====== RADIUSdesk Wireguard Agent ======
===== Overview =====
  * The **RADIUSdesk Wireguard Agent** is a lightweight add-on to Ubuntu or Raspberry Pi devices that serves as a broker between Wireguard and RADIUSdesk.
  * It uses a couple of Lua based libraries and scripts to fulfill its mandate.


-------------
===== Installation =====
==== Please double check ====
  * Make sure the iptables package is installed. (It was not installed on my Raspberry Pi OS image)
<code bash>
sudo apt-get install iptables
</code>
        * Make sure packet forwarding for IPv4 is enabled.
        * Edit the **/etc/sysctl.conf**.
        * Find and uncomment **net.ipv4.ip_forward=1** line.
        * Apply all sysctl settings (recommended)
<code bash>
sudo sysctl -p
</code>

==== The Rest ====

  * Make sure the Wireguard package is installed.
<code bash>
sudo apt update
sudo apt install wireguard
</code>
  * Install the following packages.
<code bash>
sudo apt-get install -y curl lua-socket lua-cjson luarocks
sudo luarocks install inifile
</code>
  * Check out the latest RADIUSdesk code
<code bash>
cd /var/www
sudo git clone https://github.com/RADIUSdesk/rdcore.git
#Link the wireguard agent's files to /etc directory.
#(btw the accel-ppp folder is correct and part of the history of the project)
sudo ln -s /var/www/rdcore/cake4/rd_cake/setup/accel-ppp/MESHdesk /etc/MESHdesk
</code>

--------
===== Configuration =====

==== Startup and additional required files ====
  * Copy the following files:
<code bash>
#config file for the agent
sudo cp /etc/MESHdesk/files/wireguard-rd.conf /etc/
#Smart Queue Management (SQM) and throttling scrip
sudo cp /etc/MESHdesk/files/cake-wg.sh /usr/local/sbin/
#Startup files
sudo cp /etc/MESHdesk/files/rd-wireguard-init.service /etc/systemd/system/
sudo cp /etc/MESHdesk/files/rd-wireguard-heartbeat.service /etc/systemd/system/
</code>

==== Config File ====

  * Configuration is done by tweaking the ///etc/wireguard-rd.conf// file.
  * Refer to the sample below.
<code bash>
[internet]
disabled=0
dns=cloud.radiusdesk.com
url=cake4/rd_cake/nodes/get-config-for-node.json
status_url=cake4/rd_cake/node-reports/submit_report.json
actions_url=cake4/rd_cake/node-actions/get_actions_for.json
protocol=https
http_port=80
https_port=443
ip=164.160.89.129
interface=eth0

[wireguard]
interface=eth0
</code>
  * In our setup we have a RADIUSdesk server which has a FQDN of cloud.radiusdesk.com
  * We also specify the fallback ip as 164.160.89.129 in the event when DNS does not resolve.
  * Protocol can be either https or http. We choose https which is more secure.
  * We also specify the interface we want the Wireguard service to run on.
  * In our case we have a VPS with an Enternet port (eth0) where we will run Wireguard on.
  * If you run Wireguard on the same server as RADIUSdesk, you can specify **localhost** for dns and **127.0.0.1** for ip.
  * The agent will then fetch the MAC Address of this interface and forward the request for config to RADIUSdesk using this MAC Address as the unique identifier.
  * Make changes to this file so that it works with your environment and device.

==== Startup Files ====
  * We have two Systemd startup files which we copied to the ///etc/systemd/system// folder earlier.
  * Disable Wireguard startup files if there are any.
<code bash>
sudo systemctl disable wg-quick@wg0.service
sudo systemctl disable wg-quick@wg1.service
sudo systemctl disable wg-quick@wg2.service
sudo systemctl disable wg-quick@wg3.service
</code>
  * Enable everything
<code bash>
sudo systemctl daemon-reload

sudo systemctl enable rd-wireguard-init
sudo systemctl enable rd-wireguard-heartbeat

sudo systemctl start rd-wireguard-init
sudo systemctl start rd-wireguard-heartbeat

</code>
  * Check if everything started up fine
<code bash>
sudo journalctl -u rd-wireguard-init -f
sudo journalctl -u rd-wireguard-heartbeat -f
</code>
  * Everything should now be in place and you can reboot the device and see if it is listed under **Wireguard Servers -> New Arrivals**