Orbi and wireguard

[mexjerry]

I am struggling in setting up wireguard on the Orbi rbk50. I have installed voxel's V9.2.5.1.18.1SF-HW to the router and satellite, attached a USB stick, with the directory structure recommended in the QuickStart guide.
Here is some info:

I have followed the QuickStart guide, as provided in:
https://www.voxel-firmware.com/Downloads/Voxel/html/orbi.html
I have attempted to upload my text file, but I don't see it. The only option I see is browse, and close, I select my text file and nothing, just closes


Go to am.i.mullvad and see the dreaded red screen

Pointers would be greatly appreciated
Thanks

 

[mexjerry]

here's a link, till I figure out how to attach a txt file:
https://justpaste.it/2b5ct

 

[R. Gerrits]

Perhaps I overlooked it in your just paste, but aren't you missing a command to bring the link up?
(and also didn't read the quickstart)

ip link set up dev wg0

And then afterwards, you might also need to add some route to your routing tables?

ip route add <endpoint_IP> via brwan
(or via ppp0, if that is your wan_interface name)
ip route add 0/1 dev wg0
ip route add 128/1 dev wg0

 

[mexjerry]

ip link set up dev wg0
thats there, I understand, very long list to go thru

Perhaps I overlooked it in your just paste, but aren't you missing a command to bring the link up?


ip route add MYIP via brwan
ip route add 1xx.xx.xxx.xxx via brwan
Error: inet address is expected rather than "brwan"
ip route add 1xx.xx.xxx.xxx brwan
Error: either "to" is duplicate, or "brwan" is a garbage.
ip route add 1xx.xx.xxx.xxx dev wg0
RTNETLINK answers: File exists
ip route list
0.0.0.0/1 dev wg0 scope link
default via 192.168.1.1 dev brwan
10.0.0.0/24 dev br0 proto kernel scope link src 10.0.0.1
10.65.225.49 dev wg0 scope link
128.0.0.0/1 dev wg0 scope link
192.168.1.0/24 dev brwan proto kernel scope link src 192.168.1.2
1xx.xx.xxx.xxx dev wg0 scope link

ping 8.8.8.8.8
ping: bad address '8.8.8.8.8'
reboot

 

[R. Gerrits]

oh yeah I see..

also made a typo in one of the route statements (simplified it a bit too much), correct one for you should be

ip route add <endpoint_IP> via 192.168.1.1 dev brwan
(or ip route add <endpoint_IP> via 192.168.1.1 also works)

but you do seem to be missing a command like this:

ip address add dev wg0 <IP-address/mask>

where <IP-address/mask> is something like 123.123.123.123/32 or 123.123.123.123/24
(or some other subnet size behind the slash)

but it looks like your WG config file only has an IPv6 address (because of the /128 mask)....

 

[mexjerry]

ip route add 1xx.xx.xxx.1xx via 192.168.1.1 dev brwan
No errors

ip address add dev wg0 192.168.1.100

ip a

22: wg0: <POINTOPOINT,NOARP> mtu 1420 qdisc noop state DOWN group default
link/none
inet 192.168.1.100/32 scope global wg0
valid_lft forever preferred_lft forever

Go to https://am.i.mullvad.net/
OOPs forgot I had mullvad running on the desktop

no mullvad, more investigation required.
I appreciate the help, thank you

 

[mexjerry]

Well checking around the firmware, I see wg-client, copyied to /mnt/sda/etc/ini.d/ and it tries to connect

./wg-client start
Error: No EndPoint is defined.

here is the conf

[Interface]
PrivateKey = XXXX=
#Address = 10.65.225.49
#DNS = 1xx.1x.2xx.7x

[Peer]
PublicKey = XXXX
AllowedIPs = 0.0.0.0/0,::0/0
#Endpoint = 1xx.xx.2xx.1xx:xxxx
Endpoint = seX-xxxx.xxxx.net

I've tried with the address and the name, errors out, also it errors on the DNS

Can I have some pointers?
Thanks

 

[R. Gerrits]

I don't know what exactly is in Voxel's wg-client.

but I don't get why you have copied it into /mnt/sda/etc/init.d/ ??

perhaps you should start over, and properly read the instructions in Quickstart???
because you should only do something to put /overlay on the USB stick.

and also Quickstart clearly mentions:

(1). Prepare the text file in Unix format (https://en.wikipedia.org/wiki/Text_file#Unix_text_files)
with name wireguard.conf defining the following values: EndPoint, LocalIP, PrivateKey, 
PublicKey and Port of you WireGuard client config from WG provider.

Example:
------------------------- cut here ---------------------------------------
EndPoint="wireguard.5july.net"
LocalIP="10.0.xxx.xxx"
PrivateKey="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX="
PublicKey="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX="
Port="48574"
------------------------- cut here ---------------------------------------

NOTE: no spaces before/after "=" symbol in example above.
NOTE: the name of the file wireguard.conf is lowercase.

(2) Place this wireguard.conf file to /overlay/etc/ directory of your USB drive 
formatted as ext4 filesystem. I.e. /overlay/etc/wireguard.conf.

 

[mexjerry]

Here's the link
https://justpaste.it/1y0gt


R.Gerrits: but I don't get why you have copied it into /mnt/sda/etc/init.d/ ??

Because etc/init.d/wg-client is mounted READ ONLY, AND it references CONF_FILE="/etc/wireguard.conf", in order to keep from erroring out, that CONF line needs to point to my MODIFIED wireguard.conf

I don't want to get nasty, but I have read the Quick Start instructions

 

[R. Gerrits]

Because etc/init.d/wg-client is mounted READ ONLY, AND it references CONF_FILE="/etc/wireguard.conf"

Thats where the overlay part comes in.

If you have /overlay on the USB stick, then all the files you place in /overlay, are mounted read-write over the original readonly ones.

so undo what you did,
create /mnt/sda/overlay/etc
create /mnt/sda/overlay/etc/wireguard.conf according to the description in Quickstart

And then it should work.

The reason for your errors are that your wireguard.conf doesn't match how it is written in Quickstart.
(you have more fields in there, you have spaces before and after the =, etc,etc, hence my conclusion that you didn't properly read it.)

 

[mexjerry]

If you read the link, I have done That!

 

[R. Gerrits]

I only see you created /mnt/sda/etc/wireguard.conf
you should have created /mnt/sda/overlay/etc/wireguard.conf