article

iv4n avatar image
iv4n posted

HowTo: Venus OS - Setting up Wireguard - remote ssh

Hello everyone,

I have finally found a way to connect the venusgx device to my home network using Wireguard as a VPN.

I hope it's useful to somebody, as other posts in this community have been for me.


Venus OS does have the Wireguard kernel module but was missing the wg command, following their documentation I was able to COMPILE from source the wg command with:

opkg update
opkg install git
git clone https://git.zx2c4.com/wireguard-tools
opkg install coreutils
make -C wireguard-tools/src -j$(nproc)
sudo make -C wireguard-tools/src install

and in order to SETUP Wireguard i then used:

ip link add dev wg0 type wireguard
ip address add dev wg0 10.0.77.4/24
wg setconf wg0 /data/wireguard/venusgx_wg.conf
ip link set up dev wg0


Notes:

  • It might be good to add the
PersistentKeepalive = 24

parameter in the peer configuration file to keep the connection live on a cellular connection, you might also need to play with the value 24, if it's dropping the connection.

  • The setup of Wireguard goes away after rebooting, so you might need to put a script in /data/rc.local for that, and
  • The compile from source binaries (wg) will go away on a system update so you need to handle that as well.


I have an entry in /data/rc.local pointing to a script that has this on my system for the automated compile part:

#!/bin/bash

running_file_name=$(basename "$0")
echo "-"
echo "[Running '$running_file_name']"

if [ -x "$(command -v wg)" ] ; then
  echo "wireguard already installed"
  exit
fi

if [ ! -x "$(command -v install)" ] ; then
  echo "command install not found, checking internet connection"
  curl --output /dev/null --silent --retry 15 --retry-max-time 120 --retry-connrefused -w "\n" "8.8.8.8" #wait for internet connection
  exit_status=$?
  if [ $exit_status -ne 0 ]; then
    echo "failed detecting connection to internet"
    exit 100
  fi
  echo "installing coreutils"
  opkg update
  opkg install coreutils
fi

if [ -x "$(command -v install)" ] ; then 
  echo "installing wireguard"
  if [ ! -d "wireguard-tools" ] ; then
    echo "cloning wireguard git repository"
    git clone https://git.zx2c4.com/wireguard-tools
  else
    echo "wireguard git repository already exists"
  fi
  make -C wireguard-tools/src -j$(nproc)
  sudo make -C wireguard-tools/src install
  echo "wireguard installed"
else
  echo "install command not found, failed installing"
fi
Venus OSRaspberry Pi
6 comments
2 |3000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 190.8 MiB each and 286.6 MiB total.

jeroen avatar image jeroen ♦ commented ·

Some remarks: I think a call to /opt/victronenergy/swupdate-scripts/resize2fs.sh is missing in the rc.local script. It will make the rootfs writable and expand the filesystem.

And for completeness, as is this only works with the large image. For the normal image sudo and the compiler etc must be installed as well for it to work.

1 Like 1 ·
Neno avatar image Neno jeroen ♦ commented ·

Just tried it on my venus rpi. The first part with compilation works but the second part not:


  1. ip link add dev wg0 type wireguard
  2. ip address add dev wg0 10.0.77.4/24
  3. wg setconf wg0 /data/wireguard/venusgx_wg.conf
  4. ip link set up dev wg0

Number 2 is which ip ??? And number 3 says:

Fopen: no such file or directory

0 Likes 0 ·
jeroen avatar image jeroen ♦ Neno commented ·

I have never installed / used wireguard, I was just looking at the script. Perhaps @iv4n can clarify it.

0 Likes 0 ·
iv4n avatar image iv4n Neno commented ·

hello! the second part should be using the IP address that the device will be taking over. and the third step is the configuration file that usually has the interface and peer credentials, etc. Make sure to change the path to point to the right configuration file.

0 Likes 0 ·
andrii-podanenko avatar image andrii-podanenko commented ·

This is awesome, thank you


Just a note, on Cerbo GX


root@einstein:/run/media/mmcblk0p1# ip link add dev wg0 type wireguard
Error: Unknown device type.

You won't be able to configure via ip command

0 Likes 0 ·
iv4n avatar image iv4n andrii-podanenko commented ·

Hello! that's weird, i would expect the wireguard type to be avaiable.

  1. Did you run that command after installing coreutils and compiling wireguard?
  2. Did you find any work around that would be worth sharing?
0 Likes 0 ·

Article

Contributors

Iv4n contributed to this article

Navigation

Related Articles

HowTo: Use a HDMI Screen with USB Touch Panel and USB HID Buttons on a Raspberry Pi running Venus

How to: Quickly update RPI Touch Screen configuration on new SD card or after version update.

HowTo: Disable Hotkeys in Venus Remote Console on LAN

HowTo: Access Files on VenusOS with Root Access using Total Commander

HowTo: Change Tile Names in Venus OS Tile Overview

Add shortcut hotkey to start generator on Any screen

Service to turn Multiplus on/off via digital input

Venus HTML5 @SignalK (WilhelmSK)

RV-C protocol and Victron

Simple json/REST/Ajax interface to venus d-bus written as a python script.