Jump to content
TorGuard
  • 0

wireguard /router/expiration

Rate this question


James8078

Question

James8078

hi,

 

I have wireguard on dd wrt and open wrt and I have 4 routers and work a lot on those to change setup and configuration about firmwares etc

but with torguard wireguard, everytime I shutdown my router, and or restart my gateway etc, I always  need to open torguard website, config generator, open new wireguard config and change all my setup...

is it possible to keep my config even if I restart my router and disconnect it ?

thanks

  • Like 2
Link to post
Share on other sites

Recommended Posts

  • 0
James8078
19 minutes ago, 19807409 said:

@James8078 I guess you created issues on github which are now resolved, indeed, there is a bug in urlencode function, I simply disabled urlencode. I just tested the script on 1043nd v2 with latest snapshot: https://downloads.openwrt.org/snapshots/targets/ath79/generic/

 

and I wanted to send you messages in private cause I have some newbie qiuestions, lol

 why I would use a wg server? Cause I have wg on my router on open wrt , interface wg + client (peer) from torguard and all my devices use it..

If i understand, your script is for server?

and last one, when I did try your script last time, it creates wg but also open vpn files, right?

and when we use your script, we have to remove wireguard LuCi app? I have to delete my actual setup

Link to post
Share on other sites
  • 0
19807409
27 minutes ago, James8078 said:

it was not me but thank you. btw on github, I saw a script about torgaurd and open wrt, from years ago, about LuCi app for torguard on open wrt, dont if it still working or if it was from you?

oh, sorry then, I though it was you as the error described matches the one which you did, sorry for confusion.

That repo is from me, yes, I did create several apps for torguard and openwrt including some skins and added torguards server and autoparser for openvpn servers so that one could have full list of servers. Additionaly it included tor and i2p networks set up and working over/with torguard. One of such apps was luci app which actually was bundle of those things (skin, i2p, tor, direct links to chat, torguard credentials (like current torguard config for wireguard). Back then I asked torguard to actually start supporting officially openwrt where it was not at that time, so I shared few things which I believed could be useful if torguard wants to created their own openwrt based on original, back then all torguard vpn routers were shipped only with dd-wrt (I guess today it is still the same).

However, I did not have time to continue developing on it as well as things like i2pd and tor got in the meantime quite easy setups and good documentation and most who actually do use it do not really need gui control over something that provides already a gui (like i2p). On other side, TorGuard enabled then openwrt configs and by that openwrt got officially supported, so, I dropped those apps back then (not sure if I still have source code, but in about me on github you still can see the screenshot of the gui).

About if it still works, I bet it does, but I would not recommend running :) that old openwrt version and to upgrade it all to latest snapshot would require some time which I dont have, at least not for something that probably nobody ever will use.

Why do you ask? If you remember that, then it means you are for quite some time torguard customer too ;)

Link to post
Share on other sites
  • 0
19807409
On 1/1/2021 at 4:21 AM, James8078 said:

I have wireguard on dd wrt and open wrt and I have 4 routers and work a lot on those to change setup and configuration about firmwares etc

but with torguard wireguard, everytime I shutdown my router, and or restart my gateway etc, I always  need to open torguard website, config generator, open new wireguard config and change all my setup...

is it possible to keep my config even if I restart my router and disconnect it ?

 

Yes it is, my scripts are doing exactly that. If you have maybe 2nd device anywhere which can run service/cron updating it, then you would be even secure if your ISP is down for X hours.

My guide is not based on config generator and in fact, it exists before wireguard published it where back then generator configs/keys started to expire. So, my scripts are not based on that generator but on TorGuard Client and how it works, where original TorGuard clients activates over same API as my scripts, when you get disconnected, then TG Client creates and uses new key, where my script uses always the same and all of that is defined in file /etc/config/torguard, you can show all settings with

uci show torguard

when this file exists, whatever you change on it, simply run tginstall and those settings will be used, where wg0 will be deleted/recreated if it already exists (so, if you use additional interfaces, make sure their name is not wg0 or change vars in tginstall/tgfunctions).

is it possible to keep my config even if I restart my router and disconnect it ?

is it possible to keep my config even if I restart my router and disconnect it ?

yes, as explained above and to other users, you can have as many backup connections/activations as you want, you can save that url in your phones browser bookmarks and if it is somehow inactive, simply open your url in your phone and bang, your device would be again active and online.

43 minutes ago, James8078 said:

and I wanted to send you messages in private cause I have some newbie qiuestions, lol

thats exactly how it gets lost, I do assume that you can imagine that maybe your newbie questions are something that other people would like to know too, making private discussion from it would of course be very unproductive, better here, best on github as there it will never get lost and is centralized in form of information, updates etc..

 

46 minutes ago, James8078 said:

If i understand, your script is for server?

well, let me say gently no, this is not correct, in one of my previous posts I explained, that most users would like to know how to configure a server and how to configure a client, well, for wireguard server and client are configured and can be configured in one and the same config.

So, what my script does is:

1. create /etc/config/torguard if it does not exist

2. create wg0 connection from settings in /etc/config/torguard

3. some  optional extras (like speedperf which is simply iperf3, to run it run speedperf)

 

that is it, when you run for the first time tginstall, then you have to enter your credentials, server ip and go through the questionary, but if /etc/config/exists, then no questions are asked but everything created according to that config. By that, if you already created it, you need to edit it.

By configuring torguard server (peer), my script does use 0.0.0.0/0 for allowed IP's meaning that everything will go out through torguards server. By that, you would probably see it as client function, but then add like I explained to another user additional ip to your interface and that IP is then your server (your home server).

So to reply in short, no, my script is not for server, my script simply installs wireguard interface, provides you ability to configure it over /etc/config/wireguard as well over uci set torguard ... as well as it provides you ability to create, install and enable service which will keep your connection active so that it does not expire (like previous user said, last reply from support was 12 hours).

 

55 minutes ago, James8078 said:

and last one, when I did try your script last time, it creates wg but also open vpn files, right?

no, it does not,my scripts for wireguard have nothing to do with open vpn

55 minutes ago, James8078 said:

and when we use your script, we have to remove wireguard LuCi app? I have to delete my actual setup

?? Why do you have to remove luci-app-wireguard, if you have installed luci-app-wireguard, then if running tginstall you can say no for the question if you want to install dependencies as luci-app-wireguard installed them already.

No, you do not, in fact my script works right after fresh flashing or factory reset, even on snapshots, during first time, it will ask you if you want to install dependencies and it will install only wireguard, not luci app or module, you can install luci-app-wireguard manually, however, my scripts do not remove it. Problem with including autoinstallation of luci-app-wireguard is that most (including me) do use snapshopts and almost nobody installs luci as everything is configured over terminal, if I would include luci-app-wireguard, then it would automaticaly install luci which is something that most do not want :).

1 hour ago, James8078 said:

I have to delete my actual setup

You can delete your actual setup easily, simply delete file /etc/config/torguard and tg scripts from /usr/bin

 

How to update/upgrade etc..., all of it is already written in README.md as well in wiki, please check it out as I would dislike to write same things several times.

Link to post
Share on other sites
  • 0
bdiggs
5 hours ago, 19807409 said:

why dont you just create new fresh key with wg genkey and then run curl (or open in your browser)? That's exactly how I do it, I am not using torguards config tool, but my scripts and when I used torguard tool, then I used private key and result was the same.

Boom.  You're exactly right.  Between working with you and TG support here's what I've learned.  The wg genkey to get the key, then curl or browser may be the best way to to do it, and then yep the client IP does stay the same every time.  The client IP appears to be generated based on the key used.  Also, like you say, when you use the web configurator .conf file for a shared server, using the "PrivateKey" instead of the "PublicKey" will also return the same IP address every time.  However, using the "PublicKey" from the shared server .conf file will pull a new client IP address every time.

Also, if you have a dedicated IP address this is a little bit different.  The "PublicKey" is probably what is best to use here, and it returns the same client IP address (internal) every time.  However, I've noticed that and "PrivateKey" and even generated "wg genkey" also all works with those returning the same client IP address every time.  The only time it changes is if you generate a new config file with the web generator for a dedicated IP address, then it assigns a new client IP address (internal) to use with your dedicated (external) IP - and then uniformly all of the API calls return that new address until/unless you generate again.

Also I noticed a dedicated IP's gateway IP address (server) and the dedicated IP address itself (assigned IP from TG) are interchangeable it seems when using either the API web calls or the portal config generator for dedicated addresses.

5 hours ago, 19807409 said:

What happens if you run tginstall (fresh now, with disabled urlencode)?

Couldn't quite get this going on my quickly spun up Ubuntu VPS for testing.  I don't have a spare OpenWRT router at the moment to test with but I may try in the future just to check out!

5 hours ago, 19807409 said:

as most are not aware that they can use one interface for quite fancy and sophisticated setups and all of that without extremly complicated firewall configurations, as said previously, peer based vpn :) ...

I definitely will think about pros and cons to using same interface for things in the future.  I guess if multiple connections are allowed there may not be a ton of disadvantages.  I've been using ZeroTier in a similar manner to you and really love it, but sometimes would like the extra performance of WG on ARM based routers (not AES-NI capable) so may have to give this more thought...

5 hours ago, 19807409 said:

Thanks for kind words.

Absolutely.  So glad it worked out the way you said where we could all benefit.  :)  Been a huge blessing and can see it is a HUGE amount of work.  Also agree about TG.  I use them for so many things from getting ports open behind NAT firewalls to streaming on networks that are bandwidth shaped (like cellular), more features/options and much better support.

Link to post
Share on other sites
  • 0
19807409
5 hours ago, bdiggs said:

However, using the "PublicKey" from the shared server .conf file will pull a new client IP address every time.

Yes, most what you wrote is correct except the line which I quoted, you are correct that new ip address is created each time, but that has nothing to do with using PublicKey only or not. Considering that the config generator creates whole config with the interface part, if you do not set private key, then wireguard config will have to create new one for the interface and then generate public key from that new private key, resulting in completly new configuration.

Taken it right way, torguards config will still deliver you always the same result based on your key. You get new ip not because you use public key, but because there is no private key and one has to be generated. With that your statement is kinda correct but makes no sense, torguard config cant create private key from your public key.

In fact, I am not sure why at all there is public key field in generator online, as it only could confuse a user just like you, or me too in point, do I need to write private and public key and will it work with private key only? The reply is yes, putting just private key will work, as from that private key public key is generated.

5 hours ago, bdiggs said:

Couldn't quite get this going on my quickly spun up Ubuntu VPS for testing.  I don't have a spare OpenWRT router at the moment to test with but I may try in the future just to check out!

Just copy a part where I create service file, its just endless loop with call your api url.

The first version of the guide was quite simple (kinda steps described like you did). For some reason even that caused some confusion so I created scripts for openwrt, openwrt-scripts in that form will not work on ubuntu as on ubuntu there is no uci and settings are with uci. Indeed, first versions were written on ubuntu and I tested it locally back then, but adapted it to openwrt and torguard config.

On ubuntu all of this is setup is actually same, for me it is kinda easier as I only need to manage my wg0.conf.

You can test it all quite easy on ubuntu too with some adaptions, all functions are stored in one file called tgfunctions, simply copy everything and paste into terminal, that way you can use then all functions in your terminal (or run source /parth/to/tgfunctions). Then either edit those functions using uci to something different (like cat somefile | grep whatyouneed). That is probably quickest way for you to test. Additionaly change interface creation  which is easy, instead to populate/change /etc/config/network, create /etc/wireguard/wg0.conf or something like that, instead of firewall configuration, in ubuntu use ufw allow YourListenPort as well as postup/down part in config (which I commented out in one of my replies above.

As last, change service commands from /etc/init.d/.... to systemctl restart/stop/start/enable/disable ...

Everything else will work on Ubuntu, so, all in all, its just few lines which you need to change, I tough ubuntu is so easy for most that no guide is required, however, if there are really users who would use this script on their ubuntu/debian based OS's, I might create a separate repo for it, as this one clearly is for openwrt by repo name.

5 hours ago, bdiggs said:

I definitely will think about pros and cons to using same interface for things in the future.  I guess if multiple connections are allowed there may not be a ton of disadvantages.  I've been using ZeroTier in a similar manner to you and really love it, but sometimes would like the extra performance of WG on ARM based routers (not AES-NI capable) so may have to give this more thought...

With that part I guess you should read a little bit more about wireguard. AES-NI is actually only important for openvpn, you seem to be confused a little bit about wireguard. It does not use AES-NI, it does not use aes at all, it uses ChaCha20, with that AES-NI is of no use for wireguard. Wireguard supports also use of all your cpu threads.

About disadvantages, there are some but I would see it as offtopic here to write about it, you can find many reviews and some whitepapers on wireguard where this part is explained, but yeah, I agree, for a normal Joe user there is not a lot disadvantages if you use your own server, but there might be some critical issues if you trust somebody, as wireguard keeps all ip's in ram meaning that they are vulnerable to mitm attacks as well as some other issues. There are not many providers offering wireguard, will not make now promotion for other vpn's and their solutions, but in fact, TorGuards is similar to the solution which some other VPN provider has also introduced. For the question if your IP is really safe or not, TorGuard Support can reply it very well and all of this enables you the way to use it like discussed in past days with api etc... which I find much better solution than those other VPN restricted solutions, as with TorGuard there is almost no restriction :) in how one can use it

I already described that my rockpi4 reaches without VPN around 980Mbits (meanign full Gbit which the interface gives) and over wireguard it gets max 520Mbits where the cpu is during that test on about just 10-20% (on mate desktop, for that number I did not care to check other process, but would assume it was not higher than 13%). That device is ARM based and currently only few people have faster than 500Mbits connections. If your ISP offers you more than 500Mbit, then consider using another device and faster interface (like 10Gbit on some modern amd/intel cpus).

  • Like 1
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...