Virtual Setup Guide

SPR can run its services in a network namespace and expose Wireguard or DNS as services. This is helpful for running SPR in the cloud as a personal VPN, for example.

Quick Setup

sudo bash -c "$(curl -fsSL https://raw.github.com/spr-networks/super/master/virtual_install.sh)"

This will download the SPR repository and run virtual_install.sh. The script will install dependencies, start all the containers and add one peer that can connect to the VPN. See the next section for a walkthrough of the script.

If you want to add another device, just run the setup script again:

cd super
sudo ./virtual_install.sh

Next setup a client to connect to SPR over VPN.

Host network configuration

Your source ip address need to be able to access the host running spr on port 51280/udp. For setup in the cloud, see the blog specific vendor guides for network configuration:

• Google Cloud
• Amazon AWS
• Digital Ocean

Manual configuration

Clone the super repository

git clone https://github.com/spr-networks/super.git

Install dependencies

apt install -y curl git docker-compose docker.io jq qrencode iproute2 wireguard-tools

Configuration

1. Populate the configuration directory

cd super
cp -R base/template_configs/ configs/

2. Enable virtual config in configs/base/config.sh

cp configs/base/virtual-config.sh configs/base/config.sh

Example configuration:

#!/bin/sh
VIRTUAL_SPR=1
UPSTREAM_SERVICES_ENABLE=1
WANIF=eth0
RUN_WAN_DHCP=true
RUN_WAN_DHCP_IPV=4
LANIP=192.168.2.1
DNSIP=$LANIP
TINYNETSTART=192.168.2.4
TINYNETSTOP=192.168.2.255
TINYNETMASK=255.255.255.252
TINYSLASHMASK=30
WIREGUARD_PORT=51280

3. Set an api username and password for the web UI

echo "{\"admin\" : \"your password goes here\"}" > configs/auth/auth_users.json

Start the SPR Services

docker-compose -f docker-compose-virt.yml up -d

Note: On MacOS you may need to modify docker-compose-virt.yml to disable the journald driver and enable the json-file driver instead.

Optional Copy the virtual config for easier control of the docker containers:

cp docker-compose-virt.yml docker-compose.yml

Now you can run docker-compose restart in the super directory to restart all the containers.

Sign in to the Web UI

The API is setup to listen on localhost:8000 on the host. To access the service from your local machine, forward port 8000 using ssh:

ssh $HOST -N -L 8000:127.0.0.1:8000

Navigate to http://localhost:8000/

Sign in with the username and password assigned in step 3 of the configuration.

Setup and connect to VPN

In the SPR web UI, navigate to VPN and click Add peer, enable the lan group if you want to be able to connect to the admin interface over VPN.

Click Save and download the client config or scan the QR Code on your phone with the official WireGuard (© Jason A. Donenfeld) client.

Check this guide on how to setup the VPN client for your device.

Note SPR exposes port 51280 over UDP (see $WIREGUARD_PORT in config.sh) on the host. If a firewall is present you will need to allow access to this port. Check the documentation for your hosting provider on how to do this.