UBports Robot Logo UBports Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    Tutorial - Wireguard Enable/Disable without an app using the launcher (including wifi toggle if you wish)

    Scheduled Pinned Locked Moved
    App Development
    wireguard toggle
    3
    5
    5.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      joshndroid
      last edited by

      With things limited in the wireguard space apart from kernel support I had been yearning for an app to make life easier with setup and toggling but alas... The one on the store, while awesome, doesn't work with a device set up with a pin

      For ease, get your device working via ssh to make things quicker and easier.
      Another good thing to remember is that you will need to remount the filesystem in order to change things in various areas such as;

      sudo mount -o remount,rw /

      Firstly get yourself setup with wireguard on the device within terminal. You can use something like this here (minus the starting at boot and be mindful of how your wireguard server is created, whether the client information needs to be added through a gui, etc) - https://tech.serhatteker.com/post/2021-01/how-to-set-up-wireguard-client-on-ubuntu-desktop/

      With that, wireguard will work, however you need to run the command through terminal each time and supply a password... kinda annoying if your leaving home/work/ whatever.

      Here we can add a line in the sudoers file to access the wireguard command/s without the need to input a password. It will still require the use of 'sudo' however you wont be prompted. There is obviously a bit of a security risk adding things such as this to the sudoers file just to be mindful of that.

      anyway run (make sure your rw);

      sudo visudo

      and paste in this line at the bottom

      phablet ALL=NOPASSWD: /usr/bin/wg, /usr/bin/wg-quick

      Save...

      You should now be good to bring up the wireguard connection or down without being prompted for a password.

      From here we can create a script in order to connect/disconnect to our wireguard server

      For arguments sake we can call it wireguardup.sh and can place it within /home/phablet/ directory (for example)

      #!/bin/bash
sudo wg-quick up wg0
exit

      Save and make sure you have chmod +x on the script in order to allow it to execute.

      You can now make the reciprocating file with 'up' substituted with 'down' on both the script name and the wg-quick command line.
      You should now be able to run the associated script to bring the wireguard instance up or down.

      Now we can go further and get it to run from our application launcher.

      Let's get a couple rudimentary icons into place first (I have attached them to this post I knocked up in a couple minutes with gimp).
      Put them in an appropriate directory (for example we could use ~/.local/share/icons )

      wireguardup.png wireguarddown.png

      Now lets get a launcher entry working.
      These will need to go into ~/.local/share/applications/
      We can call it wireguardup.desktop

      Paste in the contents

      [Desktop Entry]
Version=1.0
Type=Application
Terminal=false
Exec=/home/phablet/wireguardup.sh
Icon=/home/phablet/.local/share/icons/wireguardup.png
Name=Wireguard UP
X-Ubuntu-Touch=true
X-Ubuntu-Default-Department-ID=accessories

      Remember this will need to have the appropriate location you stored your script as well as your icon to work correctly.
      You can then make the same thing again with the 'down' set of script & icon

      Now you could essentially just use this as is however if you want to take it a step further you can go back to your wireguardup.sh and modify it with further commands that you wish to run for example disabling wifi in line with your wireguard toggle.

      so for instance, you wish to turn off wifi when the wireguard tunnel is up your wireguardup.sh can be changed to something like this

      #!/bin/bash
nmcli radio wifi off
wait 5
sudo wg-quick up wg0
exit

      note - the wait command isn't explicitly necessary I just find that it works better for me if i give it a moment before connecting to wireguard

      You should now be good to connect and disconnect to your wireguard server with a single launcher click either way...

      There's probably a more elegant solution but in any event this works for now and might help someone else out there

      KenedaK 1 Reply Last reply Reply Quote 2
      • KenedaK
        Keneda @joshndroid
        last edited by

        @joshndroid
        Does this work only on Pixel 3a/3a xl or it is device agnostic ?

        2015-2023 : Meizu MX4 now in legacy drawer by lack of pristine battery šŸ˜«
        2023-***** : Nexus 5 (16.04 OTA 25) for daily use, slowly dying šŸ¤•
        2024-***** : Fairphone 5 waiting UT for freedom šŸ˜‰
        šŸ‡²šŸ‡«šŸ‡¬šŸ‡§

        J 1 Reply Last reply Reply Quote 0
        • J
          joshndroid @Keneda
          last edited by

          While i only have a pixel 3a xl to test with the commands are agnostic

          KenedaK 1 Reply Last reply Reply Quote 0
          • KenedaK
            Keneda @joshndroid
            last edited by

            @joshndroid
            Ok so i'll move to general so that it reach more people, maybe some will test it on other devices and report here if working.

            2015-2023 : Meizu MX4 now in legacy drawer by lack of pristine battery šŸ˜«
            2023-***** : Nexus 5 (16.04 OTA 25) for daily use, slowly dying šŸ¤•
            2024-***** : Fairphone 5 waiting UT for freedom šŸ˜‰
            šŸ‡²šŸ‡«šŸ‡¬šŸ‡§

            1 Reply Last reply Reply Quote 1
            • KenedaK Keneda moved this topic from Google Pixel 3a/3a XL on
            • druk13D druk13 referenced this topic on
            • J
              jibannez
              last edited by

              Hi,
              I tested this solution with a Mi A2 phone using latest focal version and it works fine. However, in my phone I had to add a 2 second sleep after bringing up the wg interface, and then I had to add again the routes to the wg network.

              The contents of wgup.sh script are:

              #!/bin/bash
sudo wg-quick up wg0
sleep 2
sudo ip -4 route add 10.8.0.1/32 dev wg0
sudo ip -4 route add 10.8.0.0/24 dev wg0
exit

              The wg kernel module is already enabled for this phone, as this command shows:

              cat /sys/module/wireguard/version
1.0.20201112
              1 Reply Last reply Reply Quote 0
              • CiberSheepC CiberSheep moved this topic from General on
              • First post
                Last post