[User Release] AmneziaWG-go for GL.iNet Opal (GL-SFT1200)

Routers VPN, DNS, Leaks
1

tl:dr, I went down the rabbit hole of getting AmneziaWG working on Opal. I'm sharing this here for community support. And I hope that glinet business remains in support of open-source (and open-sourcing) software. It was a bummer to discover that gl-infra-builder repo is private. I had to resort to walking through terrible technical terrain to get it and get it to a semi-workable state …. but anyway.

The solution below is just for a client (could work for server, but I didn’t test it), on an interface called awg0, for my specific use cases. Feel free to generalize and edit to fit your needs. Or even make it seamless and better.

I couldn’t get awg tools binaries built due to the same exact restrictions, so to push the configs into the amnezia userspace socket, I created a handy script that simulates the same functionality.

  • Forget about getting amneziawg kernel module built. The chip is old, the published kernel and openwrt are old. I don’t know if glinet team will even bother attempting to build it for 4.14.90 kernel. If they manage to do it, that’d be doing wonders (and I hope they will) :slight_smile:
  • Here’s the package built and some scripts to make your life easier, enjoy: amneziawg-go_0.2.16-1_mips_siflower.zip (1.3 MB)
  • Install it with opkg
  • Create /etc/amneziawg/awg0.conf with your peer configuration, avoid comments, make it plain and simple.
  • Do a chmod +x awg-* on the scripts provided. and move them to /usr/bin for ease of launch (and awg-start assumes that awg-config exists there).
  • Add awg0 into wan firewall zone, don’t add it as an interface in luci
  • Run with awg-start and it’ll setup the interface and start awg.
  • Check status with awg-status command, don’t worry about Interface awg0 is DOWN or doesn't exist it’s probably its status is UNKNOWN, and you can ignore it.
  • Turn the vpn off with awg-stop
  • Enjoy.

You know what’s funny? I bought GL-SFT1200 as a way to not pay for my upcoming cruise internet package tomorrow. Then knowning that GL-MT3000 has awg support, I placed an order for one, but it will arrive while I’m cruising. I thought I could save a few bucks getting GL-SFT1200 vs. the outrageous internet packages. Now I think I’m down at least x8 times the cost of the internet package as a principal IT engineer with my labor time and now I’ll have a GL-SFT1200 that will collect dust on a shelf after the cruise because GL-MT3000 is coming :person_facepalming: …. I’m forcing myself not to look at slate 7 now.

3 Likes