Tutorial - Wireguard Enable/Disable without an app using the launcher (including wifi toggle if you wish)

joshndroid

With things limited in the wireguard space apart from kernel support I had been yearning for an app to make life easier with setup and toggling but alas... The one on the store, while awesome, doesn't work with a device set up with a pin

For ease, get your device working via ssh to make things quicker and easier.
Another good thing to remember is that you will need to remount the filesystem in order to change things in various areas such as;

sudo mount -o remount,rw /

Firstly get yourself setup with wireguard on the device within terminal. You can use something like this here (minus the starting at boot and be mindful of how your wireguard server is created, whether the client information needs to be added through a gui, etc) - https://tech.serhatteker.com/post/2021-01/how-to-set-up-wireguard-client-on-ubuntu-desktop/

With that, wireguard will work, however you need to run the command through terminal each time and supply a password... kinda annoying if your leaving home/work/ whatever.

Here we can add a line in the sudoers file to access the wireguard command/s without the need to input a password. It will still require the use of 'sudo' however you wont be prompted. There is obviously a bit of a security risk adding things such as this to the sudoers file just to be mindful of that.

anyway run (make sure your rw);

sudo visudo

and paste in this line at the bottom

phablet ALL=NOPASSWD: /usr/bin/wg, /usr/bin/wg-quick

Save...

You should now be good to bring up the wireguard connection or down without being prompted for a password.

From here we can create a script in order to connect/disconnect to our wireguard server

For arguments sake we can call it wireguardup.sh and can place it within /home/phablet/ directory (for example)

#!/bin/bash
sudo wg-quick up wg0
exit

Save and make sure you have chmod +x on the script in order to allow it to execute.

You can now make the reciprocating file with 'up' substituted with 'down' on both the script name and the wg-quick command line.
You should now be able to run the associated script to bring the wireguard instance up or down.

Now we can go further and get it to run from our application launcher.

Let's get a couple rudimentary icons into place first (I have attached them to this post I knocked up in a couple minutes with gimp).
Put them in an appropriate directory (for example we could use ~/.local/share/icons )

Now lets get a launcher entry working.
These will need to go into ~/.local/share/applications/
We can call it wireguardup.desktop

Paste in the contents

[Desktop Entry]
Version=1.0
Type=Application
Terminal=false
Exec=/home/phablet/wireguardup.sh
Icon=/home/phablet/.local/share/icons/wireguardup.png
Name=Wireguard UP
X-Ubuntu-Touch=true
X-Ubuntu-Default-Department-ID=accessories

Remember this will need to have the appropriate location you stored your script as well as your icon to work correctly.
You can then make the same thing again with the 'down' set of script & icon

Now you could essentially just use this as is however if you want to take it a step further you can go back to your wireguardup.sh and modify it with further commands that you wish to run for example disabling wifi in line with your wireguard toggle.

so for instance, you wish to turn off wifi when the wireguard tunnel is up your wireguardup.sh can be changed to something like this

#!/bin/bash
nmcli radio wifi off
wait 5
sudo wg-quick up wg0
exit

note - the wait command isn't explicitly necessary I just find that it works better for me if i give it a moment before connecting to wireguard

You should now be good to connect and disconnect to your wireguard server with a single launcher click either way...

There's probably a more elegant solution but in any event this works for now and might help someone else out there

Keneda

@joshndroid
Does this work only on Pixel 3a/3a xl or it is device agnostic ?

joshndroid

While i only have a pixel 3a xl to test with the commands are agnostic

Keneda

@joshndroid
Ok so i'll move to general so that it reach more people, maybe some will test it on other devices and report here if working.

jibannez

Hi,
I tested this solution with a Mi A2 phone using latest focal version and it works fine. However, in my phone I had to add a 2 second sleep after bringing up the wg interface, and then I had to add again the routes to the wg network.

The contents of wgup.sh script are:

#!/bin/bash
sudo wg-quick up wg0
sleep 2
sudo ip -4 route add 10.8.0.1/32 dev wg0
sudo ip -4 route add 10.8.0.0/24 dev wg0
exit

The wg kernel module is already enabled for this phone, as this command shows:

cat /sys/module/wireguard/version
1.0.20201112