New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
I'm not up to date on that matter but that choice depends on the VPN client, operating system and web browser, they do all have their preferences. My scripts are neutral about priority of IP protocols inside the tunnel, so you'd need to check elsewhere, possibly configuration within your operating system or web browser.
Take also into account that IPv6 routes are generally equal or less performant than IPv4 routes, but almost never better. Some software will pick the fastest route automatically.
Don't worry about it, it's very likely to work with little or no modifications and I don't really need one to test.
raspberrypi-kernel-headers
package, then run the script.Very significantly.
I took a quick look: my work includes an uninstaller, doesn't install unstable software, doesn't install unneeded dependencies, implements proper user management, proper firewall management, proper permissions, automated network setup, more efficient routing, doesn't break on systems with secure boot enabled, doesn't break on kernel upgrades.
Honestly I don't want to give away more details, because he's incompetent but able to copy and paste. It just boils my blood to see how someone copied my work, claimed it was insecure based on some misconceptions ("your RSA keys are too short!", "this cipher is better!") and presented a "secure" low-effort fork breaking lots of stuff which got popular and is even getting funded on Patreon for it. He has also removed the typical GitHub notice in the header showing that his repository is a fork of mine and just includes a small mention hidden deep in the readme.
I'd maybe be helpful to clear some misconceptions if some impartial party with the required qualifications could do a quick audit of my work and see if I made reasonable choices compared to him. But that would probably just give him more publicity and he has already had enough.
Using a Raspberry Pî as a server, right?
Please provide:
iptables -t nat -L
andiptables -L
If you have a GitHub account I'd prefer the issue tracker, but if not here is fine too.
I'll take a look tomorrow, thanks!
No my friend. I'm using Debian 10 (online.net server).
After run script the ouput says for install kernel, but the kernel requested is already installed.
Edit: wireguard-install.sh: line 407: modprobe: command not found
Warning!
Installation was finished, but the WireGuard kernel module could not load.
Upgrade the kernel with "apt-get install linux-image-amd64" and restart
apt-get install linux-image-amd64
Reading package lists... Done
Building dependency tree
Reading state information... Done
linux-image-amd64 is already the newest version (4.19+105+deb10u3).
0 upgraded, 0 newly installed, 0 to remove and 15 not upgraded.
Thank you for the overview. I feel that his version attracted a lot more credibility on first glance because he includes a detailed overview of his design and implementation decisions, while your readme appears to be quite bare-bones and focused on minimalism.
I recognize that you're busy and doing this for free, so no expectation that this will ever be on a roadmap, and we appreciate your efforts nonetheless, but that's probably just why his fork got more traction overtime.
Thanks master for this,respect to you ^:)^
Is this a Scaleway machine? A dedicated server from Online.net? A virtualized server provided by a third party?
Some Scaleway machines have custom kernels, which require custom header packages which can't be managed by the script, but that doesn't seem to be the issue here.
Please provide the output of
uname -r
and the full server installation log.Also your machine doesn't seem to have modprobe available, which is very weird. Any clean installation should provide it. I've double checked and a Scaleway VPS using the standard kernel works perfectly fine.
You are right, communication could certainly be improved from my end. Back when this project started I was very young and didn't even spoke reasonably good English to create some professional-looking documentation. That can still be seen nowadays with some of the grammar mistakes I make.
I should probably try to create a more informative and better looking readme, I'm putting that in my to-do list
4.19.0-8-amd64
I'm using online.net dedicated server.
@mtsbatalha
Let's not spam the topic any further, PM me with the required information and I'll try to help. Or just install the script in a clean system, it'll work.
Thanks for your great work. Gonna install in all my VPSs.
Just a few clarifications.
Is it compatible with a server wit direct admin and CSF?
I was gonna install it but saw that firewalld is going to get installed.
I'm a bit of a noob, so not sure how they are compatible.
@Nyr
Good question:
CSF uses iptables as a backend, but in CentOS/Fedora which must be your OS, the default firewall frontend is firewalld (which also uses iptables/nftables, but that's not relevant). That's why in your case the script shows a warning about installing firewalld.
Even if the default CentOS/Fedora firewall management tool is firewalld, it would be a good idea to take care of others, and that's currently not the case, so I suggest you to avoid installing WireGuard today. I'll change this tomorrow, the presence of CSF was something which wasn't initially considered.
@Nyr,
Yes it's Centos.
I will wait. I tend to use CSF on most of my machines. I would be great that you take the time to look it up.
I just installed in a Ubuntu and it's just works. thanks a lot.
Any plans on adding unbound DNS? Can do it by hand, just wondering.
Thankyou for this comment, I'm going to start using @Nyr's scripts from now on - I had no idea about angristan's behaviour prior to this comment (I've been using angristan's openvpn script prior).
Been waiting, angristans script didn't work for me
Could you elaborate what kind of work?
My 2 cents is to make a static build (
CGO_ENABLED=0
) of the userspace implementation (i.e., wireguard-go) with the memory tweak. The binary runs everywhere without causing troubles, so use it on older OS that doesn't ship the module in the default repository (i.e., all distros except the latest version of Ubuntu and Fedora).Disregard the warning that you should not use the Go program on Linux. It's much safer and easier than playing with out-of-tree kernel modules.
Those who have problem to install WG on Debian 9 kernel 4.x, just install kernel 5.x. I had a problem with freakin wireguard-dkms and kernel 5.5 helped me.
apt-cache search linux-image-
Locate 5.x version (not cloud version, be aware) and install it.
As for installer script... It's good to have it, but judging from how it's written - it's a work in progress.
Few notes: in bash you ALWAYS wrap your vars like ${var}. I will try to pull some contribution on this. Thank you for your time to write this script.
P.S. requirement to run script as root is excessive and some say it's absolutely unacceptable, sudo should be enough.
Not at this time, mostly because I haven't even decided on the final approach, but it's going to involve significantly more work than that, at least that's what I'm planning at the moment. Just give me a few weeks and you'll understand
Debin 9 is going to be discontinued in a month anyway except for packages maintained by the LTS team. So one should, where possible, upgrade to Debian 10.
Yes, it is a work in progress in the sense that some stuff still needs to be implemented, changed and style needs to be improved a bit, but it's more cosmetic than anything else. I did just take a look at ShellCheck and while some little things were missed, it's not too bad.
This initial version did take me like two weeks of working part time on an off and while it may sound excessive it really wasn't and it was the absolute minimum to get something reasonable published.
What I mean is that I do need to manage my time and set priorities. I'm going to do some small but important improvements and then work on container support. After that, I can think about other stuff, but I am busy already for a few weeks with this, because I also have a regular job and there is a limit on my available time.
The script can run perfectly with sudo, I should probably clarify the printed message.
This is neat, but installing (and setting up) wireguard manually is multitudes easier than openvpn
@Nyr Do you continue to maintain the OpenVPN Installer? I switchted to the one from angristan because yours looked unmaintained but it seems there was recent activitiy
Absolutely.
There can be a lack of commits for several months sometimes which could cause someone to think that it is abandoned, but that's only because the project is very mature and solid at this stage and rarely needs significant changes.
I have zero intentions to stop supporting openvpn-install, use it with confidence.
Awesome! If we installed openvpn using the angristan script, can we just switch to yours, or best to uninstall using angristan's and reinstall with yours?
thanks again for all your great work!
An uninstall would be required.
We use WireGuard as well! Thanks for the script
This has now been addressed with the latest commit.
I'd have to take a look, but probably not at this moment. Main priority right now is OVZ support and some other stuff.
I already installed the wireguard server with the script before the commit and im using CSF without an issue. Should I reinstall?
No.
Seen the script when you released it. You might want to add IPv6 DNS servers to resolv.conf
Cheers and thanks ❤️
@Nyr - Thank you.
Coming up next: Shadowsocks?
It's already made. Just 3 commands:
wget --no-check-certificate -O shadowsocks-libev-debian.sh https://raw.githubusercontent.com/teddysun/shadowsocks_install/master/shadowsocks-libev-debian.sh
chmod +x shadowsocks-libev-debian.sh
./shadowsocks-libev-debian.sh 2>&1 | tee shadowsocks-libev-debian.log
I'm not sure about that, IPv4 connections are usually more reliable and I see no benefit on using IPv6 DNS over a dual stack link.
That said I probably would add it if more people ask about it.
No plans for that. Also SS is not very popular in the western world (as we can mostly use full VPNs freely).