WireGuard VPN tunnel configuration using wg-quick script

General Guides & How-tos
1

Last few nightly builds includes support for WireGuard configuration using wg-quick bash script.

Included config files for client and server (files wg0.conf.client.sample and wg0.conf.server.sample) are based on linuxserver/wireguard docker image.
Config file can be created by hand or copied directly from a peer.

For a quick start only configuration file named wg0.conf needs to be added
to folder /storage/.config/wireguard
or over samba to \\DEVICE_IP\Configfiles\wireguard share.

Appropriate systemd service files are already included. After copying the configuration file device needs to reboot to get WireGuard activated. Or service can be manually started.

start service
systemctl start wg-quick@wg0

stop service
systemctl stop wg-quick@wg0

status of the service
systemctl status wg-quick@wg0

In case configuration file is named differently like wg-client.conf then service must be enabled first
systemctl enable wg-quick@wg-client

and then
systemctl start wg-quick@wg-client
systemctl stop wg-quick@wg-client
systemctl status wg-quick@wg-client

The functionality was not tested widely which means any feedback is welcome.
Available on all image types (NG, NE, NO). On NG there is some warning visible in systemd service log which I don’t know how to fix but looks like not important for the functionality itself.

8 Likes
2

reserved for me

3

2 posts were merged into an existing topic: Help, support CPM build

4

I think I have the files (answering re. moved question on cpm’s build support thread), although in my /storage/config/wireguard I see a wireguard.config.sample in addition to the wg0.conf.client.sample and wg0.conf.server.sample you mention.

My question is: does this new built in support handle resolving name addresses? Or are we still forced to use numerical IPs for Endpoint (we discussed this in the past, here: Still possible to use WireGuard from entware? - #10 by ashlar).

Thank you!

5

Amazing to see! This is one of the last features I was missing. Now I can finally take my streaming box and connect to my network movies on the go.

6

Since I was already on a nightly version, I thought I’d try wireguard out too.

It works as described just put wg0.conf in /storage/.config/wireguard after a reboot, you should be connected right away.

I speak IPv4+IPv6 within my tunnel, it didn’t connect at first. I then activated IPv6 on CoreELEC generally and then it’s stated to work.

So, if your wireguard configuration comes with IPv6 parameters, I would recommend to activate IPv6 in Coreelec as well. (Alternatively, you could remove IPv6 parameters from the wiregaurd configuration, should also work.)

Works great, it’s an amazing feature for Coreelec! :+1:

1 Like