diff --git a/docs/adguard-vpn-for-linux/setting-up-on-a-router/keenetic.md b/docs/adguard-vpn-for-linux/setting-up-on-a-router/keenetic.md new file mode 100644 index 000000000..be03c68d2 --- /dev/null +++ b/docs/adguard-vpn-for-linux/setting-up-on-a-router/keenetic.md @@ -0,0 +1,284 @@ +--- +title: How to set up AdGuard VPN for Linux on a Keenetic router +sidebar_position: 3 +--- + +:::info + +System requirements: AdGuard VPN for Linux, also known as AdGuard VPN CLI, requires at least 22 MB of free storage space on your router’s built-in memory or external USB after other necessary packages are installed. + +::: + +## 1. Make sure that SSH is enabled on your router + +You will use the SSH client to send commands to your router from your computer. + +To run the SSH server, the *SSH server* system component must be installed in the Keenetic. You can do this on the *General system settings* page in the *Component options* section by clicking the *Component options* button. Search for SSH server and install it. This will update your Keenetic OS. + +Once the component is installed, the SSH server will be turned on automatically. + +To see how to set up SSH server to have optimal security settings, visit [the Keenetic Wiki](https://help.keenetic.com/hc/en-us/articles/360000387189-SSH-remote-access-to-the-Keenetic-command-line). + +## 2. Determine your router’s IP address + +The default IP address for most routers is `192.168.1.1` or `192.168.0.1`. If you’ve changed the IP address or if you’re unsure, you can find it by checking the IP configuration on a connected device. + +### On Windows + +1. Open Command Prompt: + +```bash +ipconfig +``` + +1. Look for the *Default Gateway* under your active network connection. This is your the IP address of your router. + +### On macOS and Linux + +1. Open Terminal: + +```bash +ip route | grep default +``` + +1. Look for the *default* entry. The IP address next to it is your router’s IP address. + +## 3. Use an SSH client to connect to the router + +You’ll need an SSH client. Most Linux and macOS systems come with an SSH client pre-installed. For Windows, you can use PowerShell, the built-in SSH client in Windows 10/11, or a third-party application like PuTTY. + +### Using built-in SSH client (Linux, macOS, and Windows 10/11) + +1. Open Terminal or PowerShell. + +1. Run the SSH command: + +```bash +ssh admin@192.168.1.1 +``` + +Replace `192.168.1.1` with your router’s IP address. + +1. If this is your first time connecting to the router via SSH, you’ll see a message like this: + +```bash + The authenticity of host '192.168.1.1 (192.168.1.1)' can't be established. + ECDSA key fingerprint is SHA256:... + Are you sure you want to continue connecting (yes/no/[fingerprint])? +``` + +Type `yes` and press Enter. + +1. Enter the router’s password when prompted. The default root username is `root` and the default password is `keenetic`. + +### Using PuTTY (Windows 8 and earlier) + +1. Download and install PuTTY from [the official website](https://www.putty.org/). + +1. Open PuTTY. + +1. In the *Host Name (or IP address)* field, enter your router’s IP address (e.g., `192.168.1.1`) + +1. Ensure the *Connection type* is set to SSH. + +1. Click *Open*. + +1. When the terminal window opens, log in with the `root` username and the root user’s password. The default root username is `root` and the default password is `keenetic`. + +Once logged in, you can use various commands to interact with your router’s Linux-based operating system. + +## 4. Install OPKG Entware + +In Keenetic models equipped with a USB port (except Keenetic 4G), you can use the OPKG package manager. It allows you to install third-party software packages to expand routers capabilities. + +Starting with version 3.7, for some Keenetic models, it is possible to write OPKG Entware to the [UBIFS](https://en.wikipedia.org/wiki/UBIFS) partition of the router's NAND flash memory, i.e. to the built-in memory of the router. Follow the steps below to install OPKG Entware to a USB drive or to the router’s internal memory. + +### How to install Entware **repository package system** on router’s internal disk + +This method will work with the following list of models: KN-1010/1011, KN-1810/1811, KN-1910, KN-2010, KN-2110, KN-2310, KN-2410, KN-2510, KN-2610, KN-2710, KN-3810, KN-3610 with the KeeneticOS version 3.7 and later. + +For detailed instructions, visit [the official Keenetic Wiki](https://help.keenetic.com/hc/en-us/articles/360021888880-Installing-OPKG-Entware-in-the-router-s-internal-memory). + +If your router doesn’t support installing packages on it’s internal disk, follow instructions to install packages on USB drive. + +### **Installing the Entware repository package system on a USB drive** + +It is possible to install OPKG packages on the Keenetic models with USB ports that support USB flash drives. These are: KN-1410, KN-1710/1711, KN-1010/1011, KN-2510, KN-2410, KN-1810, KN-1910, KN-2310, KN-2010, KN-2110, KN-2610, KN-2710. + +For detailed instructions visit Keenetic official Wiki: https://help.keenetic.com/hc/en-us/articles/360021214160-Installing-the-Entware-repository-package-system-on-a-USB-drive + +## 5. Install AdGuard VPN CLI + +In your SSH client, execute the following code to install the packages required for AdGuard VPN CLI: + +```bash +opkg install curl sudo ca-certificates +``` + +Go to `cd/opt` folder and run the AdGuardVPN CLI installation script: + +```bash +curl -fsSL https://raw.githubusercontent.com/AdguardTeam/AdGuardVPNCLI/master/scripts/release/install.sh | sh -s -- -v +``` + +When asked `Would you like to link the binary to /usr/local/bin?`, reply `y`. If you fail to link the binary, run this line: + +```bash +ln -s /opt/adguardvpn_cli/adguardvpn-cli /opt/bin +``` + +## 6. Set up AdGuard VPN CLI + +1. Log in to your account + + To use AdGuard VPN for Linux, you need an AdGuard account. You can sign up or log in on our [website](https://auth.adguard.com/login.html) or in Terminal. + + Before logging in, go to Terminal and make sure you are in the right shell interface. If you can see the following text: + + *KeeneticOS version 4.01.C.7.0-1, copyright (c) 2010-2024 Keenetic Ltd. + + THIS SOFTWARE IS A SUBJECT OF KEENETIC LIMITED END-USER LICENCE AGREEMENT. BY USING IT YOU AGREE ON TERMS AND CONDITIONS + HEREOF. FOR MORE INFORMATION PLEASE CHECK* + + [*https://keenetic.com/legal*](https://keenetic.com/legal) + + *(config)>* + + Run this command to exit into the shell needed for the next steps: + + ```bash + exec sh + ``` + + If you see the following text, you can continue the setup: + + ```bash + BusyBox v1.36.1 (2024-08-08 16:11:23 UTC) built-in shell (ash) + + / # + ``` + + To sign up or log in, type: + + ```bash + adguardvpn-cli login + ``` + +1. Connect to VPN + + Import the SSL certificate before connecting by running this command: + + ```bash + export SSL_CERT_FILE=/opt/etc/ssl/certs/ca-certificates.crt + ``` + + This must be done before each session. + + Select a VPN server location that best suits your needs. + + In general, the closer the server is to you, the faster the connection. + + To view available locations, type: + + ```bash + adguardvpn-cli list-locations + ``` + + To connect to a specific location, type: + + ```bash + adguardvpn-cli connect -l LOCATION_NAME + ``` + + Replace `LOCATION_NAME` with the city, country, or ISO code of the location you want to connect to. + + For quick connect, type: + + ```bash + adguardvpn-cli connect + ``` + + AdGuard VPN will choose the fastest available location and remember it for future quick connections. + +1. Adjust your settings + + Get a list of all available AdGuard VPN commands and customize the VPN client to your needs. + + To view all commands, type: + + ```bash + adguardvpn-cli --help-all + ``` + +1. Enter `yes` when asked “Would you like to set default routes in TUN mode?” + +AdGuard VPN CLI will create a tun0 interface for VPN tunneling + +## 7. Set up your firewall rules + +This step is designed to configure firewall rules on a Keenetic router to route traffic through AdGuard VPN. + +1. **Install `iptables` by running this command via SSH:** + +```bash +opkg install iptables +``` + +This line installs the `iptables` package, which is a tool for managing network packet filtering rules on Linux systems. + +1. **Create a new shell script by running the following command:** + +```bash + +cat << EOF > /opt/etc/ndm/netfilter.d/001-adguardvpn.sh +#!/opt/bin/sh +for ipt in iptables ip6tables; do +\$ipt -D FORWARD -j ADGUARD_FORWARD || true +\$ipt -F ADGUARD_FORWARD || true +\$ipt -X ADGUARD_FORWARD || true +\$ipt -N ADGUARD_FORWARD +\$ipt -I FORWARD -j ADGUARD_FORWARD +\$ipt -A ADGUARD_FORWARD -i br0 -o tun0 -j ACCEPT +done +EOF +``` + +And make it executable: + +```bash +chmod +x /opt/etc/ndm/netfilter.d/001-adguardvpn.sh +``` + +This will create a new shell script named `001-adguardvpn.sh` in the `/opt/etc/ndm/netfilter.d/` directory, which is where network-related scripts are typically stored on a Keenetic router. + +The script creates a custom firewall rule to ensure that traffic from your LAN (`br0`) is routed through the AdGuard VPN interface (`tun0`). It first cleans up any previous rules related to this configuration, then sets up new rules to direct the traffic appropriately. + +## 8. Set up auto-launch for AdGuard VPN CLI + +The following script is designed to automatically establish a VPN connection using AdGuard VPN on your Keenetic router when the WAN interface becomes available (e.g., after a reboot or reconnecting to the Internet). + +Run the following command: + +```bash +cat << E0F > /opt/etc/ndm/wan.d/001-adguardvpn.sh +#!/opt/bin/sh +export SSL_CERT_FILE=/opt/etc/ssl/certs/ca-certificates.crt +export HOME=/opt/home/admin +/opt/adguardvpn_cli/adguardvpn-cli connect & +exit 0 +E0F +``` + +And make it executable: + +```bash +chmod +x /opt/etc/ndm/wan.d/001-adguardvpn.sh +``` + +The script named`001-adguardvpn.sh` will be saved to `/opt/etc/ndm/wan.d/` . + +It will start AdGuard VPN when Internet is connected. + +Reboot your router to finish setup. + +Congrats! Now you have a router secured with AdGuard VPN. diff --git a/docs/adguard-vpn-for-linux/setting-up-on-a-router/openwrt.md b/docs/adguard-vpn-for-linux/setting-up-on-a-router/openwrt.md index 9db0b217e..9bcbfbd75 100644 --- a/docs/adguard-vpn-for-linux/setting-up-on-a-router/openwrt.md +++ b/docs/adguard-vpn-for-linux/setting-up-on-a-router/openwrt.md @@ -1,5 +1,5 @@ --- -title: Setting up on a router +title: How to set up AdGuard VPN for Linux on an OpenWRT router sidebar_position: 2 --- @@ -9,7 +9,7 @@ AdGuard VPN for Linux, also known as AdGuard VPN CLI, requires at least 22 MB of ::: -## 1. Ensure SSH is enabled on the router +## 1. Make sure that SSH is enabled on your router This setting is usually found in the router’s web interface. @@ -17,9 +17,9 @@ For OpenWrt: 1. Log into the web interface. Typically, this is accessible via a web browser at [`http://192.168.1.1`](http://192.168.1.1/). -1. Navigate to ***System*** → ***Administration***. +1. Navigate to *System* → *Administration*. -1. Make sure that ***SSH Access*** is enabled. +1. Make sure that *SSH Access* is enabled. By default, OpenWrt allows SSH access to the router. @@ -35,7 +35,7 @@ On Windows: ipconfig ``` -1. Look for the ***Default Gateway*** under your active network connection. This is your router’s IP address. +1. Look for the *Default Gateway* under your active network connection. This is your router’s IP address. On Mac/Linux: @@ -45,7 +45,7 @@ On Mac/Linux: ip route | grep default ``` -1. Look for the ***default*** entry. The IP address next to it is your router’s IP address. +1. Look for the *default* entry. The IP address next to it is your router’s IP address. ## 3. Use an SSH client to connect to the router @@ -81,11 +81,11 @@ Using PuTTY (Windows): 1. Open PuTTY. -1. In the ***Host Name (or IP address)*** field, enter your router’s IP address (e.g., `192.168.1.1`). +1. In the *Host Name (or IP address)* field, enter your router’s IP address (e.g., `192.168.1.1`). -1. Ensure the ***Connection type*** is set to SSH. +1. Ensure the *Connection type* is set to SSH. -1. Click ***Open***. +1. Click *Open*. 1. When the Terminal window opens, log in with the username `root` and the router’s password. diff --git a/docs/general/set-up-adguard-vpn-on-your-router.md b/docs/general/set-up-adguard-vpn-on-your-router.md index 0066eabf5..427463ea3 100644 --- a/docs/general/set-up-adguard-vpn-on-your-router.md +++ b/docs/general/set-up-adguard-vpn-on-your-router.md @@ -70,5 +70,5 @@ You’ll need to update your router settings if you want to change the VPN serve ## Routers known to be incompatible with AdGuard VPN - **ASUS** -- - Only has IPsec in the *VPN Server* settings, and not in the correct *VPN Fusion*/*VPN Client* settings + - Only has IPsec in the *VPN Server* settings, and not in the correct *VPN Fusion*/*VPN Client* settings - **FRITZ!Box**