• TorGuard related OpenWRT scripts
  • TorGuard Wireguard Installation
    • download and install with wget or curl
      • download and install with wget
    • download and install with curl
  • Script descriptions
    • tgfunctions
    • tginit
    • tginit-uci-basic
    • tginstall
      • tginstall vars
    • tgsetup
    • tguninstall
    • tgupgrade
    • torguard's wireguard api v1
      • API Syntax
      • API Expiration
      • Validation loop script
      • tgapi service
        • tgapi service script /etc/init.d/tgapi
          • tgapitest
      • Example for New York shared server
        • Convert your public key to API format
        • Example API URL
  • speedperf
    • speedperf - show all settings
    • speedperf default settings
    • Install speed perf manually
    • How to start speedperf script
  • FAQ (Freqently Asked Question)

Installation can be performed by running /usr/bin/tginstall:

Copy and paste from codeboxes below using either wget or curl.

wget -O /usr/bin/tgsetup https://raw.githubusercontent.com/FixedBit/openwrt-scripts/master/usr/bin/tgsetup && chmod +x /usr/bin/tgsetup && /usr/bin/tgsetup

curl -o /usr/bin/tgsetup https://raw.githubusercontent.com/FixedBit/openwrt-scripts/master/usr/bin/tgsetup && chmod +x /usr/bin/tgsetup && /usr/bin/tgsetup

All function of all scripts are currently in file /usr/bin/tgfunctions.

• default path: /usr/bin/tgfunctions

• default path: /usr/bin/tginit
• logfile: /var/log/torguard/tginit/tginit.log

Torguard initialization script. Script generates new keypair and retrieves wireguard interface options from TorGuard server to which a user connects to with your torguard credentials, then it creates wireguard interface. After script finishes, please recheck your new interface if all values are there and if everything is ok, reboot your device.

• default path: /usr/bin/tginit-uci-basic

Script to initialize torguard config when none exists.

• default path: /usr/bin/tginstall
• if /etc/config/torguard exists, script will be unattended. main helper script for tginit. 9 variables can be passed, please check tginstall file for more info.

• (1) openwrt interface name, default is wg and will be used if no vars are passed
• (2) interface number, default is 0. Currently, please make sure that there is no interface of same name before usage

all other values are retrieved from /etc/config/torguard.

tgsetup upgrades/downloads all required scripts as well as it creates new torguard config from scratch. Old is renamed/backed up to /etc/config/torguard.old

• default path: /usr/bin/tgsetup

• default path: /usr/bin/tguninstall

Script to remove all tg bins and rename configs with suffix .old

• default path: /usr/bin/tgupgrade

Only upgrades bins, configs are not enabled, if you want to update configs too, then use please tgsetup.

Currently only whitelisted/whitelabeled keys work and to get one can be performed in several ways

• using TorGuard's wireguard configuration tool

• dumping the keys/config with TorGuard client on any pc

  # show full config of TorGuard client
  wg showconf torguard-wg

• check your TorGuard clients debug log

You can use the API manually

• retrieve required values with a browser.

  Public key for API usage has to be url encoded first. (If you do not know how to url encode, you can use any online tools, this one as example.)

https://[USER]:[PASS]@[SERVER]:[PORT]/api/v1/setup?public-key=[YOURURLENCODEDPUBLICKEY]`

• Currently every config will work for 24 hours, configs stay valid as long as you stay connected
• 24 hours is counted from last handshake timestamp,
• in case of reconnect within 24 hours config stays valid and does not need revalidation
• in case of invalidation, your connected client will have no internet connection and config update is required.
  • To prevent this, one could either run a cronjob or start a service tgapi which runs by default every 30 minutes ensuring that the config is extended for 15 minutes from the timestamp API call is executed.
• run same job/endless loop/... on any other PC as a backup to ensure that config used will never expire. Good example is use with mobile phone where one would be very restricted in keeping connection valid without to lose it. If you use this service on a router and you have ability to run tgapi on some other device, this would ensure that your config never expires.
• Currently used method by this script is to run the API call which does extend validity period in Torguard's system/backend
• If your device already has no internet, running api call would immediately let it work without reconnect or network restart

• default path: /usr/bin/tgapitest

This script extends/validates connection to keep your wg active. Current restriction set by TorGuard is 12 hours, please check always directly on torguard homepage/forum for any changes on this. Script can run on every linux system. If it uses wget or curl depends only on tginstall/tginit process finding/using either curl or wget.

• default path: /etc/init.d/tgapi

Demo service file which can be used instead of cronjob is created by tginit, it is very simple, please extend it according to your needs

• to enable on boot and start it, simply run

  /etc/init.d/tgapi enable
  /etc/init.d/tgapi start

• how to check if script is running

  ps w | grep tgapitest

  results show you if script is /usr/bin/tgapitest is running, in example below with pid 3283

  3283 root      1256 S    /bin/sh /usr/bin/tgapitest
  3535 root      1248 S    grep tgapitest
  

this script is auto created and you do not need to change it, this is only for the information about how service file looks like for user who might want to enable the same on other systems where scripts for openwrt would not work.

#!/bin/sh /etc/rc.common
# Copyright (c) 2021 TorGuard forum user 19807409

START=50
STOP=50

USE_PROCD=1

reload_service() {
        procd_send_signal /usr/bin/tgapitest
}

start_service() {
        procd_open_instance
        procd_set_param command /usr/bin/tgapitest
        procd_set_param respawn
        procd_close_instance
}

API URL is configured in file /usr/bin/tgapitest.

Basic endless loop:

#!/bin/sh
# Copyright (c) 2021 TorGuard forum user 19807409
# endless loop running every 1 minutes (60 seconds)
WAITTIME=60
while true
do
        /usr/bin/curl --cacert /etc/torguard/ca.crt -k https://YOURUSERNAME:YOURPASS@TGSERVERIP:1443/api/v1/setup?public-key=AAAABBBBCCCCDDDDEEEEFFFFGGGGHHHHIIIIJJJJLLL%3D
        sleep ${WAITTIME}
done

/usr/bin/tgapitest is auto created and is overwritten with every tginstall run, there is no need for a user to make any changes on that file, here is example with dummy values, please use IP's instead of domains for torguard as domains might deliver you different servers where server's public keys would differ.

During tginit/tginstall, script checks if curl/wget exist as well if certificate exists making according steps/settings and creating this service file.

first you need to convert your WG public key into API used formatting

First load tgfunctions and then run urlencode

1. load first tgfunctions

   . /usr/bin/tgfunctions

2. Urlencode your public key

   urlencode "AAAABBBBCCCCDDDDEEEEFFFFGGGGHHHHIIIIJJJJLLL="

• Example: AAAABBBBCCCCDDDDEEEEFFFFGGGGHHHHIIIIJJJJLLL= to AAAABBBBCCCCDDDDEEEEFFFFGGGGHHHHIIIIJJJJLLL%3D

Current implementation of urlencode in script is a little buggy and is disabled by default. Script uses currently public key for api calls which works with current api. You can manually convert with this tool (or any other) and save your api public key with:

uci set torguard.@wireguard_tg0[0].wgapipubkey='AAAABBBBCCCCDDDDEEEEFFFFGGGGHHHHIIIIJJJJLLL%3D'

to show your currently set api key, use, run

uci get torguard.@wireguard_tg0[0].wgapipubkey

• Example: Open in your browser:

  https://User1:[email protected]:1443/api/v1/setup?public-key=AAAABBBBCCCCDDDDEEEEFFFFGGGGHHHHIIIIJJJJLLL%3D
  

• Speedperf is a script performing iperf3 test with defined servers. /usr/bin/speedperf uses only default client.
• Check /etc/config/speedperf for more info about default config.
• Default config with iperf3 will compress all logs into folder: /var/log/speedperf/iperf3

to show full list of available servers and their settings and set closest/fastest to your location

uci show speedperf

• Default settings
  • Default Server: EU central - Germany
    • Server URL: speedtest.wtnet.de
  • Compress single logs: 1 (yes)
  • Compress folder: 1 (yes)
    • tar.gz archive: /var/log/speedperf/iperf3/speedperf_default_client_[DATE]-[EPOCH]_[IPERF3SERVERURL]
  • Logdir: /var/log/speedperf
  • Logfile: speedperf_default_client
  • Pidfile: /var/run/speedperf_default_client.pid
  • Storage: /var/log/speedperf/iperf3
  • Tests
    • Repetitions: 1
    • normal
    • reverse
    • tcp test
      • Parallel connections tcp: 10
    • udp test
      • Parallel connections udp: 10

# Get speedperf bin
wget -O /etc/config/speedperf https://github.com/TorGuard/openwrt-scripts/raw/master/etc/config/speedperf

# Get speedperf config
wget -O /usr/bin/speedperf https://github.com/TorGuard/openwrt-scripts/raw/master/usr/bin/speedperf

# set speedperf bin as executable
chmod +x /usr/bin/speedperf

1. Run with default settings

   speedperf

Frequently Asked Questions on Wiki