UBports Robot Logo UBports Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    Tutorial - Wireguard Enable/Disable without an app using the launcher (including wifi toggle if you wish)

    Scheduled Pinned Locked Moved App Development
    wireguardtoggle
    5 Posts 3 Posters 7.2k Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
      Reply
      • Reply as topic
      Log in to reply
      This topic has been deleted. Only users with topic management privileges can see it.
      • J Offline
        joshndroid
        last edited by

        With things limited in the wireguard space apart from kernel support I had been yearning for an app to make life easier with setup and toggling but alas... The one on the store, while awesome, doesn't work with a device set up with a pin

        For ease, get your device working via ssh to make things quicker and easier.
        Another good thing to remember is that you will need to remount the filesystem in order to change things in various areas such as;

        sudo mount -o remount,rw /

        Firstly get yourself setup with wireguard on the device within terminal. You can use something like this here (minus the starting at boot and be mindful of how your wireguard server is created, whether the client information needs to be added through a gui, etc) - https://tech.serhatteker.com/post/2021-01/how-to-set-up-wireguard-client-on-ubuntu-desktop/

        With that, wireguard will work, however you need to run the command through terminal each time and supply a password... kinda annoying if your leaving home/work/ whatever.

        Here we can add a line in the sudoers file to access the wireguard command/s without the need to input a password. It will still require the use of 'sudo' however you wont be prompted. There is obviously a bit of a security risk adding things such as this to the sudoers file just to be mindful of that.

        anyway run (make sure your rw);

        sudo visudo

        and paste in this line at the bottom

        phablet ALL=NOPASSWD: /usr/bin/wg, /usr/bin/wg-quick

        Save...

        You should now be good to bring up the wireguard connection or down without being prompted for a password.

        From here we can create a script in order to connect/disconnect to our wireguard server

        For arguments sake we can call it wireguardup.sh and can place it within /home/phablet/ directory (for example)

        #!/bin/bash
sudo wg-quick up wg0
exit

        Save and make sure you have chmod +x on the script in order to allow it to execute.

        You can now make the reciprocating file with 'up' substituted with 'down' on both the script name and the wg-quick command line.
        You should now be able to run the associated script to bring the wireguard instance up or down.

        Now we can go further and get it to run from our application launcher.

        Let's get a couple rudimentary icons into place first (I have attached them to this post I knocked up in a couple minutes with gimp).
        Put them in an appropriate directory (for example we could use ~/.local/share/icons )

        wireguardup.png wireguarddown.png

        Now lets get a launcher entry working.
        These will need to go into ~/.local/share/applications/
        We can call it wireguardup.desktop

        Paste in the contents

        [Desktop Entry]
Version=1.0
Type=Application
Terminal=false
Exec=/home/phablet/wireguardup.sh
Icon=/home/phablet/.local/share/icons/wireguardup.png
Name=Wireguard UP
X-Ubuntu-Touch=true
X-Ubuntu-Default-Department-ID=accessories

        Remember this will need to have the appropriate location you stored your script as well as your icon to work correctly.
        You can then make the same thing again with the 'down' set of script & icon

        Now you could essentially just use this as is however if you want to take it a step further you can go back to your wireguardup.sh and modify it with further commands that you wish to run for example disabling wifi in line with your wireguard toggle.

        so for instance, you wish to turn off wifi when the wireguard tunnel is up your wireguardup.sh can be changed to something like this

        #!/bin/bash
nmcli radio wifi off
wait 5
sudo wg-quick up wg0
exit

        note - the wait command isn't explicitly necessary I just find that it works better for me if i give it a moment before connecting to wireguard

        You should now be good to connect and disconnect to your wireguard server with a single launcher click either way...

        There's probably a more elegant solution but in any event this works for now and might help someone else out there

        KenedaK 1 Reply Last reply Reply Quote 2
        • KenedaK Offline
          Keneda @joshndroid
          last edited by

          @joshndroid
          Does this work only on Pixel 3a/3a xl or it is device agnostic ?

          2015-2023 : Meizu MX4 ☠️⚰️✝️
          2023-2024 : Nexus 5 ☠️⚰️✝️
          2024-***** : FPOS Fairphone 5 waiting UT for freedom 😉
          🇲🇫🇬🇧

          J 1 Reply Last reply Reply Quote 0
          • J Offline
            joshndroid @Keneda
            last edited by

            While i only have a pixel 3a xl to test with the commands are agnostic

            KenedaK 1 Reply Last reply Reply Quote 0
            • KenedaK Offline
              Keneda @joshndroid
              last edited by

              @joshndroid
              Ok so i'll move to general so that it reach more people, maybe some will test it on other devices and report here if working.

              2015-2023 : Meizu MX4 ☠️⚰️✝️
              2023-2024 : Nexus 5 ☠️⚰️✝️
              2024-***** : FPOS Fairphone 5 waiting UT for freedom 😉
              🇲🇫🇬🇧

              1 Reply Last reply Reply Quote 1
              • KenedaK Keneda moved this topic from Google Pixel 3a/3a XL on
              • druk13D druk13 referenced this topic on
              • J Offline
                jibannez
                last edited by

                Hi,
                I tested this solution with a Mi A2 phone using latest focal version and it works fine. However, in my phone I had to add a 2 second sleep after bringing up the wg interface, and then I had to add again the routes to the wg network.

                The contents of wgup.sh script are:

                #!/bin/bash
sudo wg-quick up wg0
sleep 2
sudo ip -4 route add 10.8.0.1/32 dev wg0
sudo ip -4 route add 10.8.0.0/24 dev wg0
exit

                The wg kernel module is already enabled for this phone, as this command shows:

                cat /sys/module/wireguard/version
1.0.20201112
                1 Reply Last reply Reply Quote 0
                • CiberSheepC CiberSheep moved this topic from General on
                • First post
                  Last post