Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		 Previous revision
technical:wireguard-agent [2026/02/17 04:45] – created systemtechnical:wireguard-agent [2026/02/18 06:32] (current) – [Startup Files] system
Line 4: Line 4:
   * It uses a couple of Lua based libraries and scripts to fulfill its mandate.   * It uses a couple of Lua based libraries and scripts to fulfill its mandate.
  
 +
 +-------------
 ===== Installation ===== ===== Installation =====
 ==== Please double check ==== ==== Please double check ====
Line 10: Line 12:
 sudo apt-get install iptables sudo apt-get install iptables
 </code> </code>
-        * Make sure packet forwarding for IPv4 is enabled. Edit the **/etc/sysctl.conf**.+        * Make sure packet forwarding for IPv4 is enabled. 
 +        * Edit the **/etc/sysctl.conf**.
         * Find and uncomment **net.ipv4.ip_forward=1** line.         * Find and uncomment **net.ipv4.ip_forward=1** line.
 +        * Apply all sysctl settings (recommended)
 +<code bash>
 +sudo sysctl -p
 +</code>
  
 ==== The Rest ==== ==== The Rest ====
Line 30: Line 37:
 sudo git clone https://github.com/RADIUSdesk/rdcore.git sudo git clone https://github.com/RADIUSdesk/rdcore.git
 #Link the wireguard agent's files to /etc directory. #Link the wireguard agent's files to /etc directory.
-#The accel-ppp folder is correct and part of the history of the project+#(btw the accel-ppp folder is correct and part of the history of the project)
 sudo ln -s /var/www/rdcore/cake4/rd_cake/setup/accel-ppp/MESHdesk /etc/MESHdesk sudo ln -s /var/www/rdcore/cake4/rd_cake/setup/accel-ppp/MESHdesk /etc/MESHdesk
 </code> </code>
  
 +--------
 ===== Configuration ===== ===== Configuration =====
  
-==== Startup and config reference files ==== +==== Startup and additional required files ==== 
-  * Copy the following reference files:+  * Copy the following files:
 <code bash> <code bash>
 #config file for the agent #config file for the agent
-sudo cp /etc/MESHdesk/files/accel-ppp-rd.conf /etc/ +sudo cp /etc/MESHdesk/files/wireguard-rd.conf /etc/ 
-#startup file. We make a backup first of the original one (of there were one+#Smart Queue Management (SQMand throttling scrip 
-cp /etc/rc.local /etc/rd.local.bak +sudo cp /etc/MESHdesk/files/cake-wg.sh /usr/local/sbin/ 
-sudo cp /etc/MESHdesk/files/rc.local /etc/+#Startup files 
 +sudo cp /etc/MESHdesk/files/rd-wireguard-init.service /etc/systemd/system/ 
 +sudo cp /etc/MESHdesk/files/rd-wireguard-heartbeat.service /etc/systemd/system/
 </code> </code>
  
-=== Config File ===+==== Config File ====
  
-  * Configuration is done by tweaking the ///etc/accel-ppp-rd.conf// file. +  * Configuration is done by tweaking the ///etc/wireguard-rd.conf// file. 
-  * Refer to the sample below+  * Refer to the sample below.
 <code bash> <code bash>
 [internet] [internet]
 disabled=0 disabled=0
 dns=cloud.radiusdesk.com dns=cloud.radiusdesk.com
 +url=cake4/rd_cake/nodes/get-config-for-node.json
 +status_url=cake4/rd_cake/node-reports/submit_report.json
 +actions_url=cake4/rd_cake/node-actions/get_actions_for.json
 protocol=https protocol=https
 http_port=80 http_port=80
 https_port=443 https_port=443
 ip=164.160.89.129 ip=164.160.89.129
 +interface=eth0
  
-[pppoe]+[wireguard]
 interface=eth0 interface=eth0
 </code> </code>
Line 65: Line 79:
   * We also specify the fallback ip as 164.160.89.129 in the event when DNS does not resolve.   * We also specify the fallback ip as 164.160.89.129 in the event when DNS does not resolve.
   * Protocol can be either https or http. We choose https which is more secure.   * Protocol can be either https or http. We choose https which is more secure.
-  * We also specify the interface we want the PPPoE service to run on. +  * We also specify the interface we want the Wireguard service to run on. 
-  * In our case we have a Raspberry Pi 4 with an Enternet port (eth0) where we will run the PPPoE service on.+  * In our case we have a VPS with an Enternet port (eth0) where we will run Wireguard on
 +  * If you run Wireguard on the same server as RADIUSdesk, you can specify **localhost** for dns and **127.0.0.1** for ip.
   * The agent will then fetch the MAC Address of this interface and forward the request for config to RADIUSdesk using this MAC Address as the unique identifier.   * The agent will then fetch the MAC Address of this interface and forward the request for config to RADIUSdesk using this MAC Address as the unique identifier.
   * Make changes to this file so that it works with your environment and device.   * Make changes to this file so that it works with your environment and device.
  
-=== Startup File === +==== Startup Files ===
-  * Disable automatic startup of Accel-ppp.+  * We have two Systemd startup files which we copied to the ///etc/systemd/system// folder earlier. 
 +  * Disable Wireguard startup files if there are any.
 <code bash> <code bash>
-sudo systemctl disable accel-ppp+sudo systemctl disable wg-quick@wg0.service 
 +sudo systemctl disable wg-quick@wg1.service 
 +sudo systemctl disable wg-quick@wg2.service 
 +sudo systemctl disable wg-quick@wg3.service
 </code> </code>
-  * The startup file is ///etc/rc.local//+  * Enable everything
-  * You also have to tweak it to work on the device running the RADIUSdesk Accel-ppp Agent. +
-  * Refer to the sample below+
 <code bash> <code bash>
-#!/bin/bash +sudo systemctl daemon-reload
-iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE+
  
-cd /etc/MESHdesk+sudo systemctl enable rd-wireguard-init 
 +sudo systemctl enable rd-wireguard-heartbeat
  
-sleep 10 +sudo systemctl start rd-wireguard-init 
-/etc/MESHdesk/u.lua & +sudo systemctl start rd-wireguard-heartbeat
-sleep 10 +
-/etc/MESHdesk/heartbeat.lua &+
  
-exit 0 
 </code> </code>
-  * The important line is the one with the iptables rule for NAT. +  * Check if everything started up fine 
-  * With our setup the WAN connection / uplink is the WiFi interface, **wlan0**. +<code bash
-  * Make sure that your setup matches your device's configuration. +sudo journalctl -u rd-wireguard-init -f 
- +sudo journalctl -u rd-wireguard-heartbeat -f 
-<WRAP center round info 100%+</code
-Since PPPoE works on Layer2, you can have both the PPPoE and the WAN connection on one physical interface e.g eth0 in our case with the Pi. +  * Everything should now be in place and you can reboot the device and see if it is listed under **Wireguard Servers -> New Arrivals** 
-</WRAP> +
-  * On the Raspberry Pi the rc.local script was called automatically during startup. +
-  * On Ubuntu you'll probably have to follow these instructions to ensure that it starts up during boot time +
-  * http://radiusdesk.com/wiki/technical/ppp-pppoe-basic#add_masquerade_support_on_wan_enp0s3 +
-  * Everything should now be in place and you can reboot the device and see if it is listed under **Accel-ppp Servers -> New Arrivals**  +
- +
-==== RADIUS Client ==== +
-  * If your Accel-ppp server is using RADIUSdesk for its RADIUS component you have one last step to do. +
-  * You can do its RADIUS on-boarding by looking for it under RADIUS -> RADIUS Clients -> New Arrivals. +
-  * After you completed the on-boarding be sure to specify the Client Type as **Accel-On-RADIUSdesk**. +
-  * This will allow the code to follow the correct procedure when an active session for a user needs to be terminated. +
-{{:technical:pppoe:accel-type.png|}} +
  
  • technical/wireguard-agent.1771296308.txt.gz
  • Last modified: 2026/02/17 04:45
  • by system