WireGuard automated installer | Ubuntu, Debian, CentOS, Fedora

245

Comments

  • @sonic said:

    With that said, with WireGuard the DNS configuration is directly in the client.conf file, so you can easily configure 10.0.7.1 which is the server address.

    @sonic said: It would be great if you included Unbound on this script

    Would you want the script to set up a recursor, or to integrate with an already running one? The second is very easy, read my comment just above this.

    Cloudflare DNS is good and no logging policy so it's OK to use them. Great option for small VPS!
    Unbound DNS is lightweight, I would go with unbound if my VPS had more than 512 MB RAM

    I guess what he want is ADBlocker DNS. You c> @sonic said:

    With that said, with WireGuard the DNS configuration is directly in the client.conf file, so you can easily configure 10.0.7.1 which is the server address.

    @sonic said: It would be great if you included Unbound on this script

    Would you want the script to set up a recursor, or to integrate with an already running one? The second is very easy, read my comment just above this.

    Cloudflare DNS is good and no logging policy so it's OK to use them. Great option for small VPS!
    Unbound DNS is lightweight, I would go with unbound if my VPS had more than 512 MB RAM

    One of the main reason I use vpn is that blocking ads through pihole.

    Action and Reaction in history

  • @elliotc said:

    @sonic said:

    With that said, with WireGuard the DNS configuration is directly in the client.conf file, so you can easily configure 10.0.7.1 which is the server address.

    @sonic said: It would be great if you included Unbound on this script

    Would you want the script to set up a recursor, or to integrate with an already running one? The second is very easy, read my comment just above this.

    Cloudflare DNS is good and no logging policy so it's OK to use them. Great option for small VPS!
    Unbound DNS is lightweight, I would go with unbound if my VPS had more than 512 MB RAM

    I guess what he want is ADBlocker DNS. You c> @sonic said:

    With that said, with WireGuard the DNS configuration is directly in the client.conf file, so you can easily configure 10.0.7.1 which is the server address.

    @sonic said: It would be great if you included Unbound on this script

    Would you want the script to set up a recursor, or to integrate with an already running one? The second is very easy, read my comment just above this.

    Cloudflare DNS is good and no logging policy so it's OK to use them. Great option for small VPS!
    Unbound DNS is lightweight, I would go with unbound if my VPS had more than 512 MB RAM

    One of the main reason I use vpn is that blocking ads through pihole.

    My current setup: Wireguard + Unbound + Pihole and Adguard chrome extension (for blocking Youtube ads)

  • @elliotc said:

    One of the main reason I use vpn is that blocking ads through pihole.

    The installer includes an AdGuard option, not the same as Pi-hole but similar results.

  • iandkiandk Hosting ProviderOG

    Is there a way to access the clients via their hostname and the .local domain?
    Let's say I have both my PC and PI connected and I'd like to access the pi via it's hostname and the .local subdomain.

  • @iandk said:
    Is there a way to access the clients via their hostname and the .local domain?
    Let's say I have both my PC and PI connected and I'd like to access the pi via it's hostname and the .local subdomain.

    You'd need to be running a DNS server for that.

  • Finally! :+1:
    Thank you so much for your work!

    Thanked by (1)Ympker

    Amitz, a very stable genius (it's true!) and Grand Rectumfier of the official LESLOS® (LES League of Shitposters).
    Certified braindead since 1974 and still perfectly happy.

  • Can this and your OpenVPN script be configured side by side?

  • @berkay said: Can this and your OpenVPN script be configured side by side?

    Of course!

    Thanked by (2)berkay vimalware
  • cybertechcybertech OGBenchmark King

    What speeds are you getting on wireguard and how did you speed it up?

    I bench YABS 24/7/365 unless it's a leap year.

  • For me, wireguard seems to be much efficient than openvpn. I am using wireguard over 6 months now and main attraction for me is being energy friendly on mobile. It does not keep connection open so less battery drain. But no noticeable difference in ux.

  • @Iroshan464 said:
    For me, wireguard seems to be much efficient than openvpn. I am using wireguard over 6 months now and main attraction for me is being energy friendly on mobile. It does not keep connection open so less battery drain. But no noticeable difference in ux.

    On Android?

  • @berkay said:

    @Iroshan464 said:
    For me, wireguard seems to be much efficient than openvpn. I am using wireguard over 6 months now and main attraction for me is being energy friendly on mobile. It does not keep connection open so less battery drain. But no noticeable difference in ux.

    On Android?

    Yep

  • And seamless switching between wifi and mobile data.

    Thanked by (1)vimalware
  • What a sad situation that I had been so busy with work

    @cybertech said: What speeds are you getting on wireguard and how did you speed it up?

    To be honest no idea, I am so overworked lately that haven't used a WireGuard client yet in my personal devices.

    Others report better speeds than OpenVPN and the protocol is certainly more efficient. If you are getting very low speeds that could be caused by MTU problems, but other than that there isn't much to be done by the end user to improve speeds. Just use a server in a quality network.

    @Iroshan464 said: energy friendly on mobile

    What client are you using? I'm on Shadowsocks currently which probably is as efficient as you can get, but I'm planing the switch to WireGuard in the near future.

  • @Nyr
    I'm using the official client. However, using the magisk wireguard module too. Not sure whether it makes a difference.

  • Anyone know Wireguard client for Ubuntu Desktop? I'm using command-line version, it works but it isnt as good as Windows desktop verison.

  • @Nyr said: What a sad situation that I had been so busy with work

    I didn't intend to send that half-prase lol, it sounds so edgy. I'm fine, not sad!

    @sonic said: Anyone know Wireguard client for Ubuntu Desktop? I'm using command-line version, it works but it isnt as good as Windows desktop verison.

    https://github.com/corrad1nho/qomui

    I have no idea about how good it is, I don't use Linux on the desktop.

  • Thanks for your script!
    It works flawlessly.
    Not much usage because the server from US when i'm in Asia :/

  • Does the script assume iptables(-legacy) to be present/default? (Wondering if I should try it on a Debian 10 VPS using nftables actively.) :)

  • @flips said: Does the script assume iptables(-legacy) to be present/default? (Wondering if I should try it on a Debian 10 VPS using nftables actively.)

    As long as you have the iptables-nft compatibility layer (which is there by default) you're good to go.

    Thanked by (1)flips
  • mobilemobile Retired

    in openvpn you can just put
    pull-filter ignore redirect-gateway
    to make the client doesn't route everything and it just a spawn tun0 interface that connected to the private network. so i got more flexibility to explicitly define which traffic will use VPN. if i don't tell it, then it won't get routed by default

    can wireguard do the same?

  • @mobile said:
    in openvpn you can just put
    pull-filter ignore redirect-gateway
    to make the client doesn't route everything and it just a spawn tun0 interface that connected to the private network. so i got more flexibility to explicitly define which traffic will use VPN. if i don't tell it, then it won't get routed by default

    can wireguard do the same?

    Wireguard does that all on the client side under AllowedIPs in the config. I haven't looked at Nyr's script yet, but I assume his default would be to push all traffic over it 0.0.0.0/0, ::/0 (v4 & v6). You'd just take those out and specify the routes you want to go over the VPN - 12.24.44.66/24, 195.54.77.88/32 etc

    Just made sure you leave the wireguard internal network range in the AllowedIPs section (the /24 & /64 - most likely - that is specified in the config)

    Thanked by (1)mobile

    🦍🍌

  • mobilemobile Retired

    @Harambe said:
    (...)
    Wireguard does that all on the client side under AllowedIPs in the config. I haven't looked at Nyr's script yet, but I assume his default would be to push all traffic over it 0.0.0.0/0, ::/0 (v4 & v6). You'd just take those out and specify the routes you want to go over the VPN - 12.24.44.66/24, 195.54.77.88/32 etc

    Just made sure you leave the wireguard internal network range in the AllowedIPs section (the /24 & /64 - most likely - that is specified in the config)

    great, will look into this. i also need to alter the script to use filtered quad9 dns too :lol:

  • @mobile no need to change the script.
    Only the client conf file.

  • great, will look into this

    Exactly as @Harambe said. You just need to alter the AllowedIPs directive in the client configuration to whatever you want.

    @mobile said: i also need to alter the script to use filtered quad9 dns too

    I'll probably include that option in the near future but again, you can just replace the DNS IP in the client configuration file :)

  • I'll wait for the angry-pakistan fork. Probably more secure. jk

    Thanks for this @Nyr! Been using your openvpn script since forever.

  • That repository is based on Angristan+l-n-s, both of them are forks of my original work and the author is either unaware or trying to hide that fact. But whatever it is, my original copyright is not being respected. I will not go into the technical part of the scripts here, already did that over at LET in case you are interested, but his repo is forked from Angristan so to put it short I'd suggest not to waste your time.

    Yes, this person stole multiple people's work and didn't credit anyone for a long time. Moreover, they seem to like insulting others in GitHub issues, so I advise to stay away from them. (I had to block them on GitHub).

    That being said, https://github.com/angristan/wireguard-install is not a fork, it's something I made from scratch starting a year ago.

    Cheers,

    Stanislas

  • NyrNyr OG
    edited May 2020

    @angristan said: That being said, https://github.com/angristan/wireguard-install is not a fork, it's something I made from scratch starting a year ago.

    complexorganizations copied small parts from angristan/openvpn-install (not only angristan/wireguard-install) and bigger parts from the l-n-s/wireguard-install project, both of which are based on my work. No one claimed that your wireguard-install is a fork of my work.

    Thanked by (1)vimalware
  • This script will not work on a cheapo OpenVZ VPS. You cannot install the linux Wireguard module on a cheapo OpenVZ VPS.

    Instead, what you need to do is to use wireguard-go (this is an userland implementation of Wireguard). And I have got fairly good results from using wireguard-go on a cheapo OpenVZ VPS -- I would say it works better than OpenVPN on a cheapo OpenVZ VPS.

  • @timsan said:
    This script will not work on a cheapo OpenVZ VPS. You cannot install the linux Wireguard module on a cheapo OpenVZ VPS.

    Instead, what you need to do is to use wireguard-go (this is an userland implementation of Wireguard). And I have got fairly good results from using wireguard-go on a cheapo OpenVZ VPS -- I would say it works better than OpenVPN on a cheapo OpenVZ VPS.

    Already mentioned in the first post, OpenVZ support is coming very soon.

    Thanked by (2)kuroneko23 allendiggity
Sign In or Register to comment.