Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
technical:wireguard-agent [2026/02/18 06:06] systemtechnical:wireguard-agent [2026/02/18 06:32] (current) – [Startup Files] system
Line 3: Line 3:
   * The **RADIUSdesk Wireguard Agent** is a lightweight add-on to Ubuntu or Raspberry Pi devices that serves as a broker between Wireguard and RADIUSdesk.   * The **RADIUSdesk Wireguard Agent** is a lightweight add-on to Ubuntu or Raspberry Pi devices that serves as a broker between Wireguard and RADIUSdesk.
   * It uses a couple of Lua based libraries and scripts to fulfill its mandate.   * It uses a couple of Lua based libraries and scripts to fulfill its mandate.
 +
  
 ------------- -------------
Line 40: Line 41:
 </code> </code>
  
 +--------
 ===== Configuration ===== ===== Configuration =====
  
Line 54: Line 56:
 </code> </code>
  
-=== Config File ===+==== Config File ====
  
-  * Configuration is done by tweaking the ///etc/accel-ppp-rd.conf// file.+  * Configuration is done by tweaking the ///etc/wireguard-rd.conf// file.
   * Refer to the sample below.   * Refer to the sample below.
-  * Here we run Wireguard on the same server as RADIUSdesk so we can specify 127.0.0.1 for IP Address. 
 <code bash> <code bash>
 [internet] [internet]
Line 69: Line 70:
 http_port=80 http_port=80
 https_port=443 https_port=443
-ip=127.0.1.1+ip=164.160.89.129
 interface=eth0 interface=eth0
  
Line 76: Line 77:
 </code> </code>
   * In our setup we have a RADIUSdesk server which has a FQDN of cloud.radiusdesk.com   * In our setup we have a RADIUSdesk server which has a FQDN of cloud.radiusdesk.com
-  * We also specify the fallback ip as 127.0.0.in the event when DNS does not resolve.+  * We also specify the fallback ip as 164.160.89.129 in the event when DNS does not resolve.
   * Protocol can be either https or http. We choose https which is more secure.   * Protocol can be either https or http. We choose https which is more secure.
   * We also specify the interface we want the Wireguard service to run on.   * We also specify the interface we want the Wireguard service to run on.
   * In our case we have a VPS with an Enternet port (eth0) where we will run Wireguard on.   * In our case we have a VPS with an Enternet port (eth0) where we will run Wireguard on.
 +  * If you run Wireguard on the same server as RADIUSdesk, you can specify **localhost** for dns and **127.0.0.1** for ip.
   * The agent will then fetch the MAC Address of this interface and forward the request for config to RADIUSdesk using this MAC Address as the unique identifier.   * The agent will then fetch the MAC Address of this interface and forward the request for config to RADIUSdesk using this MAC Address as the unique identifier.
   * Make changes to this file so that it works with your environment and device.   * Make changes to this file so that it works with your environment and device.
  
-=== Startup Files === +==== Startup Files ==== 
-  * Disable automatic startup of Wireguard.+  * We have two Systemd startup files which we copied to the ///etc/systemd/system// folder earlier. 
 +  * Disable Wireguard startup files if there are any.
 <code bash> <code bash>
-sudo systemctl disable wireguard+sudo systemctl disable wg-quick@wg0.service 
 +sudo systemctl disable wg-quick@wg1.service 
 +sudo systemctl disable wg-quick@wg2.service 
 +sudo systemctl disable wg-quick@wg3.service
 </code> </code>
-  * The startup file is ///etc/rc.local//+  * Enable everything
-  * You also have to tweak it to work on the device running the RADIUSdesk Accel-ppp Agent. +
-  * Refer to the sample below+
 <code bash> <code bash>
-#!/bin/bash +sudo systemctl daemon-reload
-iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE+
  
-cd /etc/MESHdesk+sudo systemctl enable rd-wireguard-init 
 +sudo systemctl enable rd-wireguard-heartbeat
  
-sleep 10 +sudo systemctl start rd-wireguard-init 
-/etc/MESHdesk/u.lua & +sudo systemctl start rd-wireguard-heartbeat
-sleep 10 +
-/etc/MESHdesk/heartbeat.lua &+
  
-exit 0 
 </code> </code>
-  * The important line is the one with the iptables rule for NAT. +  * Check if everything started up fine 
-  * With our setup the WAN connection / uplink is the WiFi interface, **wlan0**. +<code bash
-  * Make sure that your setup matches your device's configuration. +sudo journalctl -u rd-wireguard-init -f 
- +sudo journalctl -u rd-wireguard-heartbeat -f 
-<WRAP center round info 100%+</code
-Since PPPoE works on Layer2, you can have both the PPPoE and the WAN connection on one physical interface e.g eth0 in our case with the Pi. +  * Everything should now be in place and you can reboot the device and see if it is listed under **Wireguard Servers -> New Arrivals** 
-</WRAP> +
-  * On the Raspberry Pi the rc.local script was called automatically during startup. +
-  * On Ubuntu you'll probably have to follow these instructions to ensure that it starts up during boot time +
-  * http://radiusdesk.com/wiki/technical/ppp-pppoe-basic#add_masquerade_support_on_wan_enp0s3 +
-  * Everything should now be in place and you can reboot the device and see if it is listed under **Accel-ppp Servers -> New Arrivals**  +
- +
-==== RADIUS Client ==== +
-  * If your Accel-ppp server is using RADIUSdesk for its RADIUS component you have one last step to do. +
-  * You can do its RADIUS on-boarding by looking for it under RADIUS -> RADIUS Clients -> New Arrivals. +
-  * After you completed the on-boarding be sure to specify the Client Type as **Accel-On-RADIUSdesk**. +
-  * This will allow the code to follow the correct procedure when an active session for a user needs to be terminated. +
-{{:technical:pppoe:accel-type.png|}} +
  
  • technical/wireguard-agent.1771387601.txt.gz
  • Last modified: 2026/02/18 06:06
  • by system