script executable: /etc/init.d/tgapi
Public key: 1611719983390
Peer server: 500
IP Addresses: Internal Server Error
Allowd IPs: Can not add peer with public key 'zr5NyAAXu6ZPkHIJyTnH13J1Zqyfh L VdcMwfYUZVg=' and IP 10.13.46.145/32. /usr/bin/wg returned with exit value 1
DNS1: /api/v1/setup}
DNS2: 
Endpoint host: 
Endpoint Port: 
Expiration date epoch: 
create new wireguard interface with torguards server: 173.244.200.119:1443
add new network interface (torguard wireguard interface)
cfg066d96
rename new interface to: wg0
set new interface's proto: wireguard
set new interface's private key: 2LJIwm4njMnbZ+FMO7PzXXXXXXXXXXXXXXXXXXXXElA7CMKeaGg=
set new interface's listen port: 51820
set new interface's addresses: Internal Server Error
set new interface's MTU (default 1420): 1420
set new interface's fwmark (default 0xFE): 0xfe
use of builtin IPv6-management (disabled by default, 0): 0
set new interface's nohostrouter (disabled by default, 0): 0
add wireguard peer wg0
cfg0796fc
add wireguard peer wg0 description: wg0 (TorGuard)
add wireguard peer wg0 public key: 1611719983390
add wireguard peer wg0 allowed ip's: Can not add peer with public key 'zr5NyAAXu6ZPkHIJyTnH13J1Zqyfh L VdcMwfYUZVg=' and IP 10.13.46.145/32. /usr/bin/wg returned with exit value 1
add wireguard peer wg0 Endpoint host: 
add wireguard peer wg0 Endpoint port: 
add wireguard peer wg0 Keepalive: 25
add wireguard peer wg0 Route allowed ip's: 1
commit network ...
Add created wireguard interface to lan zone (this will overwrite any other [email protected][0].network setting, please recheck if using non default settings)
'radio1' is disabled
TGINIT - RESULTS

Show Network inteface: wg0
network.wg0=interface
network.wg0.proto='wireguard'
network.wg0.private_key='2LJIwm4njMnbZ+FMO7PXXXXXXXXXX7CMKeaGg='
network.wg0.listen_port='51820'
network.wg0.addresses='Internal Server Error'
network.wg0.mtu='1420'
network.wg0.fwmark='0xfe'
network.wg0.delegate='0'
network.wg0.nohostroute='0'
network.cfg0796fc=wireguard_wg0
network.cfg0796fc.description='wg0 (TorGuard)'
network.cfg0796fc.public_key='1611719983390'
network.cfg0796fc.allowed_ips='Can not add peer with public key '\''zr5NyAAXu6ZPkHIJyTnH13J1Zqyfh L VdcMwfYUZVg='\'' and IP 10.13.46.145/32. /usr/bin/wg returned with exit value 1'
network.cfg0796fc.persistent_keepalive='25'
network.cfg0796fc.route_allowed_ips='1'
wait 10 seconds before checking for current IP...
IP ADDRESS - 		24XXXXXX.3
Torguard wireguard initialization finished, please reboot to complete
install speedperf: no
apifix:         enabled
apifixtimeout:  1d
Enable apifixtimeout service: yes
tgapi status: running
tginstall script finished
### â„¹ï¸ How to FAQ - Torguard wireguard server ###
How to show your configs
- Show full torguard config:      uci show torguard
- Show only default server:       uci show [email protected]_tg0[0]

How to set your configs
- Set/edit/change server:             uci set [email protected]_tg0[0].endpoint_host='173.244.200.119'
- Set/edit/change description:        uci set [email protected]_tg0[0].description='wg0 (TorGuard)'
- Set/edit/change allowed ips:        uci set [email protected]_tg0[0].allowed_ips='0.0.0.0/0'
- Set/edit/change endpoint port:      uci set [email protected]_tg0[0].endpoint_port='1443'
- Set/edit/change keepalive:          uci set [email protected]_tg0[0].persistent_keepalive='25'
- Set/edit/change route allowed ip's: uci set [email protected]

 

Link to post
Share on other sites
19807409
2 hours ago, James8078 said:

@19807409

EDIT : on my other router, still working ) script +tginstall

hi,

have there been any changes in your script? I installed the script on a another router and in log, it is pretty weird, look the public key , it is a non sense, I restart from scratch 3x.. everytime the same result. Im gonna reset the router and restart to be sure.

Make init script executable: /etc/init.d/tgapi
Public key: 1611719983390
Peer server: 500
IP Addresses: Internal Server Error
Allowd IPs: Can not add peer with public key 'zr5NyAAXu6ZPkHIJyTnH13J1Zqyfh L VdcMwfYUZVg=' and IP 10.13.46.145/32. /usr/bin/wg returned with exit value 1
DNS1: /api/v1/setup}
DNS2: 
Endpoint host: 
Endpoint Port: 
Expiration date epoch: 
create new wireguard interface with torguards server: 173.244.200.119:1443
add new network interface (torguard wireguard interface)
cfg066d96
rename new interface to: wg0
set new interface's proto: wireguard
set new interface's private key: 2LJIwm4njMnbZ+FMO7PzXXXXXXXXXXXXXXXXXXXXElA7CMKeaGg=
set new interface's listen port: 51820
set new interface's addresses: Internal Server Error
set new interface's MTU (default 1420): 1420
set new interface's fwmark (default 0xFE): 0xfe
use of builtin IPv6-management (disabled by default, 0): 0
set new interface's nohostrouter (disabled by default, 0): 0
add wireguard peer wg0
cfg0796fc
add wireguard peer wg0 description: wg0 (TorGuard)
add wireguard peer wg0 public key: 1611719983390
add wireguard peer wg0 allowed ip's: Can not add peer with public key 'zr5NyAAXu6ZPkHIJyTnH13J1Zqyfh L VdcMwfYUZVg=' and IP 10.13.46.145/32. /usr/bin/wg returned with exit value 1
add wireguard peer wg0 Endpoint host: 
add wireguard peer wg0 Endpoint port: 
add wireguard peer wg0 Keepalive: 25
add wireguard peer wg0 Route allowed ip's: 1
commit network ...
Add created wireguard interface to lan zone (this will overwrite any other [email protected][0].network setting, please recheck if using non default settings)
'radio1' is disabled
TGINIT - RESULTS

Show Network inteface: wg0
network.wg0=interface
network.wg0.proto='wireguard'
network.wg0.private_key='2LJIwm4njMnbZ+FMO7PXXXXXXXXXX7CMKeaGg='
network.wg0.listen_port='51820'
network.wg0.addresses='Internal Server Error'
network.wg0.mtu='1420'
network.wg0.fwmark='0xfe'
network.wg0.delegate='0'
network.wg0.nohostroute='0'
network.cfg0796fc=wireguard_wg0
network.cfg0796fc.description='wg0 (TorGuard)'
network.cfg0796fc.public_key='1611719983390'
network.cfg0796fc.allowed_ips='Can not add peer with public key '\''zr5NyAAXu6ZPkHIJyTnH13J1Zqyfh L VdcMwfYUZVg='\'' and IP 10.13.46.145/32. /usr/bin/wg returned with exit value 1'
network.cfg0796fc.persistent_keepalive='25'
network.cfg0796fc.route_allowed_ips='1'
wait 10 seconds before checking for current IP...
IP ADDRESS - 		24XXXXXX.3
Torguard wireguard initialization finished, please reboot to complete
install speedperf: no
apifix:         enabled
apifixtimeout:  1d
Enable apifixtimeout service: yes
tgapi status: running
tginstall script finished
### â„¹ï¸ How to FAQ - Torguard wireguard server ###
How to show your configs
- Show full torguard config:      uci show torguard
- Show only default server:       uci show [email protected]_tg0[0]

How to set your configs
- Set/edit/change server:             uci set [email protected]_tg0[0].endpoint_host='173.244.200.119'
- Set/edit/change description:        uci set [email protected]_tg0[0].description='wg0 (TorGuard)'
- Set/edit/change allowed ips:        uci set [email protected]_tg0[0].allowed_ips='0.0.0.0/0'
- Set/edit/change endpoint port:      uci set [email protected]_tg0[0].endpoint_port='1443'
- Set/edit/change keepalive:          uci set [email protected]_tg0[0].persistent_keepalive='25'
- Set/edit/change route allowed ip's: uci set [email protected]

 

your log clearly tells me that your router is not online, you have again no internet connection and you need to have working internet connection for scripts to work.

Link to post
Share on other sites
19807409

or, if you are online, then your public key (has special signs: zr5NyAAXu6ZPkHIJyTnH13J1Zqyfh L VdcMwfYUZVg=), encode it here: https://convertstring.com/EncodeDecode/UrlEncode

then save the result and rerun tginstall

# set your public key
uci set [email protected]_tg0[0].wgapipubkey="YOURURLENCODEDPUBLICKEY"
uci commit torguard

# run tginstall
tginstall

 

Link to post
Share on other sites
James8078
5 minutes ago, 19807409 said:

your log clearly tells me that your router is not online, you have again no internet connection and you need to have working internet connection for scripts to work.

I will test later, but I always check if im online... so I'll let you know

Link to post
Share on other sites
19807409
Just now, James8078 said:

I will test later, but I always check if im online... so I'll let you know

Probably its your public key, check my previous post

Link to post
Share on other sites
  • 4 weeks later...
James8078

@19807409

hi,

these days I have some problems with the script, it woeked very well but dont know why, now I can run it 10x and nothing happens, sometimes, the interface is created sometimes not, sometimes the interface is just complete at 50%

 

and I can run the script 3-4 times and there is no wireguard interface created..  (and yes Im online 😉 )

 

thanks

 

(and it works, but I have to run it many times....)

 

e number: 0 do not create host routes to peers: 0 UDP port for out-/incoming packets: 51820 Maximum Transmission Unit of tunnel: 1420 32-bit mark for outgoing packets: 0xFE Seconds between keep alive messages: 25 Use builtin IPv6-management: 0 Route allowed IPs: 1 TorGuard firewall zone: 1 TorGuard wireguard private key: API Fix /usr/bin/tgapitest API Fix timeout 1d Sevice file path /etc/init.d/tgapi TorGuard Server List: 173.244.200.119:1443 ---
uci: Entry not found
create new private and public keys...
genwgkey... generating private key ... OK: WGR1XXXXXXXXXXXXXXXXXXXXXXXXXXXXvlF0=
createwgpubkey... generating public key ... OK: weo6fqT8EIzHm5qtHhrdmb66u/FtGKVPCA0oWcHjcXQ=
set vars for server for ip: 173.244.200.119:1443 ...
PORT: 51820
FWMARK: fe
Wireguard interface number: 0
Description: wg0 (TorGuard)
Firewall zone: wan wan6
Endpoint host: 173.244.200.119
Endpoint port: 1443
delete wireguard interface with same name... (173.244.200.119:1443)
delete existing default peer 0 and commit changes...
uci: Entry not found
delete existing wireguard interface and commit changes...
uci: Entry not found
restart network...
'radio2' is disabled
curl: (6) Couldn't resolve host 'updates.torguard.biz'
create new private and public keys...
genwgkey... generating private key ... OK: 2LzjAXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXY=
createwgpubkey... generating public key ... OK: T2/zOatt+8k5ATckJiz6NqjTbQaye8Adfv89M5RIOA8=
USED PUBLIC AND API KEYS:
Private: 2LzjAlv0QpXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXkY=
Public:  T2/zOatt+8k5ATckJiz6NqjTbQaye8Adfv89M5RIOA8=
API Public key:T2/zOatt+8k5ATckJiz6NqjTbQaye8Adfv89M5RIOA8=
API: https://NXXXXXX:[email protected]:1443/api/v1/setup?public-key=T2/zOatt+8k5ATckJiz6NqjTbQaye8Adfv89M5RIOA8=
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:--  0:01:26 --:--:--   

 

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...