Jump to content


MastaG

Member Since 16 May 2009
Offline Last Active 22 Jun 2022 15:23
*****

#1461523 Tunnel everything through Wireguard

Posted by MastaG on 20 June 2022 - 21:02

A better version with a stolen online check, simplified function for adding the route to the wireguard server and loading the wireguard module:

#!/bin/sh

# Copyright (c) 2021 Karol Babioch <karol@babioch.de>

# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

# LSBInitScript for Wireguard: This is a leightweight init script for
# Wireguard. While Wireguard itself requires only minimal overhead to setup and
# start, it still requires some script invocations (e.g. during boot).
#
# Most distributions are using systemd by now, and as such can use
# wg-quick@.service. However some distributions / images / Linux appliances
# are not (yet) using systemd. In such cases, this init script could be used
# to (re)start and/or stop Wireguard.
#
# It can handle all configured Wireguard interfaces (within /etc/wireguard)
# globally and/or individual interfaces, e.g. (/etc/init.d/wireguard start wg0).
#
# It relies on wg(8) and wg-quick(8) in the background.

### BEGIN INIT INFO
# Provides:          wireguard
# Required-Start:    $network $syslog
# Required-Stop:     $network $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Starts Wireguard interfaces
# Description:       Sets up Wireguard interfaces (by means of wg-quick).
### END INIT INFO

CONFIG_DIR=/etc/wireguard

modprobe wireguard

check_online() {
  count=0
  while [ $count -lt 5 ]
  do
    sleep 0.5
    if ping -4 -c 1 www.google.com >/dev/null 2>&1 || ping -6 -c 1 www.google.com >/dev/null 2>&1
    then
      break
    fi
    count=$((count+1))
  done
}

function get_active_wg_interfaces() {
  INTERFACES=$(wg | grep "interface:" | sed 's/interface: /\1/')
  echo "$INTERFACES"
}

function default_gw_for_endpoints() {
  ACTION="$1"
  GATEWAY="$(ip r | grep default | cut -d ' ' -f3)"
  if [ ! "${GATEWAY}" == "" ]
  then
    wg | sed -n -e '/\(0.0.0.0\/1, 128.0.0.0\/1\|128.0.0.0\/1, 0.0.0.0\/1\)/{x;p;d;}; x' | sed -e 's/^[ \t]*//' | cut -d' ' -f2 | cut -d':' -f1 | while read line
    do
      echo "${ACTION} default gateway: ${GATEWAY} for endpoint ${line}"
      ip route ${ACTION} ${line} via ${GATEWAY}
    done
  else
    echo "Could not determine default gateway on this system!"
  fi
}

# This is required for wg-quick(1) to work correctly, i.e. for process
# substitution (`<()`) to work in Bash. If missing, wg-quick will fail with a
# "fopen: No such file or directory" error.
[ -e /dev/fd ] || ln -sf /proc/self/fd /dev/fd

case "$1" in

  start)
    check_online
    if [ -z "$2" ]; then
      echo "Starting all configured Wireguard interfaces"
      for CONFIG in $(cd $CONFIG_DIR; ls *.conf); do
        wg-quick up ${CONFIG%%.conf}
      done
    else
      echo "Starting Wireguard interface: $2"
      wg-quick up "$2"
    fi
    default_gw_for_endpoints add
    ;;

  stop)
    default_gw_for_endpoints del
    if [ -z "$2" ]; then
      echo "Stopping all active Wireguard interfaces"
      INTERFACES=$(get_active_wg_interfaces)
      for INTERFACE in $INTERFACES; do
        wg-quick down "$INTERFACE"
      done
    else
      echo "Stopping Wireguard interface: $2"
      wg-quick down "$2"
    fi
    ;;

  reload|force-reload)
    default_gw_for_endpoints del
    check_online
    if [ -z "$2" ]; then
      echo "Reloading configuration for all active Wireguard interfaces"
      INTERFACES=$(get_active_wg_interfaces)
      for INTERFACE in $INTERFACES; do
        wg syncconf "$INTERFACE" <(wg-quick strip "$INTERFACE")
      done
    else
      echo "Reloading configuration for Wireguard interface: $2"
      wg syncconf "$2" <(wg-quick strip "$2")
    fi
    default_gw_for_endpoints add
    ;;

  restart)
    $0 stop "$2"
    sleep 1
    $0 start "$2"
    ;;

  status)
    # TODO Check exit codes and align them with LSB requirements
    if [ -z "$2" ]; then
      INTERFACES=$(get_active_wg_interfaces)
      for INTERFACE in $INTERFACES; do
        wg show $INTERFACE
      done
    else
      wg show "$2"
    fi
    ;;

  *)
    echo "Usage: $0 { start | stop | restart | reload | force-reload | status } [INTERFACE]"
    exit 1
    ;;

esac



#1461471 Tunnel everything through Wireguard

Posted by MastaG on 20 June 2022 - 17:05

I'm running a Wireguard server on my home router and I'd like to tunnel everything on my enigma2 receiver through it. (e.g. Kodi with Netflix)

However I had a bit of trouble getting the default method working: /etc/wireguard/wg0.conf

[Interface]
Address = 10.10.0.2/24
PrivateKey = xx

[Peer]
PublicKey = yy
AllowedIPs = 0.0.0.0/0
Endpoint = my_wg_server.com:zzz
PersistentKeepalive = 25

This is because setting 0.0.0.0/0 for AllowedIPs will require some kernel module which is missing for my receiver.

 

After googling around a bit I figured I could also set: AllowedIPs = 0.0.0.0/1,128.0.0.0/1

This basically covers the whole internet.

But it didn't work for me.

Reason for this, is that it also tries to tunnel the default gateway of my internet connection (and thus the route to the wireguard server) when using these ranges.

 

So I figured I could just add a manual route to the wireguard server's endpoint using the default gateway after the tunnel has been setup.

In my case the default gateway would be 192.168.0.1, so basically after the tunnel has been setup I only have to do:

ip route add <wg_server_endpoint_ip> via 192.168.0.1

 

Now in order to automate this, I've hacked into an existing wireguard initscript: /etc/init.d/wireguard

#! /bin/bash

# Copyright (c) 2021 Karol Babioch <karol@babioch.de>

# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

# LSBInitScript for Wireguard: This is a leightweight init script for
# Wireguard. While Wireguard itself requires only minimal overhead to setup and
# start, it still requires some script invocations (e.g. during boot).
#
# Most distributions are using systemd by now, and as such can use
# wg-quick@.service. However some distributions / images / Linux appliances
# are not (yet) using systemd. In such cases, this init script could be used
# to (re)start and/or stop Wireguard.
#
# It can handle all configured Wireguard interfaces (within /etc/wireguard)
# globally and/or individual interfaces, e.g. (/etc/init.d/wireguard start wg0).
#
# It relies on wg(8) and wg-quick(8) in the background.

### BEGIN INIT INFO
# Provides:          wireguard
# Required-Start:    $network $syslog
# Required-Stop:     $network $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Starts Wireguard interfaces
# Description:       Sets up Wireguard interfaces (by means of wg-quick).
### END INIT INFO

CONFIG_DIR=/etc/wireguard

function get_active_wg_interfaces() {
  INTERFACES=$(wg | grep "interface:" | sed 's/interface: /\1/')
  echo "$INTERFACES"
}

function set_default_gw_for_endpoints() {
  GATEWAY="$(ip r | grep default | cut -d ' ' -f3)"
  if [ ! "${GATEWAY}" == "" ]
  then
    wg | sed -n '/0.0.0.0\/1, 128.0.0.0\/1/{x;p;d;}; x' | sed -e 's/^[ \t]*//' | cut -d' ' -f2 | cut -d':' -f1 | while read line
    do
      echo "Setting default gateway: ${GATEWAY} for endpoint ${line}"
      ip route add ${line} via ${GATEWAY}
    done
  else
    echo "Could not determine default gateway on this system!"
    echo "Not setting it for endpoints!"
  fi
}

function remove_default_gw_for_endpoints() {                                                      
  GATEWAY="$(ip r | grep default | cut -d ' ' -f3)"                                            
  if [ ! "${GATEWAY}" == "" ]                                                                  
  then                                                                                         
    wg | sed -n '/0.0.0.0\/1, 128.0.0.0\/1/{x;p;d;}; x' | sed -e 's/^[ \t]*//' | cut -d' ' -f2 | cut -d':' -f1 | while read line
    do                                                                                         
      echo "Removing default gateway: ${GATEWAY} for endpoint ${line}"                          
      ip route del ${line} via ${GATEWAY}                                                      
    done                                                                                       
  else                                                                                         
    echo "Could not determine default gateway on this system!"                               
  fi                                                                                           
}

# This is required for wg-quick(1) to work correctly, i.e. for process
# substitution (`<()`) to work in Bash. If missing, wg-quick will fail with a
# "fopen: No such file or directory" error.
[ -e /dev/fd ] || ln -sf /proc/self/fd /dev/fd

case "$1" in

  start)
    if [ -z "$2" ]; then
      echo "Starting all configured Wireguard interfaces"
      for CONFIG in $(cd $CONFIG_DIR; ls *.conf); do
        wg-quick up ${CONFIG%%.conf}
      done
    else
      echo "Starting Wireguard interface: $2"
      wg-quick up "$2"
    fi
    set_default_gw_for_endpoints
    ;;

  stop)
    remove_default_gw_for_endpoints
    if [ -z "$2" ]; then
      echo "Stopping all active Wireguard interfaces"
      INTERFACES=$(get_active_wg_interfaces)
      for INTERFACE in $INTERFACES; do
        wg-quick down "$INTERFACE"
      done
    else
      echo "Stopping Wireguard interface: $2"
      wg-quick down "$2"
    fi
    ;;

  reload|force-reload)
    remove_default_gw_for_endpoints
    if [ -z "$2" ]; then
      echo "Reloading configuration for all active Wireguard interfaces"
      INTERFACES=$(get_active_wg_interfaces)
      for INTERFACE in $INTERFACES; do
        wg syncconf "$INTERFACE" <(wg-quick strip "$INTERFACE")
      done
    else
      echo "Reloading configuration for Wireguard interface: $2"
      wg syncconf "$2" <(wg-quick strip "$2")
    fi
    set_default_gw_for_endpoints
    ;;

  restart)
    $0 stop "$2"
    sleep 1
    $0 start "$2"
    ;;

  status)
    # TODO Check exit codes and align them with LSB requirements
    if [ -z "$2" ]; then
      INTERFACES=$(get_active_wg_interfaces)
      for INTERFACE in $INTERFACES; do
        wg show $INTERFACE
      done
    else
      wg show "$2"
    fi
    ;;

  *)
    echo "Usage: $0 { start | stop | restart | reload | force-reload | status } [INTERFACE]"
    exit 1
    ;;

esac

It's a bit hacky but it does the job.

It will add a route the wireguard's server using your routrer's default gateway, but only for endpoints which have : AllowedIPs = 0.0.0.0/1,128.0.0.0/1 set.

 

Hope it help anybody out struggling with a full wireguard tunnel :)




#898090 Howto build unofficial pli for your unsupported receiver

Posted by MastaG on 14 June 2018 - 11:36

Don't say such things out loud.. you might wake-up gutemine..




#875617 Howto build unofficial pli for your unsupported receiver

Posted by MastaG on 23 April 2018 - 16:21

@everyone the directfb compile issues have been fixed.

Simply run ./pli-extras/update.sh

 

@dreamce

I only have a spark7162, but are you sure it's not related to reception?

Anyways I've reverted back to Taapat's changes.. so hopefully the next spark image will be better.

I'll release a new image when I'm done :)




#875047 Howto build unofficial pli for your unsupported receiver

Posted by MastaG on 22 April 2018 - 19:58

Yes I know I f'ed up.. Will fix the directfb thing tomorrow ;)


#866060 Howto build unofficial pli for your unsupported receiver

Posted by MastaG on 4 April 2018 - 13:35

@joni3333

Yes, I'm using Tapaat's driver as well and I have merged joeuser's public bits:

https://github.com/P.../commits/master

 

So I've added the cases for CA_SET_DESCR_MODE and CA_SET_DESCR_DATA.

And I've added the pti hal dummy functions for pti_hal_descrambler_set_aes and pti_hal_descrambler_set_mode.

 

But these are only dummy funcions and don't support descrambling of channels.

 

For this I need the non-public sources for pti_np which supports DES encryption for PowerVu.

And I don't have these.

 

Instead I have the pti_np from OE-Alliance which doesn't support DES (PowerVu) but CI+ instead.

So that one does feature pti_hal_descrambler_set_aes for CI+, but it has pti_hal_descrambler_set_mode stubbed out.

 

So get me the pti_np sources for PowerVu and I'll build a new image for you :)




#863813 Howto build unofficial pli for your unsupported receiver

Posted by MastaG on 30 March 2018 - 10:54

Yeah, you've updated the original patch instead of adding a new one :)

Great job!

Merged :)




#863324 Howto build unofficial pli for your unsupported receiver

Posted by MastaG on 29 March 2018 - 12:35

* New unofficial test build for Fulan sh4 (spark/spark7162)

Download: https://mega.nz/#F!v...DLHfab11t5_y5Sg

- Now built using -O2 instead of -Os, it feels a bit faster now

- Disabled zram by default as it slows down things

- Includes gstreamer 1.14 as well (thx Taapat)

- Uchardet upgraded to git version

- Merged PLi's latest enigma2 rev: 9310a05

- Built using latest openpli-oe-core rev: ab347d9

- Many cleanups and fixes

- Removed serviceapp

 

* Note: zram is disabled by default since we're using extra memory from video ram.

  This breaks PIP, but that was limited to SD-channels anyways.

  If you still want to use zram, login using telnet and issue the following commands:

 

touch /etc/.zram
reboot

 

* Note2: serviceapp has been removed in favor of Taapats service-player for libeplayer3 and gstreamer.

  The playback system is set to libeplayer3 by default, which provides the same playback functionality as serviceapp + exteplayer3 as default player.

  If you'd like to swtich to gstreamer 1.14, you can do this by going to: Menu -> Settings -> System -> Usage Setup (this requires a restart of enigma2)

  Exteplayer3 (and now also gstplayer) is still included for use with IPTV Player :)




#862871 Youtube Error

Posted by MastaG on 28 March 2018 - 10:47

@pzanone can you be a little bit more specific regarding your home build?

e.g. are you building your zgemma h5 image from vanilla openpli-oe-core from here https://github.com/O...pli-oe-core.git ?

Or are you also using the unofficial pli-extras ?

Did you run make update, prior to building your image ?

What OS are you building on ?

 

If your receiver hangs, you could try to login in with telnet, init 4 and start enigma2 with ENIGMA_DEBUG_LVL=4 and see some more info..




#862217 Youtube Error

Posted by MastaG on 26 March 2018 - 18:32

Yes I know.. still didnt have time to update the broken recipes/patches..


#861617 Howto build unofficial pli for your unsupported receiver

Posted by MastaG on 24 March 2018 - 20:00

MACHINE=dm800 bitbake -c cleanall -f linux-dreambox


#861590 Youtube Error

Posted by MastaG on 24 March 2018 - 18:55

Ahhhhh thanks fairbird and hains.. please submit a PR asap.. as I will not be able to use a computer in the following days :)


#861233 Youtube Error

Posted by MastaG on 23 March 2018 - 10:49

this is probably due to the recent upgrade to gstreamer 1.14

I'll test this later this weekend :)

Thanks for reporting.




#860744 Howto build unofficial pli for your unsupported receiver

Posted by MastaG on 22 March 2018 - 07:38

I got a failure for building odroid c2

 

ERROR: Task (/home/openvix/openpli-oe-core/pli-extras/recipes-connectivity/mediatek/rt7777_3.0.0.4.bb:do_compile) failed with exit code '1'

 

Any help would be greatly appreciated

 

What is your machine name?

e.g. MACHINE=what?

 

EDIT: nevermind, just run pli-extras/update.sh and your odroid image should build fine :)




#860729 Howto build unofficial pli for your unsupported receiver

Posted by MastaG on 21 March 2018 - 23:45

I don't get it, when I commited meta-meson I did test wetek-play2 without any ffmpeg or kernel problem so what has been changed?

My build server is always an Ubuntu LTS native.

I was able to reproduce the ffmpeg build error on aarch64 (raspberrypi3 64bit) architecture.

This is because arm64 will need: --enable-armv8 but also --enable-neon and --enable-vfp.. and none of the other (mipsel) related flags.

See my commit: https://github.com/O...e5e13b440e7ec63

 

For his other kernel patch, I think it fixes some usb-port related problems.. but it's not a build-issue.

 

 

In other news I've upgraded the gstreamer recipes to version 1.14: https://github.com/O...747a435d4fff9e0

This will require a reflash

It's because some plugins like mpg123 and lame have been promoted to the -good package.. and an upgrade from 1.12 -> 1.14 will not fix it.

 

So this will require massive testing on all official supported receivers, to make sure all supported media still works.

so everybody, please test the next nightly version and report back any problems!