One way of how to setup a Wireguard VPN

danielpub · 31 July 2020 18:59

Some lovely wholesome developer has included: connmanctl.

Which really makes it easy to setup a wireguard vpn.

connmanctl watches: /storage/.config/wireguard

And has its own config system, just create a: nano myvpn.config in that directory.

[provider_wireguard]
Type = WireGuard
Name = VPNNAME
Host = (The IP of the VPN Server. Ping its hostname)
Domain = ThisMustHaveANameAndByGawdANYNAME
WireGuard.Address = The VPN internal server IP (ends with 24 or 32 usually)/32
WireGuard.PrivateKey = yourPrivateKeyHere
WireGuard.PublicKey = yourPublickeyThere
WireGuard.DNS = DNS_IP1, DNS_IP2
WireGuard.AllowedIPs = 0.0.0.0/0
WireGuard.EndpointPort = TheServerPort
WireGuard.PersistentKeepalive = 25

(There shall be no () in the config!)
Then you save it.
Type connmanctl whack enter.
Now you should be able to see it by typing: services (and whack enter)
If everything is ok, it should be listed.

Now you can type:
connect (first letter of config & press TAB) autocompletedConfigname
Likewise, you type disconnect to disconnect.

And then it should say: Connected
Type: quit to Quit.

You can check your external ip by:
nslookup myip.opendns.com resolver1.opendns.com

If you wish, you can setup so that it starts on boot by:
connmanctl
config VPNNAMEByTAB autoconnect yes
exit

Enable the service:
systemctl enable connman

Now, I hope to use my N2 as a gateway (see thread), so that the local network can use wireguard at the same time. Seems to be iptables that’s missing.

Betatester · 1 August 2020 05:11

I guess wireguard can not be setup with zomboided vpn manager?

danielpub · 1 August 2020 09:05

It seems to utilize openvpn only.

elgatito · 18 August 2020 15:58

Still connman does not work properly when you set AllowedIPs to NOT “0.0.0.0/0”.
It breaks routes then.

danielpub · 19 August 2020 02:56

Hm. Strange.

If I open a conf from my VPN provider it says 0.0.0.0/0.
Have not tested anything else, as it’s the right value for my vpn connection.

elgatito · 19 August 2020 12:31

There is no “right” value for AllowedIPs parameter.
This parameter defines which addesses should route through wireguard.
0.0.0.0/0 means everything should come through wireguard.

But if you want to setup Wireguard, but use it for specific situations or bind some applications to this network interface only, you will fail.
Because connman is always routing everything through wireguard interface.
This bug is reported long time ago, but still no changes with that.

prisoner0093 · 16 September 2020 13:36

Sorry for asking such a stupid question since i newbie in this. which addon should i use to type the connmanctl?

danielpub · 16 September 2020 13:54

There is no stupid questions, big things have small beginnings.

You have to use an SSH-application (i.e putty for windows), then you find out what IP your coreelec machine has (it can be seen in system info).

Open putty insert your ip and user:root and the password (coreelec is default, if you have not changed it).

Read up on ssh, what is linux terminal, what is nano and take it from there.

prisoner0093 · 16 September 2020 15:10

hi thank you for your reply, i just manage to install putty on windows and connect to my device. quick question, how can i got all the information required from subscription vpn. im using vyprvpn.

danielpub · 16 September 2020 18:31

If you look in the windows-wireguard client, one can edit the configs for the different VPN’s one can connect to. There is all the info you need.

Hey, helping out is the FLOSS way. Pass it forwards.

system · 17 December 2020 00:39

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.