Does it work with other container technologies?
Very likely, as long as they have full iptables/nftables support.
Does it work with just 128 MB of RAM?
Yes but avoid CentOS if you don't have SWAP, because yum/dnf are memory hungry.
Does it work with NAT servers?
Yes.
Why are you using BoringTun instead of wireguard-go?
It is the best WireGuard user space implementation currently available. I have my "political" opinions and you can too, but at this time BoringTun is technically a great choice and I see no reason to avoid it.
Why aren't you signing the binaries?
Because Cloudflare is not going to, and when they make them available I'd like to use their official binaries instead of my own. They are a modern company with great engineers for new and shiny languages, but it seems like GPG is too old school for them. My initial idea was to provide full deb and rpm repositories for the community, but that ended up being an unattainable ammount of work if I wanted to do it properly.
Code quality could be better/cleaner
That's not a question, but I know. I wanted to get working OpenVZ support out and then polish the minor stuff. I have a limited amount of time available and the implementation is working correctly, so no need to wait.
@Nyr said:
My initial idea was to provide full deb and rpm repositories for the community, but that ended up being an unattainable ammount of work if I wanted to do it properly.
I am genuinely curious about what challenges did you face that made you to reject the idea? Is it the hosting the repo or building the rpm (or both)?
Currently, I am interested to learn RPM ecology. If you think it will be worthy, I am happy to invest some of my time to (try) maintain atleast RPM of it.
@PHP_Backend said: I am genuinely curious about what challenges did you face that made you to reject the idea? Is it the hosting the repo or building the rpm (or both)?
Currently, I am interested to learn RPM ecology. If you think it will be worthy, I am happy to invest some of my time to maintain atleast RPM of it.
Packaging a .deb or .rpm is very easy and Rust some some pretty nice third party tools for it, but there are lots of details to do it properly, I did read some of the Debian documentation as I'm mainly a Debian guy and estimated that I'd need about 100 hours to get comfortable enough with .deb + RPM packaging and hosting. Hosting the repos itself is also non-trivial, there are third party solutions but what I researched was either expensive, unreliable in the long term or lacked important features for me. I spend like a day researching and it was just too much work.
It was just not worth the effort in my opinion, I'm happy with the current implementation and it gives me freedom to support new distributions easily, instead of learning their packaging systems and maintaining multiple repositories up to date.
I appreciate your offer but at this time the current solution is looking good enough to me. If WireGuard keeps getting popular, I hope that mid-term the distributions will provide official packages for this.
@Nyr said:
My initial idea was to provide full deb and rpm repositories for the community, but that ended up being an unattainable ammount of work if I wanted to do it properly.
I am genuinely curious about what challenges did you face that made you to reject the idea? Is it the hosting the repo or building the rpm (or both)?
Currently, I am interested to learn RPM ecology. If you think it will be worthy, I am happy to invest some of my time to (try) maintain atleast RPM of it.
Are we talking about packaging BoringTun for the RH ecosystem?
Yes, but there are no guarantees from the maintainer. In fact, the copr is already outdated. I want to maintain this script long-term so unofficial solutions most of the time will not work. I considered maintaining my own PPA + copr but decided against it.
@FlamingSpaceJunk said: Alternately, there is Open Build Service (OBS) which will build repos for lots of things.
I also considered Gemfury and Cloudmith, but ended up discarding them. The current approach is good enough, flexible for me and easy to maintain. When Cloudflare publishes their official binaries, I'll be able to use them directly. After all BoringTun is just that, a binary with no dependencies or anything.
● [email protected] - WireGuard via wg-quick(8) for wg0
Loaded: loaded (/usr/lib/systemd/system/[email protected]; enabled; vendor preset: disabled)
Drop-In: /etc/systemd/system/[email protected]
└─boringtun.conf
Active: failed (Result: exit-code) since Tue 2020-05-19 05:37:32 UTC; 1min 42s ago
Docs: man:wg-quick(8)
man:wg(8)
https://www.wireguard.com/
https://www.wireguard.com/quickstart/
https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8
https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8
Process: 413 ExecStart=/usr/bin/wg-quick up %i (code=exited, status=1/FAILURE)
Main PID: 413 (code=exited, status=1/FAILURE)
May 19 05:37:32 au1 wg-quick[413]: BoringTun started successfully
May 19 05:37:32 au1 wg-quick[413]: [#] wg setconf wg0 /dev/fd/63
May 19 05:37:32 au1 wg-quick[413]: Unable to modify interface: Protocol not supported
May 19 05:37:32 au1 wg-quick[413]: Unable to access interface: Protocol not supported
May 19 05:37:32 au1 wg-quick[413]: [#] ip link delete dev wg0
May 19 05:37:32 au1 wg-quick[413]: Cannot find device "wg0"
May 19 05:37:32 au1 systemd[1]: [email protected]: main process exited, code=exited, status=1/FAILURE
May 19 05:37:32 au1 systemd[1]: Failed to start WireGuard via wg-quick(8) for wg0.
May 19 05:37:32 au1 systemd[1]: Unit [email protected] entered failed state.
May 19 05:37:32 au1 systemd[1]: [email protected] failed.
Can you please provide the full installation log?
Run the boringtun-upgrade command, what's the output?
Is TUN enabled and working?
Edit /etc/systemd/system/[email protected]/boringtun.conf, add a line containing Environment=WG_LOG_LEVEL=debug and try running systemctl start [email protected].
Also there are two MrVM locations in Australia. I can buy a container there to see what's going on, but need to know which one is having issues.
I don't know where to find the installation log but here all things that show up when I install it
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.ventraip.net.au
* extras: mirror.ventraip.net.au
* updates: mirror.ventraip.net.au Resolving Dependencies
--> Running transaction check ---> Package epel-release.noarch 0:7-11 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================================
Package Arch Version Repository Size
================================================================================================
Installing:
epel-release noarch 7-11 extras 15 k
Transaction Summary
================================================================================================
Install 1 Package
Total download size: 15 k
Installed size: 24 k
Downloading packages:
epel-release-7-11.noarch.rpm | 15 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : epel-release-7-11.noarch 1/1
Verifying : epel-release-7-11.noarch 1/1
Installed:
epel-release.noarch 0:7-11
Complete!
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
epel/x86_64/metalink | 4.0 kB 00:00:00
* base: mirror.ventraip.net.au
* epel: fedora.melbourneitmirror.net
* extras: mirror.ventraip.net.au
* updates: mirror.ventraip.net.au
epel | 4.7 kB 00:00:00
(1/3): epel/x86_64/group_gz | 95 kB 00:00:00
epel/x86_64/updateinfo FAILED
http://mirror.intergrid.com.au/epel/7/x86_64/repodata/297d60bc23dd0015e81acfdf880411654a0c7a9e81f396b007ed6091c1d21ae0-updateinfo.xml.bz2: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
To address this issue please refer to the below wiki article
https://wiki.centos.org/yum-errors
If above article doesn't help to resolve this issue please use https://bugs.centos.org/.
(2/3): epel/x86_64/updateinfo | 1.0 MB 00:00:00
epel/x86_64/primary_db FAILED
https://epel.mirror.digitalpacific.com.au/7/x86_64/repodata/7a566c24c011e3a37db6980a077f058bb72ffc678028e7b0cc354de4e8f9be93-primary.sqlite.bz2: [Errno 14] HTTPS Error 404 - Not Found
Trying other mirror.
(3/3): epel/x86_64/primary_db | 6.8 MB 00:00:00
Package ca-certificates-2019.2.32-76.el7_7.noarch already installed and latest version
Package 2:tar-1.26-35.el7.x86_64 already installed and latest version
Package cronie-1.4.11-23.el7.x86_64 already installed and latest version
Resolving Dependencies
--> Running transaction check
---> Package qrencode.x86_64 0:3.4.1-3.el7 will be installed
--> Processing Dependency: libpng15.so.15(PNG15_0)(64bit) for package: qrencode-3.4.1-3.el7.x86_64
--> Processing Dependency: libpng15.so.15()(64bit) for package: qrencode-3.4.1-3.el7.x86_64
---> Package wireguard-tools.x86_64 0:1.0.20200319-1.el7 will be installed
--> Processing Dependency: /usr/bin/python3 for package: wireguard-tools-1.0.20200319-1.el7.x86_64
--> Running transaction check
---> Package libpng.x86_64 2:1.5.13-7.el7_2 will be installed
---> Package python3.x86_64 0:3.6.8-13.el7 will be installed
--> Processing Dependency: python3-libs(x86-64) = 3.6.8-13.el7 for package: python3-3.6.8-13.el7.x86_64
--> Processing Dependency: python3-setuptools for package: python3-3.6.8-13.el7.x86_64
--> Processing Dependency: python3-pip for package: python3-3.6.8-13.el7.x86_64
--> Processing Dependency: libpython3.6m.so.1.0()(64bit) for package: python3-3.6.8-13.el7.x86_64
--> Running transaction check
---> Package python3-libs.x86_64 0:3.6.8-13.el7 will be installed
---> Package python3-pip.noarch 0:9.0.3-7.el7_7 will be installed
---> Package python3-setuptools.noarch 0:39.2.0-10.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================================
Package Arch Version Repository Size
================================================================================================
Installing:
qrencode x86_64 3.4.1-3.el7 base 19 k
wireguard-tools x86_64 1.0.20200319-1.el7 epel 118 k
Installing for dependencies:
libpng x86_64 2:1.5.13-7.el7_2 base 213 k
python3 x86_64 3.6.8-13.el7 base 69 k
python3-libs x86_64 3.6.8-13.el7 base 7.0 M
python3-pip noarch 9.0.3-7.el7_7 updates 1.8 M
python3-setuptools noarch 39.2.0-10.el7 base 629 k
Transaction Summary
================================================================================================
Install 2 Packages (+5 Dependent packages)
Total download size: 9.7 M
Installed size: 49 M
Downloading packages:
(1/7): python3-3.6.8-13.el7.x86_64.rpm | 69 kB 00:00:00
(2/7): qrencode-3.4.1-3.el7.x86_64.rpm | 19 kB 00:00:00
(3/7): python3-setuptools-39.2.0-10.el7.noarch.rpm | 629 kB 00:00:00
warning: /var/cache/yum/x86_64/7/epel/packages/wireguard-tools-1.0.20200319-1.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 352c64e5: NOKEY
Public key for wireguard-tools-1.0.20200319-1.el7.x86_64.rpm is not installed
(4/7): wireguard-tools-1.0.20200319-1.el7.x86_64.rpm | 118 kB 00:00:00
(5/7): libpng-1.5.13-7.el7_2.x86_64.rpm | 213 kB 00:00:00
(6/7): python3-pip-9.0.3-7.el7_7.noarch.rpm | 1.8 MB 00:00:00
(7/7): python3-libs-3.6.8-13.el7.x86_64.rpm | 7.0 MB 00:00:00
------------------------------------------------------------------------------------------------
Total 10 MB/s | 9.7 MB 00:00:00
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
Importing GPG key 0x352C64E5:
Userid : "Fedora EPEL (7) <[email protected]>"
Fingerprint: 91e9 7d7c 4a5e 96f1 7f3e 888f 6a2f aea2 352c 64e5
Package : epel-release-7-11.noarch (@extras)
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : python3-pip-9.0.3-7.el7_7.noarch 1/7
Installing : python3-setuptools-39.2.0-10.el7.noarch 2/7
Installing : python3-libs-3.6.8-13.el7.x86_64 3/7
Installing : python3-3.6.8-13.el7.x86_64 4/7
Installing : 2:libpng-1.5.13-7.el7_2.x86_64 5/7
Installing : qrencode-3.4.1-3.el7.x86_64 6/7
Installing : wireguard-tools-1.0.20200319-1.el7.x86_64 7/7
Verifying : 2:libpng-1.5.13-7.el7_2.x86_64 1/7
Verifying : python3-3.6.8-13.el7.x86_64 2/7
Verifying : qrencode-3.4.1-3.el7.x86_64 3/7
Verifying : python3-pip-9.0.3-7.el7_7.noarch 4/7
Verifying : python3-setuptools-39.2.0-10.el7.noarch 5/7
Verifying : wireguard-tools-1.0.20200319-1.el7.x86_64 6/7
Verifying : python3-libs-3.6.8-13.el7.x86_64 7/7
Installed:
qrencode.x86_64 0:3.4.1-3.el7 wireguard-tools.x86_64 0:1.0.20200319-1.el7
Dependency Installed:
libpng.x86_64 2:1.5.13-7.el7_2 python3.x86_64 0:3.6.8-13.el7
python3-libs.x86_64 0:3.6.8-13.el7 python3-pip.noarch 0:9.0.3-7.el7_7
python3-setuptools.noarch 0:39.2.0-10.el7
Complete!
Created symlink from /etc/systemd/system/multi-user.target.wants/wg-iptables.service to /etc/systemd/system/wg-iptables.service.
Job for wg-iptables.service failed because the control process exited with error code. See "systemctl status wg-iptables.service" and "journalctl -xe" for details.
Created symlink from /etc/systemd/system/multi-user.target.wants/[email protected] to /usr/lib/systemd/system/[email protected].
Job for [email protected] failed because the control process exited with error code. See "systemctl status [email protected]" and "journalctl -xe" for details.
Run the boringtun-upgrade command, what's the output?
boringtun 0.3.0 is up to date
Is TUN enabled and working?
Yes, I enabled it on Virtualizor
Edit /etc/systemd/system/[email protected]/boringtun.conf, add a line containing Environment=WG_LOG_LEVEL=debug and try running systemctl start [email protected].
Done, don't know how to see the log
Also there are two MrVM locations in Australia. I can buy a container there to see what's going on, but need to know which one is having issues.
● wg-iptables.service
Loaded: loaded (/etc/systemd/system/wg-iptables.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Tue 2020-05-19 08:42:27 UTC; 33min ago
Main PID: 1604 (code=exited, status=3)
May 19 08:42:27 au1 systemd[1]: Starting wg-iptables.service...
May 19 08:42:27 au1 ip6tables[1604]: ip6tables v1.4.21: can't initialize ip6tables table `nat': Table does not exist (do you need to insmod?)
May 19 08:42:27 au1 ip6tables[1604]: Perhaps ip6tables or your kernel needs to be upgraded.
May 19 08:42:27 au1 systemd[1]: wg-iptables.service: main process exited, code=exited, status=3/NOTIMPLEMENTED
May 19 08:42:27 au1 systemd[1]: Failed to start wg-iptables.service.
May 19 08:42:27 au1 systemd[1]: Unit wg-iptables.service entered failed state.
May 19 08:42:27 au1 systemd[1]: wg-iptables.service failed.
● [email protected] - WireGuard via wg-quick(8) for wg0
Loaded: loaded (/usr/lib/systemd/system/[email protected]; enabled; vendor preset: disabled)
Drop-In: /etc/systemd/system/[email protected]
└─boringtun.conf
Active: failed (Result: exit-code) since Tue 2020-05-19 08:47:18 UTC; 28min ago
Docs: man:wg-quick(8)
man:wg(8)
https://www.wireguard.com/
https://www.wireguard.com/quickstart/
https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8
https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8
Process: 1750 ExecStart=/usr/bin/wg-quick up %i (code=exited, status=1/FAILURE)
Main PID: 1750 (code=exited, status=1/FAILURE)
May 19 08:47:18 au1 wg-quick[1750]: BoringTun started successfully
May 19 08:47:18 au1 wg-quick[1750]: [#] wg setconf wg0 /dev/fd/63
May 19 08:47:18 au1 wg-quick[1750]: Unable to modify interface: Protocol not supported
May 19 08:47:18 au1 wg-quick[1750]: Unable to access interface: Protocol not supported
May 19 08:47:18 au1 wg-quick[1750]: [#] ip link delete dev wg0
May 19 08:47:18 au1 wg-quick[1750]: Cannot find device "wg0"
May 19 08:47:18 au1 systemd[1]: [email protected]: main process exited, code=exited, status=1/FAILURE
May 19 08:47:18 au1 systemd[1]: Failed to start WireGuard via wg-quick(8) for wg0.
May 19 08:47:18 au1 systemd[1]: Unit [email protected] entered failed state.
May 19 08:47:18 au1 systemd[1]: [email protected] failed.
wg-quick up wg0
[#] ip link add wg0 type wireguard
RTNETLINK answers: Operation not supported
Unable to access interface: Protocol not supported
[#] ip link delete dev wg0
Cannot find device "wg0"
I use CentOS 7.5 in AU while SG use Ubuntu 18.04 LTS, maybe that'll help.
@kuroneko23 thanks for the information, it was very helpful.
If you do a uname -a you'll probably see that your VPS is using a 2.6 kernel (OpenVZ 6) which has reached its end of life and is unsupported while Singapore will probably show a 3.x kernel if you check. I'd guess that @mikho is going to upgrade the former in the near future.
There is additionally a problem with the TUN device, can you try running exec 8<>/dev/net/tun and let me know it produces any error?
Support for OpenVZ 6 is not going to be added as it reached its EOL and is a VERY old piece of software, I understand that being the end user you can't do much about it but sadly I can't give you better news.
If you do a uname -a you'll probably see that your VPS is using a 2.6 kernel (OpenVZ 6) which has reached its end of life and is unsupported while Singapore will probably show a 3.x kernel if you check. I'd guess that @mikho is going to upgrade the former in the near future.
You're right, it's still 2.6.32. That's too bad
There is additionally a problem with the TUN device, can you try running exec 8<>/dev/net/tun and let me know it produces any error?
@kuroneko23 please, provide me the exact output of the following command: uname -r. I guess I can just match anything starting with 2.6, but just to be sure.
That way I can add a compatibility test and alert the user that his system is not compatible.
@Nyr said: @kuroneko23 please, provide me the exact output of the following command: uname -r. I guess I can just match anything starting with 2.6, but just to be sure.
That way I can add a compatibility test and alert the user that his system is not compatible.
It seems to capture DNS requests using iptables. Is that safer, so clients are forced to use it, than putting the internal nameserver address in the client config ?
@bibble said: This is a simple Wireguard + Unbound + Ad Block script that auto creates a config for a laptop and a phone.
It's abandoned and shouldn't be used.
@bibble said: It seems to capture DNS requests using iptables. Is that safer, so clients are forced to use it, than putting the internal nameserver address in the client config ?
No, those are just ACCEPT rules, they don't forward anything. Also they are useless in that context and not required in a normal system.
@bibble said: Will IPv6 be routed when using that simple script ?
True that both AU nodes are OVZ6.
I’ve run into some problems with how Virtualizor decided to change from serial console (like in OVZ6) to VNC on Virtuozzo OVZ7.
It has caused me to rethink the whole node deployment for OVZ7.
Currently trying to figure out the best way, moving forward.
@Nyr if you ever need a container to test with, let me know.
I have a soft spot for projects like these.
One thing that's not clear to me about Wireguard is that if one wants to use it in a Lowendspirit context, shouldn't one have redundancy and randomly select which VPN server to connect to using potentially different configs like port numbers, endpoint address, and private keys? How do you set it up on the client side to randomly select one VPN server to connect to to reroute traffic and reconnect to a random server if the current one is down?
The way the configuration is documented makes it sound like you route particular routing to one server, so there shouldn't be an overlap (though this isn't explicitly stated), so if you direct all web traffic to one server in the config file, and you could route particular subnets to different servers, but you would be connected to all at once. How do you get around that, or is there something I completely misunderstood?
Also, from a road warrior context, how have you found Wireguard VPN supported in travel context? Do you get blocked by the firewalls more when you're connected than when in OpenVPN mode where you at least get the TCP option as a fallback?
WireGuard does not support round robin connections, or rotating if one is down. You'd need to script that, or use OpenVPN.
WireGuard has the same permeability which OpenVPN has, if your network allows arbitrary traffic over an UDP port it'll work. If not, you'll need to route it over something else. Both WireGuard and OpenVPN can be easily identified if you network wants to.
Thank you NYR - I'll stick with openvpn, also because of the TCP fallback which sometimes seems to get allowed in places UDP is blocked (especially if using common ports). Obviously won't work against anyone who really means to block VPNs as opposed to just opening up wifi for web browsing type of applications.
Wireguard is really nice if you have a reliable PET vps that you can afford forever. I've been running it as my daily driver on a vultr vps in SGP since the script released.
The connection roaming is pretty seamless when switching between wifi and 4g. Voice chat in my android games are not disturbed.
Comments
I had never installed a VPN before, this installer helped me a lot. Thank you!
OpenVZ support is here!
FAQ:
Does it work with other container technologies?
Very likely, as long as they have full iptables/nftables support.
Does it work with just 128 MB of RAM?
Yes but avoid CentOS if you don't have SWAP, because yum/dnf are memory hungry.
Does it work with NAT servers?
Yes.
Why are you using BoringTun instead of wireguard-go?
It is the best WireGuard user space implementation currently available. I have my "political" opinions and you can too, but at this time BoringTun is technically a great choice and I see no reason to avoid it.
Why aren't you signing the binaries?
Because Cloudflare is not going to, and when they make them available I'd like to use their official binaries instead of my own. They are a modern company with great engineers for new and shiny languages, but it seems like GPG is too old school for them. My initial idea was to provide full deb and rpm repositories for the community, but that ended up being an unattainable ammount of work if I wanted to do it properly.
Code quality could be better/cleaner
That's not a question, but I know. I wanted to get working OpenVZ support out and then polish the minor stuff. I have a limited amount of time available and the implementation is working correctly, so no need to wait.
OpenVPN installer | WireGuard installer
Good job @Nyr with adding OpenVZ support
Awesome. Thanks. I'll give it a try once the MrVM OpenVZ migration process is done.
I am genuinely curious about what challenges did you face that made you to reject the idea? Is it the hosting the repo or building the rpm (or both)?
Currently, I am interested to learn RPM ecology. If you think it will be worthy, I am happy to invest some of my time to (try) maintain atleast RPM of it.
https://phpbackend.com/
really good work @Nyr really really appreciated!
https://inceptionhosting.com
Please do not use the PM system here for Inception Hosting support issues.
Currently, I am interested to learn RPM ecology. If you think it will be worthy, I am happy to invest some of my time to maintain atleast RPM of it.
Packaging a .deb or .rpm is very easy and Rust some some pretty nice third party tools for it, but there are lots of details to do it properly, I did read some of the Debian documentation as I'm mainly a Debian guy and estimated that I'd need about 100 hours to get comfortable enough with .deb + RPM packaging and hosting. Hosting the repos itself is also non-trivial, there are third party solutions but what I researched was either expensive, unreliable in the long term or lacked important features for me. I spend like a day researching and it was just too much work.
It was just not worth the effort in my opinion, I'm happy with the current implementation and it gives me freedom to support new distributions easily, instead of learning their packaging systems and maintaining multiple repositories up to date.
I appreciate your offer but at this time the current solution is looking good enough to me. If WireGuard keeps getting popular, I hope that mid-term the distributions will provide official packages for this.
OpenVPN installer | WireGuard installer
Are we talking about packaging BoringTun for the RH ecosystem?
There's a Copr repo for CentOS 7, 8 and Fedora 30, 31, 32 here -> https://copr.fedorainfracloud.org/coprs/atim/boringtun/
Alternately, there is Open Build Service (OBS) which will build repos for lots of things.
https://openbuildservice.org/
https://openbuildservice.org/help/manuals/obs-user-guide/cha.obs.package_formats.html
Yes, but there are no guarantees from the maintainer. In fact, the copr is already outdated. I want to maintain this script long-term so unofficial solutions most of the time will not work. I considered maintaining my own PPA + copr but decided against it.
I also considered Gemfury and Cloudmith, but ended up discarding them. The current approach is good enough, flexible for me and easy to maintain. When Cloudflare publishes their official binaries, I'll be able to use them directly. After all BoringTun is just that, a binary with no dependencies or anything.
OpenVPN installer | WireGuard installer
Thanks for the openvz support!
It's working on my MrVM SG but not the AU one
OnePoundEmail (aff link)
boringtun-upgrade
command, what's the output?/etc/systemd/system/[email protected]/boringtun.conf
, add a line containingEnvironment=WG_LOG_LEVEL=debug
and try runningsystemctl start [email protected]
.Also there are two MrVM locations in Australia. I can buy a container there to see what's going on, but need to know which one is having issues.
OpenVPN installer | WireGuard installer
I don't know where to find the installation log but here all things that show up when I install it
boringtun 0.3.0 is up to date
Yes, I enabled it on Virtualizor
Done, don't know how to see the log
Both Perth and Sydney
OnePoundEmail (aff link)
@kuroneko23 thanks for the information.
Please provide the output of the following commands after a failed installaton and enabling the WG_LOG_LEVEL flag as previously explained:
systemctl status wg-iptables.service
systemctl status [email protected]
wg-quick up wg0
Okay, I'll get one of them to avoid going back and forth with you if the next reply doesn't clarify the situation.
OpenVPN installer | WireGuard installer
systemctl status wg-iptables.service
systemctl status [email protected]
wg-quick up wg0
I use CentOS 7.5 in AU while SG use Ubuntu 18.04 LTS, maybe that'll help.
OnePoundEmail (aff link)
@kuroneko23 thanks for the information, it was very helpful.
If you do a
uname -a
you'll probably see that your VPS is using a 2.6 kernel (OpenVZ 6) which has reached its end of life and is unsupported while Singapore will probably show a 3.x kernel if you check. I'd guess that @mikho is going to upgrade the former in the near future.There is additionally a problem with the TUN device, can you try running
exec 8<>/dev/net/tun
and let me know it produces any error?Support for OpenVZ 6 is not going to be added as it reached its EOL and is a VERY old piece of software, I understand that being the end user you can't do much about it but sadly I can't give you better news.
OpenVPN installer | WireGuard installer
You're right, it's still 2.6.32. That's too bad
It returns nothing
I guess i'll stick to the OpenVPN for now ._.
OnePoundEmail (aff link)
@kuroneko23 please, provide me the exact output of the following command:
uname -r
. I guess I can just match anything starting with 2.6, but just to be sure.That way I can add a compatibility test and alert the user that his system is not compatible.
OpenVPN installer | WireGuard installer
2.6.32-042stab127.2
OnePoundEmail (aff link)
Thank you for the script, made setting up a small personal VPN much easier
@Nyr - This is a simple Wireguard + Unbound + Ad Block script that auto creates a config for a laptop and a phone.
https://github.com/dolegi/wireguard_unbound_setup/blob/master/install-wg-unbound.sh
It seems to capture DNS requests using iptables. Is that safer, so clients are forced to use it, than putting the internal nameserver address in the client config ?
Will IPv6 be routed when using that simple script ?
Good job on the OpenVZ NAT update
It's abandoned and shouldn't be used.
No, those are just ACCEPT rules, they don't forward anything. Also they are useless in that context and not required in a normal system.
No.
OpenVPN installer | WireGuard installer
@kuroneko23 @Nyr
True that both AU nodes are OVZ6.
I’ve run into some problems with how Virtualizor decided to change from serial console (like in OVZ6) to VNC on Virtuozzo OVZ7.
It has caused me to rethink the whole node deployment for OVZ7.
Currently trying to figure out the best way, moving forward.
@Nyr if you ever need a container to test with, let me know.
I have a soft spot for projects like these.
https://clients.mrvm.net
I have a soft spot for projects like these.
Appreciate it, but already got one OVZ from you to test the whole thing, because I don't use OVZ elsewhere.
OpenVPN installer | WireGuard installer
One thing that's not clear to me about Wireguard is that if one wants to use it in a Lowendspirit context, shouldn't one have redundancy and randomly select which VPN server to connect to using potentially different configs like port numbers, endpoint address, and private keys? How do you set it up on the client side to randomly select one VPN server to connect to to reroute traffic and reconnect to a random server if the current one is down?
The way the configuration is documented makes it sound like you route particular routing to one server, so there shouldn't be an overlap (though this isn't explicitly stated), so if you direct all web traffic to one server in the config file, and you could route particular subnets to different servers, but you would be connected to all at once. How do you get around that, or is there something I completely misunderstood?
Also, from a road warrior context, how have you found Wireguard VPN supported in travel context? Do you get blocked by the firewalls more when you're connected than when in OpenVPN mode where you at least get the TCP option as a fallback?
@curmudgeon
OpenVPN installer | WireGuard installer
Thank you NYR - I'll stick with openvpn, also because of the TCP fallback which sometimes seems to get allowed in places UDP is blocked (especially if using common ports). Obviously won't work against anyone who really means to block VPNs as opposed to just opening up wifi for web browsing type of applications.
Wireguard is really nice if you have a reliable PET vps that you can afford forever. I've been running it as my daily driver on a vultr vps in SGP since the script released.
The connection roaming is pretty seamless when switching between wifi and 4g. Voice chat in my android games are not disturbed.
Due to a bug in BoringTun, adding users after the first one would result in WireGuard breaking for those using the script in OpenVZ.
I have addressed that on my side with the latest commit. Affected users can download and use the latest version, no need to reinstall.
Non-container installations are not affected.
OpenVPN installer | WireGuard installer
Sorry solved.(Not sure why i need to disable and enabled TUN/TAP few times to make it works)
MY/SG & Worldwide Latency Test V3 : http://www.mywebping.com (27 February 2021 Updated)
MY-Unifi Home SmokePing: http://smokeping.mywebping.com/smokeping/
(Might be inaccessible for few mins when router reboot or setting)
@Nyr is this script usable in Xen VPS?
OnePoundEmail (aff link)