FatDog902 & FatDog903 - How to connect to the free Cloudflare Warp VPN Wireguard Server using the FOSS Wireguard Client

Moderators: kirk, jamesbond, p310don, JakeSFR, step, Forum moderators

Post Reply
dogcat
Posts: 262
Joined: Fri Feb 18, 2022 11:14 pm
Has thanked: 70 times
Been thanked: 121 times

FatDog902 & FatDog903 - How to connect to the free Cloudflare Warp VPN Wireguard Server using the FOSS Wireguard Client

Post by dogcat »

The following instructions are specific to FatDog902
For FatDog903 instructions please see this post.

The Wireguard module is built into the Linux Kernel since version 5.5, all we need to actually install to Fatdog-902 are 2 programs, after installing those 2 packages you then use the wgcf utility (downloaded from github) to generate the user credentials to login to the Cloudflare Warp VPN Server.

The 2 programs to install are
openresolv (from Fatdog repository using the FatDog gslapt package manager),
wireguard-tools (from Fatdog repository using the FatDog gslapt package manager),

---------------
The wgcf utility is used to generate the login credentials, it is downloaded from github (see below). wgcf creates the wireguard login credentials by accessing the Cloudflare Warp VPN Wireguard Server and creating the needed keys. wgcf only needs to be run once to create the login credentials for the Cloudflare VPN Wireguard Server unless you want more than one set of login credentials. There is nothing stopping you from running it multiple times.

The wgcf github page where you can read about what it does
https://github.com/ViRb3/wgcf/

The wgcf utility is 8MB and is available from this page
https://github.com/ViRb3/wgcf/releases

:arrow: The direct link to the correct package for Fatdog902 is
https://github.com/ViRb3/wgcf/releases/ ... inux_amd64
It is the latest version 2.2.22 (2024-03-09).

--------------------

Here is a suggested order for setting this up but the order is not real important.

1.Install openresolv using the Fatdog gslapt package manager (needed for resolvconf)

2.Install wireguard-tools using the Fatdog gslapt package manager (needed for using wireguard)

3. Download the wgcf utility. You will need to make it executable after downloading, it is also easier to use in the terminal if you shorten the name to just wgcf, but that is a personal choice. (I use wgcf in the examples below instead of the downloaded name ofwgcf_2.2.22_linux_amd64).

The wgcf program is only used once to generate credentials, you only have to use it once unless you are setting up more credentials, it sets up the credentials through the Cloudflare Warp VPN Wireguard Server. You will need to be connected to the internet for it to work.
NOTE: Sometimes the Cloudflare Server will throw an error during registration, you will see the errors in the terminal output. If that happens delete the wgcf-account.toml file that was created (it will have errors!) and try again in a few minutes.

After downloading and making the wgcf utility executable, have an internet connection, open a terminal in the same directory as your wgcf utility and enter the following two commands (if curious you can see the whole list of commands with wgcf --help )

Code: Select all

./wgcf register

(this sets up the cloudflare credentials and will create a file named wgcf-account.toml. That file is used to generate the wgcf-account.conf (more below)

followed by

Code: Select all

./wgcf generate

(this will create a file named wgcf-account.conf that Wireguard uses to login to the Cloudflare Warp Wireguard Server.

:arrow: IMPORTANT! After you generate the wgcf-account.conf file, there is a small edit you need to do to that file, open the wgcf-account.conf file in your text editor and remove the line
AllowedIPs = ::/0

Example of what to edit in the wgcf-account.conf file below
-----------------------------------------------------------
[Interface]
PrivateKey = xxxxxxxxxxxxxxx
Address = 172.16.0.2/32
Address = 2606:4700:110:8700:9cca:3f02:9cd0:18b7/128
DNS = 1.1.1.1, 1.0.0.1, 2606:4700:4700::1111, 2606:4700:4700::1001
MTU = 1280
[Peer]
PublicKey = xxxxxxxxxxxxxxxxx
AllowedIPs = 0.0.0.0/0
AllowedIPs = ::/0 DELETE THIS LINE
Endpoint = engage.cloudflareclient.com:2408

That deleted line tells Wireguard to set up ipv6 addresses but that will not work in Fatdog902, it will prevent the service from running because of an error due to the kernel not having CONFIG_IPV6_MULTIPLE_TABLES set. From what I understand that line allows multiple ipv6 address rules in the system and we can only have one ipv6 network address rule because that line is not set in the kernel. That may limit our Cloudflare Warp VPN Server to only using ipv4 connections using this method.

After editing and removing that line from the wgcf-account.conf file, save the file. You can rename the wgcf-account.conf if you like, I renamed mine to fatdog902_vpn.conf , but do not change the .conf extension. You will be using the terminal to start and stop the Wireguard service with that file name.

:arrow: Now copy that edited .conf file to the /etc/wireguard/ directory where wireguard can see it.
--------------------
All set and ready to connect!

Open a terminal enter the following to start the wireguard service and connect to the Cloudflare Warp Wireguard VPN

Code: Select all

wg-quick up wgcf-account

(if you renamed the wgcf-account.conf file, then replace the wgcf-account file name in the above line with the new file name), you dont need to enter the .conf extension.

You should now be connected to the Cloudflare Warp VPN Server. Verify your new ip and dns at an online web service such as https://browserleaks.com/dns

---------------------
To disconnect from the server

Code: Select all

wg-quick down wgcf-account

(if you renamed the wgcf-account.conf file then replace the wgcf-account name in the above line with the new file name), you dont need to enter the .conf extension. I renamed mine to fatdog902_vpn.conf , that is what is shown in the pic below.

wg-quick_up.png
wg-quick_up.png (61.42 KiB) Viewed 1088 times

-------------------
Edited 08-10-2024 to make this (hopefully) easier to understand :)
Edited 08-11-2024 wireguard-tools recommended source changed to gslapt package manager
Edited 08-23-2024 added link to instructions for FatDog903 and changed post title name to reflect that

Last edited by dogcat on Fri Aug 23, 2024 4:51 pm, edited 4 times in total.

Μακάριοι οι καθαροί στην καρδιά * επειδή, θα δουν τον Θεό.

Neo_78
Posts: 407
Joined: Wed Dec 29, 2021 10:45 pm
Has thanked: 232 times
Been thanked: 11 times

Re: Fatdog64-9.02 - How to connect to the Free Cloudflare Warp VPN Wireguard Server using the FOSS Wireguard Client

Post by Neo_78 »

Thanks for your detailed guide @dogcat! :goodpost:

Aren't the required wireguard packages available in Gslapt?

Which ports exactly need to be open in the Firewall?

Can this setup also be used for commercial Warp+ subscriptions?

Can you run this as a non-root user?

Looking forward to your feedback! :thumbup:

jamesbond
Posts: 716
Joined: Tue Aug 11, 2020 3:02 pm
Location: The Pale Blue Dot
Has thanked: 124 times
Been thanked: 402 times

Re: Fatdog64-9.02 - How to connect to the Free Cloudflare Warp VPN Wireguard Server using the FOSS Wireguard Client

Post by jamesbond »

Thank you @dogcat for the detailed guide :thumbup:

1. I've just tested with wireguard-tools in the gslapt report and it works as well.
2. I will add IPV6_MULTIPLE_TABLES in future kernels.

dogcat
Posts: 262
Joined: Fri Feb 18, 2022 11:14 pm
Has thanked: 70 times
Been thanked: 121 times

Re: Fatdog64-9.02 - How to connect to the Free Cloudflare Warp VPN Wireguard Server using the FOSS Wireguard Client

Post by dogcat »

Hi @Neo_78, I am a relative noobie with VPN settings, please forgive me for the incomplete answers.

Neo_78 wrote: Sun Aug 11, 2024 12:24 am

Thanks for your detailed guide @dogcat! :goodpost:

Aren't the required wireguard packages available in Gslapt?

Yes they are, thanks for pointing that out! Tested and worked fine, I modified the instructions to source that package from gslapt package manager :)

Which ports exactly need to be open in the Firewall?

I don't know exactly. I am running the firewall using the default settings.

Can this setup also be used for commercial Warp+ subscriptions?

Looks like there is a way to do that https://github.com/ViRb3/wgcf/#change-license-key
(scroll down to "Change license key" if the link does not go directly to that info)

Can you run this as a non-root user?

Wireguard is a system service so I think it would need to be started with root user credentials. I am running as root user but the browsers run as user "spot" without problems through the service.

Looking forward to your feedback! :thumbup:

[/quote]
Glad to help!

Μακάριοι οι καθαροί στην καρδιά * επειδή, θα δουν τον Θεό.

dogcat
Posts: 262
Joined: Fri Feb 18, 2022 11:14 pm
Has thanked: 70 times
Been thanked: 121 times

Re: Fatdog64-9.02 - How to connect to the Free Cloudflare Warp VPN Wireguard Server using the FOSS Wireguard Client

Post by dogcat »

jamesbond wrote: Sun Aug 11, 2024 12:40 am

Thank you @dogcat for the detailed guide :thumbup:

1. I've just tested with wireguard-tools in the gslapt report and it works as well.
2. I will add IPV6_MULTIPLE_TABLES in future kernels.

Hi @jamesbond ,
I did not see the wireguard-tools in gslapt (probably had not updated gslapt before I looked :oops: )
Instructions adjusted :thumbup:

Thanks for testing!

Μακάριοι οι καθαροί στην καρδιά * επειδή, θα δουν τον Θεό.

dogcat
Posts: 262
Joined: Fri Feb 18, 2022 11:14 pm
Has thanked: 70 times
Been thanked: 121 times

FatDog902 & FatDog903 - How to connect to the free Cloudflare Warp VPN Wireguard Server using the FOSS Wireguard Client

Post by dogcat »

The following instructions are specific to FatDog903 due to kernel configuration improvements in FatDog903. (Thanks to @jamesbond & The FatDog Team!)
For FatDog902 instructions please see this post.
-----------------

How to install the free and open source Wireguard Client and set up a free Cloudflare Warp Wireguard login in FatDog903.

The Wireguard module is built into the Linux Kernel since version 5.5, all we need to actually install to Fatdog-903 are 2 programs, after installing those 2 packages you then use the wgcf utility (downloaded from github) to generate the user credentials to login to the Cloudflare Warp VPN Server.

The 2 programs to install are
openresolv (from Fatdog repository using gslapt package manager),
wireguard-tools (from Fatdog repository using gslapt package manager),

---------------
The wgcf utility is used to generate the login credentials, it is downloaded from github (see below). wgcf creates the wireguard login credentials by accessing the Cloudflare Warp VPN Wireguard Server and creating the needed keys. wgcf only needs to be run once to create the login credentials for the Cloudflare VPN Wireguard Server unless you want more than one set of login credentials. There is nothing stopping you from running it multiple times.

The wgcf github page where you can read about what it does
https://github.com/ViRb3/wgcf/

The wgcf utility is 8MB and is available from this page
https://github.com/ViRb3/wgcf/releases

:arrow: The direct link to the correct package for Fatdog903 is
https://github.com/ViRb3/wgcf/releases/ ... inux_amd64
It is the latest version 2.2.22 (2024-03-09).

--------------------

Here is a suggested order for setting this up but the order is not real important.

1.Install openresolv using the Fatdog gslapt package manager (needed for resolvconf)

2.Install wireguard-tools using the Fatdog gslapt package manager (needed for using wireguard)

3. Download the wgcf utility. You will need to make it executable after downloading, it is also easier to use in the terminal if you shorten the name to just wgcf, but that is a personal choice. (I use wgcf in the examples below instead of the downloaded name of wgcf_2.2.22_linux_amd64).

The wgcf program is only used once to generate credentials, you only have to use it once unless you are setting up more credentials, it sets up the credentials through the Cloudflare Warp VPN Wireguard Server. You will need to be connected to the internet for it to work.
NOTE: Sometimes the Cloudflare Server will throw an error during registration, you will see the errors in the terminal output. If that happens delete the wgcf-account.toml file that was created (it will have errors!) and try again in a few minutes.

After downloading and making the wgcf utility executable, have an internet connection, open a terminal in the same directory as your wgcf utility and enter the following two commands (if curious you can see the whole list of commands with wgcf --help )

Code: Select all

./wgcf register

(this sets up the cloudflare credentials and will create a file named wgcf-account.toml. That file is used to generate the wgcf-account.conf (more below)

followed by

Code: Select all

./wgcf generate

(this will create a file named wgcf-account.conf that Wireguard uses to login to the Cloudflare Warp Wireguard Server.

You can rename the wgcf-account.conf file if you like, I renamed mine to myfatdog_vpn.conf , but do not change the .conf extension. You will be using the terminal to start and stop the Wireguard service with that file name.

:arrow: Now copy that .conf file to the /etc/wireguard/ directory where wireguard can see it.
--------------------
All set and ready to connect!

Open a terminal enter the following to start the wireguard service and connect to the Cloudflare Warp Wireguard VPN

Code: Select all

wg-quick up wgcf-account

(if you renamed the wgcf-account.conf file, then replace the wgcf-account file name in the above line with the new file name), you dont need to enter the .conf extension.

You should now be connected to the Cloudflare Warp VPN Server. Verify your new ip and dns at an online web service such as https://browserleaks.com/dns

---------------------
To disconnect from the server

Code: Select all

wg-quick down wgcf-account

(if you renamed the wgcf-account.conf file then replace the wgcf-account name in the above line with the new file name), you dont need to enter the .conf extension. I renamed mine to myfatdog_vpn.conf , that is what is shown in the pic below.

fatdog903.png
fatdog903.png (77.37 KiB) Viewed 830 times

-------------------
The difference between the FatDog903 install instructions and the FatDog902 install instructions is that in FatDog903 it is no longer needed to edit the wgcf-account.conf , that is due to having CONFIG_IPV6_MULTIPLE_TABLES option set in the FatDog903 kernel configuration.

Μακάριοι οι καθαροί στην καρδιά * επειδή, θα δουν τον Θεό.

Post Reply

Return to “FatDog”