This is a bit of a guide to setup a wireguard connection when using Astrill VPN.
This only works with ROS 7+
-
Login to your Astrill account.
-
Go VPN service and then Wireguard configurations “generate Now”
https://www.astrill.com/member-zone/tools/wireguard-configuration -
Download the configuration and open in something like notepad++
-
Open up the wireguard configuration.
Load the details in for the wireguard interface.
Note :You need to the = sign in at the end of the Private Keys section. The MTU size from Astrill is only 1340 bytes (when I wrote this) change that as per the text file.
-
Configure the wireguard peer.
Note the destination port
-
Configure the IP address for the wireguard interface
Now you should be able to “ping 8.8.8.8 interface=wireguard1” from the terminal. -
Routing > Tables
Make a separate routing table, call it what you like.
-
Make rules to direct the traffic from device to that specific routing table you just created.
-
Add a default address.
This is a little bit of guesswork since the Astrill file contains no routing information. I manually created one and set the gateway as the same address as the DNS server, it seemed to work.
-
Finally a masquerade rule in the firewall.
The device needs to have its DNS lookup modified if it was originally pointing towards the router, which is pretty common. A dead give away is to ping a google server and see which server responds. Here I ping google.it. Now the round trip time is a bit slow but more importantly it’s the Sydney server responding.
PING google.it (142.250.204.3) 56(84) bytes of data.
64 bytes from syd09s25-in-f3.1e100.net (142.250.204.3): icmp_seq=1 ttl=114 time=477 ms
64 bytes from syd09s25-in-f3.1e100.net (142.250.204.3): icmp_seq=2 ttl=114 time=478 ms
64 bytes from syd09s25-in-f3.1e100.net (142.250.204.3): icmp_seq=3 ttl=114 time=478 ms
^C
— google.it ping statistics —
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 477.420/477.668/478.027/0.259 ms
Now with the DNS redirected to the wireguard config you downloaded.
PING google.it (172.217.169.195) 56(84) bytes of data.
64 bytes from sof02s34-in-f3.1e100.net (172.217.169.195): icmp_seq=1 ttl=120 time=181 ms
64 bytes from sof02s34-in-f3.1e100.net (172.217.169.195): icmp_seq=2 ttl=120 time=181 ms
64 bytes from sof02s34-in-f3.1e100.net (172.217.169.195): icmp_seq=3 ttl=120 time=181 ms
^C
— google.it ping statistics —
7 packets transmitted, 7 received, 0% packet loss, time 6012ms
rtt min/avg/max/mdev = 180.446/180.601/180.931/0.185 ms
Then you should be able to ping something like your normal google address and get a round trip time like you expect for where ever your wireguard interface terminates.