Wireguard on ROOter?

[lensm]

Has anyone been successful loading Wireguard on ROOter? I'd like to get my WE826 talking to the rest of my nodes (three more) which are running straight OpernWRT.

This is what I get when I try to load the packages needed to support it.

Collected errors:
* satisfy_dependencies_for: Cannot satisfy the following dependencies for luci-app-wireguard:
* kernel (= 4.14.63-1-1ac1d7db23ff229f0fbba413388c44ae) * kernel (= 4.14.63-1-1ac1d7db23ff229f0fbba413388c44ae) * kernel (= 4.14.63-1-1ac1d7db23ff229f0fbba413388c44ae) *
* opkg_install_cmd: Cannot install package luci-app-wireguard.

If I trace back the dependencies, it goes back to the kmod-wireguard package.

If I force the package, the only way I can get the router back is through a recovery image.

Thanks in advance!

[brokenby2703]

Anybody solved this matter ?

I have same problem with latest GoldenOrb_2019-03-10 ( OpenWrt 18.06.1 ) on ZBT WE-826-T

Collected errors:
* satisfy_dependencies_for: Cannot satisfy the following dependencies for wireguard:
* kernel (= 4.14.63-1-1ac1d7db23ff229f0fbba413388c44ae) * kernel (= 4.14.63-1-1ac1d7db23ff229f0fbba413388c44ae) * kernel (= 4.14.63-1-1ac1d7db23ff229f0fbba413388c44ae) *
* opkg_install_cmd: Cannot install package wireguard.

[brokenby2703]

Anybody solved it ?

I'm in the same position.

Thanks.
Paolo

[swwifty]

It looks like you need a more up to date kernel.

What does the output of `uname -r` show?

[LateParrot]

I'm dealing with a similar issue. Package management on a router was too good to be true as I've learned. These vpn packages need to be compiled into the rom for them to work properly. I'm working on an updated version of the "modem manager" firmware for the we826 that includes all the VPN packages. Rooter/Goldenorb is a dead end as their repos are never updated.

[uofa314]

Did anyone get this working? I just ordered a WE826GO-U router and planned to run Wireguard on it. I assumed that is possible since GoldenOrb is based on OpenWRT 18.06.7. However, I have never used GoldenOrb, so this will be my first time using it.

[uofa314]

Update: I ended up using the regular version of OpenWRT and then added packages for QMI and Wireguard.

[Time-Pilot]

Resurrecting this thread to see if anyone found a way to install Wireguard on ROOter?

I tried forcing the opkg instakk but that just bricked the router.

I like the modem status screens on ROOter but if there is something similar on OpenWRT snapshots I can try running those on my GL-X750.

[castrocomp]

Hoping there is some new revelations here, would like the The Wireless Haven build to stay in tact and just add Wireguard to it. Not really in the position to chance fresh build or base build install and then, want to keep it all as close to original with my other devices as possible since they are tried and tested.

[Didneywhorl]

Rooter is starting to be built on openWRT 19.07 so maybe so or soon.

[bigcache]

I try to integrate shadowsocks on R00ter but failed.

Use SS to avoid carrier's media streaming throttle.

[tetranz]

I'm also interested to hear of any news on this. i.e., Has anyone managed to get WireGuard working on the The Wireless Haven version of GoldenOrb?

I'm thinking of buying a WG3526-P with a EM7511 and I was hopping to do WireGuard on the WAN.

[BillA]

I haven't got a change to run WireGuard on GoldenOrb/WiFix since it requires the installation of extra packages and some tweaking. However, I connected my WG3526's LAN-1 to the WAN port of a GL-Inet Slate (GL-AR750S) which has WireGuard built in, it works great pushing around 50Mbps fully encrypted.

I'm thinking about picking up their new upcoming WiFi-6 router called the Flint (https://www.gl-inet.com/products/gl-ax1800/) with some really nice specs including WireGuard. WireGuard is about 6 times faster than OpenVPN and also has lower CPU requirements. However, all VPN's require some serious CPU power for the encryption/decryption process (otherwise it will be slow), and ZBT router thus far are not the best suited for the task. You may use any other regular router which has WireGuard built in (such as Asus or NetGear) behind a mobile router,

[tetranz]

Thanks Bill, yes, I was starting to think of doing much the same thing. i.e, running WireGuard on another separate router.

I've also lowered my requirements and cost a little in that I think a NEXQ6GO-U will suit me just fine so I'll shut down the Wi-Fi on that and use a GL-AR750S which I already have and run WireGuard on the GL. That will also give me 5 GHz Wi-Fi which I don't get with the NEXQ6GO-U. That will make it all pretty simple and tidy "out of the box" stuff. I guess it will result in another NAT but in my experience that doesn't really cause a problem or much performance cost.

By the way, I run WireGuard nicely in a Raspberry Pi tethering to a tablet or phone. The CPU never gets more than a few percent and the speed reduction is hardly noticeable. I use Windscribe as the service.

[Didneywhorl]

The latest builds of rooter and WiFiX have Wireguard built into the firmware.

[tetranz]

The latest builds of rooter and WiFiX have Wireguard built into the firmware.

Very cool. I guess that completely solves it. Thanks.

[BillA]

Very cool. I guess that completely solves it. Thanks.

I will have to test the WireGuard built into the latest GoldenOrb, however that still doesn't solve the lack of your WiFi 5G. And the GL-AR750S will probably give you a little better performance too.

[tetranz]

I will have to test the WireGuard built into the latest GoldenOrb, however that still doesn't solve the lack of your WiFi 5G. And the GL-AR750S will probably give you a little better performance too.

True although I changed my mind several times and finally decided to go with the WG3526-P and ordered it last night.

[tetranz]

The latest builds of rooter and WiFiX have Wireguard built into the firmware.

Where do I find that build? I recently bought a WG3526. It's running GoldenOrb_2021-02-20 which is the latest version on the WiFix Google drive but there is no sign of WireGuard.

Is there a later version which is not published? I know WireGuard was only added to the official GoldenOrb release this month.

[Adm1jtg]

I would also be intersted but as well interested in a basic changelog of whats been updated since the may 2020 build i am currently running.

Also differences between wifix which i am using and rooter, as rooter has a version dated 8-15-2021. Would personally rather stay with wifix as the support here is great but curious as to the differences

update: Looks like the main differnce in versions overall is changing openwrt version i think mine was 18.06, is the newest build based on 19.07 or 21.02 based?.

[hardlivinlow]

I would also be interested in the firmware build that has Wireguard in it. I'm currently on GoldenOrb_2021-02-20. Anybody find the new one yet?

[gscheb]

Would this wire guard help with visible throttle issue? Are there any blocking issues with wire guard? Like Netflix or etc?
No experience with wire guard here.

[Adm1jtg]

wireguard is a specific proticol used in VPN
so it will help as much as any vpn would help with visible.
In case your interested
https://www.wireguard.com

[Adm1jtg]

The latest builds of rooter and WiFiX have Wireguard built into the firmware.

Do you remember the post from way back where you showed a new status page that displayed sinr and such? Do either the new rooter build or the latest The Wireless Haven build we cannot find have this new status page implemented into them?

[gscheb]

Do you remember the post from way back where you showed a new status page that displayed sinr and such? Do either the new rooter build or the latest The Wireless Haven build we cannot find have this new status page implemented into them?

Not sure if you are talking about this below.
https://wirelessjoint.com/viewtopic.php?t=418

[Adm1jtg]

Not sure if you are talking about this below.
https://wirelessjoint.com/viewtopic.php?t=418

Yes thats what I was referring to last I heard it was not available in wifix builds for the wg3526 and I dont think there were even directions on how to port it into current wg3526 builds or I would have tried it

[Didneywhorl]

It's coming. The Wireless Haven is trying for sooner than later.

[Adm1jtg]

Well since trhis thread is also all about rooter do you know if rooter uses that interface or if their aug 15 build has the interface and/or wireguard implementation included.

[Didneywhorl]

All of the latest rooter builds have wireguard already included, that I have seen at least. I'd have to download it and check to be sure, but it wouldn't hurt to just flash it up and check. I've flashed my routers so many times, redoing the settings is almost done without thinking. lol

[Adm1jtg]

Well I dont like messing with my router to much as its my sole source of internet other then my phone, so I figure will let someone else flash and tell me if the interface is in there

[tetranz]

This might be a little off topic but what's really the difference between the WiFix version of GoldenOrb and the version from the Rooter project?

I assume the WiFix version has been tested and approved by The Wireless Haven but is there much risk in trying the later version?

Is the situation this:
This might not work so try at your own risk. The Wireless Haven can't help if it doesn't work but I can go back to the older official firmware.

OR is it closer to this:
This might brick the router.

If it's the first then I'm tempted to give it a go. I have a new WG3526-P which I'm not using yet. I don't have a modem in it yet but it works tethering to my phone on Visible.

I almost tried it earlier today but it prompted me to "force" it so I backed off. Is that normal? I know I have to uncheck the config.

I'm be very happy to see this working with WireGuard. I've been using WireGuard to Windscribe on a Raspberry Pi and the "cost" in speed is so small I see no reason not to run it all the time.

[Adm1jtg]

I have run in the past rooter, official pre builds of goldenorb and wifix all interchangeably. I do seem to recall there were some instances where I had to do the Full Factory Reset method where my router was put all the way back to its chinese boot and then load up the individual firmwares.

As far as the differences, and mind you my information is from a year ago:
Goldenorb is based on the most recent version of openwrt. Back then it was 19.x now I think current openwrt is 20.x
Again back then wifix was based on the openwrt version 18.x I think was 18.6 but dont hold me to that and rooter was also based on 18.x but i think that was 18.7

Minor differences. The Wireless Haven also had a different monitoring method then rooter for modems that had issues and it could reboot the router given a certain set of circumstances.

Also seem to remember goldenorb used something called modem manager and other builds didnt.

Will any of these brick your router? Worst case a soft brick, meaning you would potentually have to go into a factory install/reset with the chinese screen and reload firmware.

You will of course lose all custom settings going from one firmware to another. DO NOT EVER USE SAVED SETTINGS! Make sure that option is unchecked or you greatly increase the chances of the aforementioned soft brick.

The last difference between all the above is support. The wifix version is obviously suported here. The rooter and goldenorb versions are supported through a different forum hosted by whirlpool.

If you do load it up please let me know if the new status screen is included. There is a screenshot of what the new screen i am asking about looks like earlier in this thread

[tetranz]

Okay thanks. I might try it in the next day or two.

By "custom settings" you mean settings that I've edited, right? If i had to go back to a factory reset and reload the WiFix firmware, it would be back to how it was out of the box, right?

[Adm1jtg]

correct, even things like apn and ttl will need to be typed back in after a flash

[tetranz]

For what it's worth I tried the latest GoldenOrb from Rooter in my WG3526-P. It didn't quite work. Flashing the firmware went fine. I can login to the admin and see WireGuard in the VPN menu so it's tantalizingly close.

I'm still just tethering on USB. The usb0 port was appearing etc but I just couldn't get an internet connection on the LAN. I think some routing wasn't happening although the settings looked okay. There is also something not quite right because if I go to Network / Interfaces a popup appears saying how something is incompatible and to hit OK to convert it. That works in a few seconds and the list of interfaces looks good but I randomly have to repeat that process about every third time I hit interfaces.

I went back to the WiFIX 2021-02-20 version and everything works perfectly again. So ... I'm looking forward to a WiFix update. For now I'll be doing what Bill suggested earlier in this thread. i.e., using a GL.Net router running WireGuard and going into the LAN of the WG.

[Adm1jtg]

Did you happen to notice if the modem status page was the new graphical one that shows sinr?

[tetranz]

Did you happen to notice if the modem status page was the new graphical one that shows sinr?

No I didn't notice that, sorry. I probably wouldn't have seen it anyway since I'm only tethering from a phone.

[LoveMeSomeCALTE]

No experience with wire guard here.

In that case, check out tailscale. Makes WireGuard REALLY transparent.

[Didneywhorl]

Here is the latest: https://thewirelesshaven.com/nexp1go-latest-firmware

The name of the WG3526 is being changed to the NEXP1GO if purchasing from The Wireless Haven. Same router.

https://thewirelesshaven.com/nexq6go-firmware
WE826Q equivilent

[Adm1jtg]

but does it have the new status screen that displays SINR?

[Tuna8er]

When I tried to put GoldenOrb on one of my mofi4500 SIM7 V3 it started broadcasting a WiFix SSID, about 3-4 weeks ago, then bricked it. Used the WE-826 full T version. Beware!

[tetranz]

but does it have the new status screen that displays SINR?

Do you mean this? That's the latest firmware just announced above in my WG3526-P

Screen Shot 2021-09-15 at 11.05.42 PM.png

[tetranz]

Here is the latest: https://thewirelesshaven.com/nexp1go-latest-firmware

The name of the WG3526 is being changed to the NEXP1GO if purchasing from The Wireless Haven. Same router.

https://thewirelesshaven.com/nexq6go-firmware
WE826Q equivilent

Thanks, this was perfect timing. I was just setting up my new router for the first time.

I haven't managed to get WireGuard working yet. It seems to start and connect to the server (Windscribe) without errors but data doesn't flow. I'll do some more playing in the next few days but I'm interested to hear of others' experiences. For now I'm using a GL.iNet connected to the LAN.

[tetranz]

I haven't managed to get WireGuard working yet.

It was just DNS. When I run WireGuard it doesn't seem to be able to use the default DNS. I set custom DNS to 1.1.1.1 in the LAN interface and WireGuard is working great. This is very cool.

[Didneywhorl]

but does it have the new status screen that displays SINR?

Wasn't able to work out display bugs from using 4x4 MIMO modems. Still working on it.

[LTE_boi]

I have wireguard on my WG3526. What are the appropriate settings to route all my traffic through wireguard? I'm trying to get around Visible's 5 up/5 down speedlimit.

[tetranz]

I have wireguard on my WG3526. What are the appropriate settings to route all my traffic through wireguard? I'm trying to get around Visible's 5 up/5 down speedlimit.

I pretty much just used default settings. I service I use is Windscribe. They have a downloadable config file which I uploaded to my router. When I look at the setting in the Rooter admin which came from that file, there doesn't seem to be anything special set.

I'm not using Visible on the router but I have used WireGuard with Visible in a Raspberry Pi. See https://databurst.medium.com/adventures ... fd7bd92bf9
Note that the TTL setting is the primary thing to avoid the throttle on Visible. A VPN is really just a another level to avoid packet inspection or whatever.

[Adm1jtg]

Wasn't able to work out display bugs from using 4x4 MIMO modems. Still working on it.

Would you be willing to post the needed update files with directions on how to apply them so I could test it myself? I am only on a 2x2 mimo with an ep06-a modem so while you cant get it to work for ALL wg3526 configs might just work fine with mine

EDIT: nevermind apparently you cant upgrade the wifix 5-16-2020 version to this version.

The uploaded image file does not contain a supported format. Make sure that you choose the generic image format for your platform.

Not willing to do a full factory reset to chinese firmware and load it that way. Way to much work for very little gain atm.

[LTE_boi]

Note that the TTL setting is the primary thing to avoid the throttle on Visible. A VPN is really just a another level to avoid packet inspection or whatever.

Right, but I've noticed that each time I change it, I am only able to buy myself a few hours of unthrottled speeds. Are you familiar with how to schedule a task so that the TTL value will change for example every hour? Or perhaps you've had better luck with some particular settings where you don't run into this issue? Any input is really appreciated

[Didneywhorl]

Would you be willing to post the needed update files with directions on how to apply them so I could test it myself? I am only on a 2x2 mimo with an ep06-a modem so while you cant get it to work for ALL wg3526 configs might just work fine with mine

EDIT: nevermind apparently you cant upgrade the wifix 5-16-2020 version to this version.

The uploaded image file does not contain a supported format. Make sure that you choose the generic image format for your platform.

Not willing to do a full factory reset to chinese firmware and load it that way. Way to much work for very little gain atm.

Many times when updating to a higher, or lower, linux kernel it wont take unless you use the firmware recovery method / bootloader. I do it all the time, it's no harm or hassle in my experience.

[tetranz]

Right, but I've noticed that each time I change it, I am only able to buy myself a few hours of unthrottled speeds. Are you familiar with how to schedule a task so that the TTL value will change for example every hour? Or perhaps you've had better luck with some particular settings where you don't run into this issue? Any input is really appreciated

I don't really have any particular wisdom on this, sorry. All I can say is that I can tether from my Moto G Power phone on Visible to the Raspberry Pi running WireGuard and TTL 65 and have never seen the 5 Mbps throttle except when I had the TTL at something other than 65. I haven't used it for hours at a time recently although I was doing that a few months ago.

After reading of people's trouble with this yesterday I ran it for maybe two hours and it was still good. That's not to say it's always fast. It's usually about 20 but sometimes it's less than 5. It's obvious when the throttle happens because after a few seconds it averages to almost exactly 5. I'm in a pretty good signal area for Visible. Often it's really good. I've seen 90 Mbps while using WireGuard.

Now that I have my nice new router I probably won't be tethering the phone much but I'm thinking of getting a Visible SIM for the router. I'm currently testing Net10 on AT&T. It's for my RV and I don't need it all the time but $25 per month is maybe low enough to keep permanently so it's ready to go at a moment's notice. I guess I'll see how it works out. Net10 is going great. It's $50 and I've heard that it unofficially maxes out at 200 GB in the month. I'm getting about 40 Mbps on the router with WireGuard.

[LTE_boi]

What wireguard settings are you using?

[tetranz]

What wireguard settings are you using?

There's almost no settings to set. I just use the config file I download from Windscribe. It's basically just the keys and endpoint IP address etc.

[Adm1jtg]

Many times when updating to a higher, or lower, linux kernel it wont take unless you use the firmware recovery method / bootloader. I do it all the time, it's no harm or hassle in my experience.

Oh I know I probably did it a dozen times a year or 2 ago when I was first setting things up, but I noticed this file is "upgrade", typically when changing versions dont you need the non upgrade version?

Example the feb version filename is:
openwrt-WiFiX-WG3526-GO2021-02-20-19076.bin
no upgrade in its name

The one you linked is named:
WiFiX-NEXP1GO-GO2021-09-11-upgrade.bin

I dont believe you can load an upgrade version clean/factory style and I cant load it on top of my old version. I am betting I would need to load the feb 2021 version then do the upgrade version on top of it.

That is unless you have a link to the non upgrade version of the latest version firmware.

I am posting this mostly to try and help others avoid issues, more then as an issue that I personally need resolved. In all the lede and openwrt I have done in the past there are always 2 versions an upgrade version for updating a client and a "full" or non upgrade version for clean or first time installs.

Is this the same for goldenorb? As the above naming of files implies there should be a non upgrade version somewhere used for "clean installs"

[tetranz]

Here's an update on using WireGuard in a WG3526 / NEXP1GO with an EM7565 and the latest firmware.

It's generally working great for me. I have it set to start on boot but the one issue I have is that it doesn't survive an ungraceful shutdown. If I simply cycle the power off and then on again, everything seems to restart but I have no internet connection on the LAN until I go into Network / Interfaces and restart WG0. That seems to work consistently but it's a bit of a pain since this is installed in my RV, often running on the house batteries where I really need a convenient way to switch it off when I don't need it.

The only recycle that seems to work reliably is doing a graceful System Stop from the menu and then a power cycle. Reboot from the menu doesn't usually work without manually restarting WG0.

I'm looking for suggestions on how to avoid or at least minimize this. A bandaid would be a script that restarts WG0 a few minutes after boot. Another would be some sort of UPS which connects view SSH and does a graceful shutdown.

Could someone please tell me what the recommended CLI command is to do the same as restart WG0 from the menu.

EDIT next day: The last few power cycles and reboots have worked well so maybe this is not as bad as it seemed at first.

[tetranz]

This seems like a good place to continue with another update.

Restarts are not working well. It took me a while to figure it out but I finally know what's happening. It's a common problem with WireGuard on routers with no battery backed real time clock.

You can set WireGuard to start on boot but if you power the router off and on again, WireGuard will fail to reconnect. This is because WireGuard requires timestamps to be monotonic which means time always has to move forward. It's a security measure to prevent replay attacks.

I think we need it configured so that NTP time syncs go direct to the WAN, not via WireGuard. That would fix the problem. Another way would be to delay starting WireGuard until we have a good NTP sync. I'm researching this but unfortunately I'm not yet really skilled enough with iptables and/or OpenWRT / Rooter / WiFix configuration to figure out how to fix this.

This was getting quite frustrating but I feel better now that I know what's causing it. It is a significant problem, especially in a situation like an RV where it's quite common to simply switch things off to save battery power so I hope we can find a solution.

[LoveMeSomeCALTE]

Using systemd you can setup dependencies so that the NTP daemon is started before WireGuard, or you can be even more careful and insert your own shell script based daemon as a dependency before WireGuard that checks timestamp for monotonicity.

[tetranz]

Yeah I'm trying to find my way around the internals of OpenWRT / Busybox which is easier said than done when I'm no expert on this stuff. You mention systemd but doesn't it use procd?

Something I did which I think gets me one step closer is I installed an NTP server on my WireGuard server. That was very easy using chrony. That's always available regardless of whether or not WireGuard has connected. I can now do this any time to fix the problem where x.x.x.x is my WireGuard server endpoint.

ntpd -q -p x.x.x.x

I'm still not quite there because I need to figure out where to run that. I might be wrong but I'm not sure it's quite as simple as getting the dependencies right. I'm looking at the hotplug framework that procd provides to respond to events but I don't really see an appropriate event. Running it before WireGuard starts is not probably not useful because that's probably before we have an LTE connection. I think it really needs to happen when, or shortly after, the modem connects regardless of whether or not WireGuard has started.

I think a good test to detect this is to try pinging my WireGuard server internal address, 192.168.100.1 in my case. If I can't ping that but I can ping its public address then it means that the LTE is connected but WireGuard is not working so I need to sync time using the NTP server at that public address. I've tested that manually a few times and seems to be reliable and doesn't involved any service that I don't control. I'm going to try to write a script to do that and run it on cron but only run while up time is less than about 5 minutes.

I'm obviously not the first to face this issue but I haven't found an easy to follow "canned" solution yet.

[tetranz]

I think I have a reasonable solution to this:

Here's my script. I'm no expert at (b)ash so I'm sure this is not perfect but it seems to work. It assumes that the WireGuard server remote endpoint is also an NTP server. This is very simple to do (at least on Ubuntu) by installing something like chrony.

Code: Select all

#!/bin/ash

if [ $# -ne 2 ]; then
  cat <<EOF
Usage: ntp-sync-for-wg <private-ip> <public-ip>

private-ip is the internal private IP address of the WireGuard server.
public-ip is the public endpoint IP address of the WireGuard server.
It is assumed that a NTP server is also available at the public address.

EOF
  exit 1
fi

# Get up time as an integer.
uptime=$(cat /proc/uptime | cut -d ' ' -f 1)
uptime=$(echo $uptime | cut -d '.' -f 1)

if [[ $uptime -gt 600 ]]; then
  # After 10 minutes we've either successfully reconnected or failed. Let's not ping needlessly forever.
  exit 0
fi

pingtest () {
  ping -c 1 -W 5 $1 > /dev/null
}


# Ping the WireGuard server's private internal address.
pingtest $1
if [ $? -eq 0 ]; then
# Success so nothing to do.
  exit 0
fi

# Ping the WireGuard server's public endpoint address.
pingtest $2
if [ $? -ne 0 ]; then
# Failed so nothing we can do. We probably don't have an internet connection.
  exit 0
fi

# A time sync will probably fix it.
ntpd -q -p $2

I have this saved in a file ntp-sync-for-wg.sh in /root/scripts and run it once per minute by adding this to crontab.

Code: Select all

* * * * * /root/scripts/ntp-sync-for-wg.sh 192.168.100.1 x.x.x.x

192.168.100.1 is the WireGuard server's internal address.
x.x.x.x is the WireGuard server's public endpoint address.

After 10 minutes, it does nothing except check the up time so hopefully it's not a burden running every minute. In practice the date is set almost the instant the modem connects so it probably doesn't need anything like 10 minutes / 600 seconds.

[LoveMeSomeCALTE]

I'm currently testing Net10 on AT&T. It's for my RV and I don't need it all the time but $25 per month is maybe low enough to keep permanently so it's ready to go at a moment's notice. I guess I'll see how it works out. Net10 is going great. It's $50 and I've heard that it unofficially maxes out at 200 GB in the month. I'm getting about 40 Mbps on the router with WireGuard.

That's impressive.

Is the Net10/AT&T plan $25 per month or $50 per month?

[tetranz]

That's impressive.

Is the Net10/AT&T plan $25 per month or $50 per month?

It's $50 https://www.net10wireless.com/serviceplan. Sorry, I might have been a bit ambiguous there. I've been testing the new router / modem / WireGuard setup with Net10. I only need it when I'm in the RV so I don't want to pay $50 every month but, as an alternative $25, Visible is low enough I might keep it all the time.

Net10 is still working well. The month ends this week. I'm going to try Page Plus on Verizon next as a comparison. I think that's also $50 and unofficially 200 GB. They're both Tracfone. I guess I could have tried the Verizon version of Net10 because I think that and Page Plus are effectively the same thing. I also have the $20 AT&T postpaid tablet plan actually in a tablet which I guess I could put in the router but it's quite convenient to keep in the tablet. I run that with WireGuard too via a Raspberry Pi https://databurst.medium.com/adventures ... fd7bd92bf9. I think I'll keep that in the RV as a backup in case something happens to the router/modem.

[LoveMeSomeCALTE]

It's $50 https://www.net10wireless.com/serviceplan. Sorry, I might have been a bit ambiguous there. I've been testing the new router / modem / WireGuard setup with Net10. I only need it when I'm in the RV so I don't want to pay $50 every month but, as an alternative $25, Visible is low enough I might keep it all the time.

Net10 is still working well. The month ends this week. I'm going to try Page Plus on Verizon next as a comparison

Have you tried SimpleMobile? Don't use it in the modem but you can use in the phone:

https://wirelessjoint.com/viewtopic.php?f=32 ... =10#p10737

or CricketWireless

https://wirelessjoint.com/viewtopic.php?f=32&t=1556

I also have the $20 AT&T postpaid tablet plan actually in a tablet which I guess I could put in the router but it's quite convenient to keep in the tablet

Nice, I would be interested in your feedback for this postpaid tablet plan at https://wirelessjoint.com/viewtopic.php?f=32&t=2955

[tetranz]

I haven't tried Simple Mobile. I think they're T-Mobile. The Poynting antenna on my RV doesn't do band 71 so I've been sticking with AT&T and Verizon. I haven't tried it but I guess Cricket is certainly an option.

[mtl26637]

Simple Mobile is T-Mobile. They also work in other devices than phones. Think their unlimited plan is around the $50 mark. Not sure exact devices they work in but I've moved mine around quite a few times. They use their own APN portal "simple" but I don't care for the extra MVNO hops or any of 'tracfone' APN's for that matter so just use the real carriers APN instead, .

[tetranz]

Another update in case this is useful for anyone. I'm still messing around trying to get the perfect startup script. It's a frustratingly simple but somewhat tricky to solve problem.

The script I published at https://wirelessjoint.com/viewtopic.php?f=8& ... =50#p22004 has been working well but it depends on running my own WireGuard server which also runs a NTP server. That part is easy and inexpensive if you know how but maybe not ideal. I have my server on a $5/month host at DigitalOcean and, probably to be expected, I've run into quite a few roadblocks while general web browsing with the IP address blocked. I think it's mostly CloudFlare's CDN which blocks these cheap cloud servers, probably because they think I might be a bad 'bot.

So ... I've gone back to Windscribe but I still need to deal with WireGuard's monotonic time requirement on a router without a battery backed RTC. An easy trick that I read elsewhere is to simply set the time at boot to something way in the future. That generally works but I've found that sometimes I still need to restart wg0 and sometimes it connects but the time stays wrong. I want the logs to have the right time.

Here's another attempt at a script for this. So far this hasn't failed once on Windscribe rebooting with the three different methods I know how to reboot. i.e., reboot from the menu, shutdown from the menu and power on/off and simply power on/off while it's running.

The following is a file /root/scripts/wg0-test-restart.sh

Code: Select all

#!/bin/ash

# Add the following to /etc/rc.local.
# date --set=2030-01-01

# Get up time as an integer.
uptime=$(cat /proc/uptime | cut -d ' ' -f 1)
uptime=$(echo $uptime | cut -d '.' -f 1)

if [[ $uptime -lt 240 ]]; then
  # Wait a few minutes for the the normal boot and connect process to run.
  exit 0
fi

if [[ $uptime -gt 600 ]]; then
  # After 10 minutes we've either successfully reconnected or failed. Avoid unnecessary pinging. 
  exit 0
fi

pingtest () {
  logger -p notice -t tag wg0-test-restart.sh "ping test $1."
  ping -c 1 -W 5 $1 > /dev/null
}

timesync () {
  logger -p notice -t tag wg0-test-restart.sh "Time sync."
  ntpd -q -p 0.openwrt.pool.ntp.org -p 1.openwrt.pool.ntp.org -p 2.openwrt.pool.ntp.org -p 3.openwrt.pool.ntp.org
}

restart_interface() {
  logger -p notice -t tag wg0-test-restart.sh "Restarting $1."
  ifdown $1 && sleep 3 && ifup $1
}

pingtest 1.1.1.1

if [ $? -eq 0 ]; then
  # Ping was successful.

  if [[ $(date +%Y) -eq 2030 ]]; then
    # Time is still wrong.
    timesync
  fi

  exit 0
fi

# Ping failed.
restart_interface wg0
timesync

Scheduled tasks has the following so it runs once per minute.

Code: Select all

* * * * * /root/scripts/wg0-test-restart.sh

Make sure to add the following to /etc/rc.local

Code: Select all

date --set=2030-01-01

[chuyeu123]

Hello,

May I ask how do you guys configured your firewall or routes so that my traffic go through wireguard? In the firewall setting I said forward wan port to wireguard then wireless/lan but all my traffic still unfiltered. I hope someone would please be kind forward me to the right direction.

Thank you all so much

[tetranz]

I didn't need to do anything on my firewall. I think I'm basically using default settings and WireGuard just works.

The only things I needed to change were:

* Set a custom DNS in the LAN interface. I use Cloudflare's 1.1.1.1.
* Set the modem to only do IPv4. See https://wirelessjoint.com/viewtopic.php ... ard#p22631
* Use the script I published above to help WireGuard reconnect after a reboot.

I run permanently through Windscribe.

[Dude4Linux]

After upgrading my router to the latest version of WiFiX I found that WireGuard was available as a VPN option.
Hostname WiFiX
Model WiFiX NEXP1GO
Architecture MediaTek MT7621 ver:1 eco:3
Firmware Version GoldenOrb_2021-09-11
Kernel Version 5.4.124

Changes I made:
* Enabled NTP time sync using the default servers
* Enabled Connection monitoring with restart LTE modem if the connection is lost
* Imported client config file generated by my wireguard server running on Home Assistant

My use case is different in that I only start the wireguard connection when I need access to my home network. I don't use this full time because the network speeds are greatly reduced. I don't have the connection set to restart on boot so I haven't experienced any problems with reboots.

Now I'm trying to setup WireGuard as a server so I can remotely connect to my RV's network. Home Assistant has a nifty way to generate a client config file along with a QR encoded version for smartphones. The WiFiX gui allows you to create a server configuration and associated clients. Save and Apply modifies the Luci config file in /etc/config/wireguard, but the GENERATE CONF FILES button doesn't seem to do anything. Is this a feature still under development?

[Didneywhorl]

... but the GENERATE CONF FILES button doesn't seem to do anything. Is this a feature still under development?

I need to spend more time on the VPN stuff myself. I don't know the answer to that. I'll have to ask the Goldenorb guys.

[Dude4Linux]

After analyzing the code in /usr/lib/wirequard, I found the desired config file in /www/package/wg.conf and wgconf.tar.gz which are created by conf.sh.
I had to edit the wg.conf file to get my android phone to accept it (lines beginning with '---' need to be commented). Although the phone attempts to connect to the wireguard server there is no response. I have to check to see if the firewall settings are correct.