New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Haven't tested, no idea. My installer is very unobtrusive so it will most likely work just fine along with most management tools if they don't mess with the firewall or anything like that.
The
wireguard
package is a metapackage which containswireguard-tools
, and it is indeed installed from the backports repo, you can see that in the installation log. Wireguard will be installed as a kernel module.And Wireguard does not support transport over UDP.
This is not a problem with the script, probably a client-side issue.
Thanks you for your answer. I hope so. What is about opt-out from
-y
flag by user choose or from the whole installation step?About UDP. You mean wireguard support only UDP. And tcp request to setup some tunnel. Got it. I'm too new for wireguard. Old OpenVPN user.
OF course this is not a script. Just wonder if anybody can point me towards the right directions what to check in order to fix it.
Hello all!
Novice here - and I have a question (probably basic to most!). I just setup my first wireguard vps using @Nyr script.
I see in the main.conf file there are keys in the interface (client) and Peer (server). How come the interface (client) already has a Private key generated? I could be wrong, but I thought I am supposed to use the private key from the "create tunnel" when using the windows wireguard client?
Also, what is the PresharedKey used for?
[Interface]
Address = 10.7.0.2/24
DNS = 1.1.1.1, 1.0.0.1
PrivateKey = ABCDEFG
[Peer]
PublicKey = 123456
PresharedKey = 78910
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = x.x.x.x:51820
PersistentKeepalive = 25
If anyone has setup a Windows client and is able to assist me I would appreciate it.
Thanks all!
It is done this way for simplicity, so you can import the configuration file directly into your client easily.
It adds an additional layer of crypto. It is not required, but a "nice to have" thing for theoretical situations.
Both explanations are simplified to the extreme, but you get the idea, I hope
Thank you very much. So, I could use this private key verses the one generated on the client side?
You should, yeah.
Awesome, that was simple. I copied the text in the .conf file into notepad and saved it as a .conf file. I was able to easily import it and all the settings were set!
I just clicked "Activate" but could not connect. It is most likely my UFW.. I only allowed SSH and the Port for Wireguard. I think I will have to allow 80/443 too.
@nyr, should the same settings in my server .conf file be in the client wireguard tunnel?
@nyr I figured out why I could not connect. I have another VPN client running on my desktop. As soon as I disabled it, wireguard works. When I go to ipchicken.com or whatismyipaddress.com, I see it shows the server IP of my VPS. Is that correct? I thought It would show a 10.x.x.x. ip address that was configured.
@Nyr
this BF sale took too a many VPS, Have installed your script for creating a mesh network
Individually script works beautifully
Trying to mesh 4 VPS together
Starting with same subnet with IP address as
VPS1 10.7.0.1
VPS2 10.7.0.2
VPS3 10.7.0.3
VPS5 10.7.0.4
All can communicate between each other after i add all 3 public keys , Endpoint and AllowedIP in each VPS . Confirmed by pinging each other
I took client from VPS1,lets name client laptop . All VPS already have masquerading due to your script.
laptop IP from VPS1 is 10.7.0.5
Nows the issue , i can only ping 10.7.0.1 when i use laptop config . Cant ping other 3 VPS
Took another client from VPS2 which was 10.7.0.6 but then can only ping 10.7.0.2 of VPS2
After the unsuccessful attempt restricted myself to setup 2 VPS mesh first
Now tried duplicating client config with same IP address on VPS1 and VPS2
Tried duplicating client config with different IP address on VPS1 and VPS2
Tried adding 2 different IP address in client config with same private key
Tried making client with different private keys
Nothing worked
so how do i setup my config to connect balance 3 VPSs ?
In this setup also for clients its not mesh . If VPS1 goes down then laptop cannot connect with VPS2 and others
So whats required in clients.conf to make them communicate independently with all other 4VPSs
Can somebody guide on this.
Not sure if anyone else here uses windows, but when I activate Wireguard and connect, I noticed the process, Service Host: Windows Image Acquisition (WIA) increased significantly - from 0% to 8.4%.
The only reason I noticed this was due to the fact my fans kicked up as if I was gaming!
When I deactive Wireguard, the process Service Host: Windows Image Acquisition (WIA) goes back to 0%. I tested this about 7 times and each time I am able to replicate the results.
Any thoughts on why the process Service Host: Windows Image Acquisition (WIA) is being utilized that much with Wireguard? The Service Host: Windows Image Acquisition (WIA) is a driver model which helps the system's graphic software to communicate with hardware devices which use graphics (like printer, scanner, etc). This has nothing to do with VPNs!
Why would people do something like this as opposed to subscribing to a VPN service? Seems that multiple IP's and locations are a big advantage as opposed to using your own VPN server.
Unless of course you are the one providing the VPN service.
Just wanted to say thanks to Nyr for this script. I love the QR Code generated at the end - great for easy setup after install. A couple of questions:
I run my own VPN setup because:
1. If lucky, you can pick up a bunch of servers for very little (e.g. Hosthatch Black Friday 2020 gave 10 servers for $60/yr - so you get multiple locations.
2. You're not sharing IPs with hundreds of others (as per a normal VPN) so the likelihood of your VPN/IP getting banned is much lower (relevant for those in countries with suppressive regimes)
3. One VPN service typically gives you just one user account (maybe multiple devices). Your own server/VPN gives you unlimited accounts. My whole company uses just a single server I setup, for just $20/year. And I have others I share with friends, family etc.
Guys is there a browser plugin for wireguard ?
When I run the VPN client I want to limit it to the browser only and not the entire PC network.
Squid mighy be a better effort?
Would it be fine using Proxifier or Squid?
Why not just set up a simple SOCKS5 proxy?
One article of many randomly found on the net:
https://ma.ttias.be/socks-proxy-linux-ssh-bypass-content-filters/
That is normal. The 10.x.x.x IP address is an internal one used only inside the tunnel.
Sorry but I am not sure what are you trying to achieve. Still, if the problem is not related to the script itself but WireGuard in general, I suggest you to open a new topic if you want help on this matter.
i am trying to create a mesh of VPSs after installing your script on them
I have achieved inter-connectivity between VPSs but any one client cannot communicate with other VPSs
I can tell you about my case. I want to have my own server because I do not trust shady VPN companies with ridiculous marketing. I also prefer to have a static IP address which is not blacklisted in many places because it is part of a dirty network. Finally, I also want a service with a provider/network of my choice, not some mediocre M247. Many people also get NAT servers around the world for very cheap, cheaper than any commercial VPN service.
Maybe in the future, not right now.
I encourage you to take a closer look if you want and compare both projects. Code quality and attention to detail are very different between the two. Mine also supports containers, which implied many hours of work.
As others have mentioned, you probably want a proxy server, not a VPN.
My installer is not the right tool for this, take a look at:
https://github.com/k4yt3x/wg-meshconf
I installed Wireguard on a virtual machine behind a NAT using the script by @Nyr, but it didn't work in a sense that clients do not have internet connection. I have previously used the script on machines with public IP address and it work just fine.
The setup is the following: there is physical machine with public IP and a virtual machine on it with a private IP (say 192.168.0.10). Both the physical server and the virtual machine run up to date version of Centos 7 (release 7.9.2009). There is normal connectivity from the virtual machine to internet. I used the default port 51820 for the installation.
My assumption is that there is some kind of problem with nat or prerouting/postrouting on the server. If so:
You just need to configure NAT for the VM normally, and then my installer will set up NAT inside the virtual machine automatically.
It depends on which client you use, check the logs and see if a connection was successfully established.
Just a note to people installing this, it adds a daily cron job at a random time between 3:00 and 5:59
38 3 * * * /usr/local/sbin/boringtun-upgrade &>/dev/null
I was wondering where it came from. Ref: https://github.com/Nyr/wireguard-install/blob/70e28bcc1a1c5d7ae5dfbea78839d8f9d45e5397/wireguard-install.sh#L475
Indeed, but only for containers where an user space solution is required and only if the user agrees, see line 245 and below. It is also cleaned up when you use the removal option in the script.
@swat4 @ErawanArifNugroho @alento @Nyr
Thank you guys, probably will go with a proxy instead as you advised.