[Feature request] Replace Wireguard with AmneziaWG

Sorry no such plans.

It's a shame. I'm sure lots of people woild love to see first-party treatment for those tools in the Gl-Inet UI.

Great news! Which devices will get updates? Should we expect updates for the original Flint and Brume 2?

As long as I know, it involves a kernel patch. I don't know the details so cannot really give a schedule. Hope it will be clear soon.

It doesn't seem too much complicated...
There is a step-by-step HERE

It starts in Russian, but there is also an explanation in English. Just scroll down until the title "Automatic configuration of AmneziaWG for OpenWRT version 23.05.0 and newer"

That is not how we should integrate in our firmware.

If there is the case, people should just do according to that guide.

A genuine question: Why does GL-iNet need to develop a completely new firmware instead of simply using standard OpenWRT with a few visual tweaks, like the Argon Theme?

From what I understand, all the features available in GL-iNet’s firmware already exist in the regular OpenWRT version. Couldn’t GL-iNet just write a few scripts to automate what’s already possible?

At the very beginning, people just buy hardware and install vanilla OpenWrt. But vanilla OpenWrt is very difficult to configure, unless you don't agree.

For example configuring repeater or vpn, it is nearly impossible for a beginner. You need to take care of the network, firewall, wifi and a lot.

If you don't agree, that is OK. But you will not ask us to support AmneziaWG then, because there is script already.

I totally agree that OpenWrt is quite difficult to configure.

To solve this issue, instead of creating a new firmware that demand a lot of work, you could write some shell-scripts to automate this process.

I mean: no change on OpenWrt, no change on Kernel, and just add a new LuCi Theme where the user will find some GL-iNet Scripts to configure all features easily.

This was the approach of Kurumin Linux 20 years ago and it was a success, resulting in a very user-friendly Linux distro.

The catch is that older devices (for example Brume 2) have an older version of openwrt - 21.02 on firmware 4.7.4.

GL-iNet MT2500 (Brume 2) is fully supported by OpenWrt 24.10.1

This is an evidence of what I'm trying to say: GL-iNet could just use Vanilla OpenWrt with cosmetic improvements to make OpenWrt more user-friendly, by adding scripts to automate what is difficult to do.

I believe this will be much easier to maintain and will keep it syncronized with OpenWrt.

Seems users demand more. What we are doing is to make it fully compatible with our Wireguard configurations.

Also if they make it more compatible with the current configuration stanza with OpenWrt like the ones from luci-proto-wireguard or luci-proto-amneziawg ( its just a fork or copy of the original luci wg package, but its still in discussion).

It however adds alot more interopability which is important, because alot of work don't have to be done, it's doable and time consuming, which then can be spend into a part of new features and a part into stabilizing the gl software.

But on the otherside there is also a bit of dark side I might be a bit exagrating.

You have no control whatsoever if a change happens which may break the full logic in your design, here is a example I noticed with the vxlan protocol directly on OpenWrt:

First it was very easy to me to comprehend I needed end point (which is required), and a host (optional), until they did a update with much more options like: peers?

And i still don't get my head around it , because I don't think it has peers or auto search features it has with unetd a more advanced protocol which does vxlan in a wireguard tunnel.

Or the new change in dnsmasq where the global rules from /tmp/dnsmasq.d start having per instance based names like /tmp/dnsmasq.cfg29283.d/ as example, alot of apps broke like nextdns and adblock apps, as of yet from what I have seen but I'm not up to date on the subject these maintainers implemented a hack.

Such changes can also change the logic which can be annoying.

if you add an option to buy the UI which I can install on non gl-inet router running vanilla OpenWRT (perhaps a LuCi theme) I'd be happy to buy it

Здравствуйте, не могли бы ли вы выложить файл с прошивкой оригинальной, и пакеты амнезии, чтобы все точно совпало, а то не устанавливаются пакеты, ругается что ядро не то, а так точно все будет работать, дай вам бог здоровья, спасибо!)

Their UX it's deeper than just a "theme" I would like to do that too put it on top of last stable OWRT but unfortunately it's deeper than that

OMG, this is extremely apreciated, you're our lifesavers!

Currently there is no way to install AmneziaWG to MT3000 because golang requires more storage that is available and it is impossible to build kernel module for this router.
The problem is that GL routers (op24) use custom SDK with patched kernel so without access to it is impossible to build a module that will load to their kernel. And like I said Go version is not usable on this router.

Please team, make it possible for community to build their own kernel modules.

It depends if you use a commercial VPN host.
You can host your own wireguard server.

Eg assume you have 2 sites and 2x gl-inet routers. One can be the server and the other is the client. You are your own host and there is no VPN provider involved. All bandwidth is your own and there is no signups etc.

This is my setup of AmneziaWG on GL.iNet MT-3000 router, based on this and this instructinos

Prerequisites:

• A GL.iNet MT-3000 router.
• AmneziaVPN server with configuration.
• Internet access for your router during the setup process.

Summary of Steps:

1. Update GL.iNet MT-3000 Firmware.
2. Install AmneziaWG Packages.
3. Get/generate AmneziaWG Client Configuration.
4. Configure AmneziaWG Interface in LuCI.
5. Create Firewall Rule.
6. Enable "Route Allowed IPs".
7. Verify Connection.

Step 1: Update GL.iNet MT-3000 Firmware

1. Download Firmware: Go to the official GL.iNet download page and download the 4.6.6-op24 firmware for your MT-3000.

2. Install Firmware:

• Access your GL.iNet router's web interface (usually http://192.168.8.1).
• Navigate to System -> Upgrade.
• Upload the downloaded firmware file.
• Important, when prompted, choose to install without saving the old configuration. This ensures a clean slate and avoids potential conflicts.
• Wait for the router to complete the firmware upgrade and reboot.

Step 2: Install AmneziaWG Packages

1. Access LuCI: Once the router has rebooted, log in to the LuCI web interface. (e.g., http://192.168.8.1/cgi-bin/luci).
2. Download AmneziaWG Packages: On your computer, download the following AmneziaWG packages from the Amnezia GL.iNet MT-3000 releases page for firmware version 4.6.6:

• kmod-amneziawg_4.6.6.ipk
• amneziawg-tools_4.6.6.ipk
• luci-proto-amneziawg_4.6.6.ipk

3. Install Packages:

• In LuCI, navigate to System -> Software.
• Click on the Upload Package... button.
• Upload and install each of the three downloaded .ipk files one by one (in order as mentioned above).

Step 3: Get/Generate AmneziaWG Client Configuration

1. Open AmneziaVPN App on your phone:
2. Select "Share" option within the existing connection .
3. Change "Connection format: AmneziaWG native format"
4. Copy Configuration Details, in a text format similar to the example below.

[Interface]
Address = 10.2.2.2/32
DNS = 1.1.1.1, 1.0.0.1
PrivateKey = +a/XXXxXXXXXXXX=
Jc = 1
Jmin = 10
Jmax = 10
S1 = 111
S2 = 111
H1 = 2233232
H2 = 2233232
H3 = 2233232
H4 = 2233232

[Peer]
PublicKey = XXXXXXXXXXXXXXXXXXXX=
PresharedKey = XXXXXXXXXXXXXXXXXXX2=
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = yourAmneziaServer:port
PersistentKeepalive = 25

Step 4: Configure AmneziaWG Interface in LuCI

1. Create New Interface:

• In LuCI, navigate to Network -> Interfaces.
• Click on the Add new interface... button.
• Enter AWG as the Name of the new interface.
• From the Protocol dropdown, select AmneziaWG.
• Click Create interface.

2. Import AmneziaWG Configuration:

• On the next screen, you will be on the Interface: AWG settings page.
• Look for an option to "Import configuration"
• You may need manually define some params

Step 5: Create Firewall Rule

Configure Firewall Zone:

• While still on the Interface: AWG settings page, go to the Firewall Settings tab.
• Create a new firewall zone for the AWG interface. You can name it awg_zone.
• Set the Input, Output, and Forward policies to accept.
• Under Covered networks, ensure that AWG is selected.
• Under Allow forward to destination zones, select wan.
• Under Allow forward from source zones, select lan.
• Click Save.

Step 6: Enable "Route Allowed IPs"

This is a crucial step that was not explicitly clear in the original instructions but was necessary for your setup.

1. Go to Interface Settings: Navigate back to Network -> Interfaces.
2. Edit AWG Interface: Click on Edit next to your AWG interface.
3. Go to Peer Settings: Navigate to the Peers tab within the AWG interface configuration.
4. Check "Route Allowed IPs": Locate the specific peer configuration (the one corresponding to your AmneziaWG server). Check the box next to "Route Allowed IPs."
5. Save & Apply: Click Save at the bottom of the page, and then click Save & Apply to apply all changes.

Step 7: Verify Connection

1. Interface Status: Go to Network -> Interfaces. Your AWG interface should now show as "Up" or "Connected" if the configuration is correct.
2. Test Connectivity:

• Connect a device (e.g., your computer or phone) to your GL.iNet MT-3000's Wi-Fi or LAN.
• Verify your public IP address using a website like whatismyip.com. It should now reflect the IP address of your AmneziaWG server.