Happy New Year to all!
Here is R9000 Wire guard client example(site o site)
Here is content of custom /etc/init.d/wireguard script for R9000 wirguard client:
#!/bin/sh /etc/rc.common
# @(#)andonl 1.0.0
START=99
STOP=99
PATH=/bin:/sbin:/usr/bin:/usr/sbin
CONFIG=/bin/config
AP_MODE=$($CONFIG get ap_mode)
BRIDGE_MODE=$($CONFIG get bridge_mode)
EXTENDER_MODE=$($CONFIG get extender_mode)
CHECK_HOST=
www.microsoft.com
WGDEV=wg0
WGDEVIPADDR=$($CONFIG get vpn_wg_ipaddr)
WGDEVNET=$($CONFIG get vpn_wg_net)
WGDEVGW=$($CONFIG get vpn_wg_gw)
LOG_FILE=/var/log/wirequard.log
start() {
echo "`date` Wireguard start script has been started!" >>$LOG_FILE
# Check if not in router mode
if [ "$AP_MODE" == "1" ] || [ "$BRIDGE_MODE" == "1" ] || [ "$EXTENDER_MODE" == "1" ]; then
echo "`date` Error, not in router mode!" | tee -a $LOG_FILE
exit 1
fi
# Check if network parameters are configured
if [ "$WGDEVIPADDR=" == "1" ] || [ "$WGDEVNET" == "1" ] || [ "$WGDEVGW" == "1" ]; then
echo "`date` Error, network parameters are not configured!" | tee -a $LOG_FILE
exit 3
fi
# Check if wireguard is supported and kernel module loaded
if [ -f /lib/modules/3.10.20/wireguard.ko ]; then
lsmod | grep -q wireguard
if [ $? -eq 1 ]; then
insmod /lib/modules/3.10.20/wireguard.ko
fi
else
echo "`date` Error, there is no support for wireguard!" | tee -a $LOG_FILE
exit 5
fi
# Check if config $WGDEV.conf exists
if [ ! -f /etc/wireguard/$WGDEV.conf ]; then
echo "`date` Error, there is no config $WGDEV.conf in /etc/wireguard." | tee -a $LOG_FILE
exit 7
fi
# Check if config $WGDEV.conf has correct access rights
ls -l /etc/wireguard/$WGDEV.conf |grep -q "^-rw------- 1 root root"
if [ $? -eq 1 ]; then
chmod 0600 /etc/wireguard/$WGDEV.conf
chown root.root /etc/wireguard/$WGDEV.conf
echo "`date` Warning, config $WGDEV.conf access rights have been corrected!" | tee -a $LOG_FILE
fi
# Check if $WGDEV interface already exists
ifconfig $WGDEV 1>/dev/null 2>&1
if [ $? -eq 1 ]; then
ip link add dev $WGDEV type wireguard
else
echo "`date` Info, interface $WGDEV already exists." | tee -a $LOG_FILE
fi
wg setconf $WGDEV /etc/wireguard/$WGDEV.conf
# Check if $WGDEV interface IP ADDR already set up
ifconfig $WGDEV | grep -q "inet addr:$WGDEVIPADDR"
if [ $? -eq 1 ]; then
ip address add $WGDEVIPADDR/24 dev $WGDEV
else
echo "`date` Info, $WGDEV IP addr $WGDEVIPADDR already set up." | tee -a $LOG_FILE
fi
ip link set mtu 1420 dev $WGDEV
# Check if DNS is already working
count=0
while [ $count -le 20 ]; do
ping -q -c 3 $CHECK_HOST 2>/dev/null 1>&2
if [ $? -eq 0 ]; then
break
fi
sleep 10
count=$(($count+1))
done
# Sleep before starting if delay is set in NVRAM (to allow NTP set date/time)
DELAY=$($CONFIG get vpn_wgclt_delay)
if [ ! "$DELAY" = "" ]; then
sleep $DELAY
fi
# Check if $WGDEV interface up and running
ifconfig $WGDEV | grep -q "UP POINTOPOINT RUNNING"
if [ $? -eq 1 ]; then
ip link set $WGDEV up
else
echo "`date` Info, $WGDEV is already up and running!" | tee -a $LOG_FILE
fi
route add -net $WGDEVNET/24 gw $WGDEVGW
echo "`date` Wireguard start script has been ended!" >>$LOG_FILE
}
stop() {
echo "`date` Wireguard stop script has been started!" >>$LOG_FILE
route del -net $WGDEVNET/24 gw $WGDEVGW
if [ -f /lib/modules/3.10.20/wireguard.ko ]; then
# Check if $WGDEV interface already exists
ifconfig $WGDEV 1>/dev/null 2>&1
if [ $? -eq 0 ]; then
ip link del dev $WGDEV
else
echo "`date` Info, interface $WGDEV does not exist." | tee -a $LOG_FILE
fi
lsmod | grep -q wireguard
if [ $? -eq 0 ]; then
rmmod /lib/modules/3.10.20/wireguard.ko
fi
else
echo "`date` Error, there is no support for wireguard!" | tee -a $LOG_FILE
exit 9
fi
echo "`date` Wireguard stop script has been ended!" >>$LOG_FILE
}
restart() {
stop
start
}
reload() {
exit 11
}
Copy above lines of code to /etc/init.d/wireguard and make it executable.
To ceate rc.d startup inks
cd /etc/init.d
./wireguard enable
Prerequests:
You need to configure client config file
cat /etc/wireguard/wg0.conf
[Interface]
PrivateKey = ReplacewithClientPrivateKey
[Peer]
PublicKey = ReplacewithServerPublicKeyNetwork
AllowedIPs = 192.168.120.0/24, 192.168.140.0/24
EndPoint = yourserver.ddns.net:10100
PersistentKeepalive = 24
You need to configure some nvram variables used by the server script
nvram show all | grep vpn_wg
vpn_wg_ipaddr=192.168.120.2
vpn_wg_net=192.168.140.0
vpn_wg_gw=192.168.120.1
Networks from examples:
vpn network 192.168.120.0/24
local network behind R9000 vpn server 192.168.140.0/24
Please note that firewall part is not covered here and how to create private/public keys.
You will have to adjust provided here IP addresses/Networks to your needs.
Thanks,