Jump to content
Not connected, Your IP: 52.203.18.65
Staff

WireGuard beta testing available

Recommended Posts

For anyone running a synology device (I'm running a 920+ on v7), here's a quick guide to get setup:
 

Installing Wireguard App

1. go to https://github.com/runfalk/synology-wireguard
2. if you are in the compatibility list - download the spk and install it, then run the command
sudo /var/packages/WireGuard/scripts/start
then proceed to install gluetun
3. if you are not in the compatibility list- download a copy of https://github.com/runfalk/synology-wireguard.git
     find your architecture https://kb.synology.com/en-global/DSM/tutorial/What_kind_of_CPU_does_my_NAS_have
       for this example I have a ds920+ so I am building geminilake
4. build the spk // create a copy of the files on any device with docker that isn't your synology
    create a folder named 'artifacts' in this folder
    create a folder named 'toolkit' in this folder
      optional: download base_env-7.0.txz, dev.txz and env.txz from https://sourceforge.net/projects/dsgpl/files/toolkit/DSM7.0/ for your version and place in /toolkit folder
  run the command
 docker run --rm --privileged --env PACKAGE_ARCH=geminilake --env DSM_VER=7.0 -v $(pwd)/artifacts:/result_spk -v $(pwd)/toolkit:/toolkit_tarballs synobuild
  note- you may need to convert $(pwd) to the appropriate command depending on if you're compiling this in linux or another operating system. $(pwd) = path to working directory
  note2: if the build fails with a certificate error like it did for me, add --no-check-certificate to lines 26, 39, 42 of Makefile
   
5. after it's built, use package center to install the .spk file (located in artifacts container)
6. ssh in and run the command
sudo /var/packages/WireGuard/scripts/start

Installing Gluetun (establishing wireguard connection)

Gluetun is available on docker  and allows connections for a variety of vpn clients like openvpn and wireguard.

If you're lazy, here's a docker compose for it. You can find all the relevant keys and IPs in the .conf file generated on the AirVPN config generator
version: "3"
services:
  gluetun:
    image: qmcgaw/gluetun
    cap_add:
      - NET_ADMIN
    environment:
      - VPNSP=custom
      - VPN_TYPE=wireguard

      - WIREGUARD_ENDPOINT_IP= <convert endpoint to IP by pinging address>
      - WIREGUARD_ENDPOINT_PORT= 1637
      - WIREGUARD_PUBLIC_KEY= <copy key>
      - WIREGUARD_PRIVATE_KEY= <copy key>
      - WIREGUARD_PRESHARED_KEY= <copy key>
      - WIREGUARD_ADDRESS= <copy address from interface>
After you have a stack up and running connected to wireguard, all you need to do is route the traffic however you wish (such as by using network_mode: container:<container name> in the docker compose of another stack).

Share this post


Link to post
Posted ... (edited)
@gaywallet Thanks for your writeup there, ive been running wireguard like this for a while now.

I have some remarks, and some other findings about this method i would like to share.

- Building the spk for wg on the 920 gave me some problems, the advice is to build it
on a different machine. I ended up downloading a pre-build package.
- But actually you can run this without  kernel packages, gluetun also runs in user space.

Could you check (or maybe you already noticed) if gleutun gives every second HDD activity ?
Or, better. I noticed that the container for gleutun makes docker acces the hdd every few seconds.
I moved the stuff over to a nvme volume, to avoid this hdd rumble.

And, maybe you could share with me how you change the endpoints. For now i change it 
one in a while in the container config. Stop/change/start. Not the best way.



  Edited ... by x10

Share this post


Link to post
11 hours ago, x10 said:
Could you check (or maybe you already noticed) if gleutun gives every second HDD activity ?
Or, better. I noticed that the container for gleutun makes docker acces the hdd every few seconds.
I moved the stuff over to a nvme volume, to avoid this hdd rumble.

Pulled up stats for a few minutes and noticed no hdd activity. All ram and cpu.
 
11 hours ago, x10 said:
And, maybe you could share with me how you change the endpoints. For now i change it 
one in a while in the container config. Stop/change/start. Not the best way.

I don't change the endpoints manually at all, I let docker do all the work by simply specifying the network on other containers via docker compose and network_mode: container

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...