SmoothWAN Engarde on Oracle Cloud


I have spent many months configuring SmoothWAN with Engarde on my Raspberry Pi 4. I love using SmoothWAN. However, I cannot get it to work on Oracle Cloud VPS or Amazon AWS due to my limited knowledge - I believe they require some changes to the syntax in cloud init script, in order to work on Oracle/AWS?

The guidelines specify how to set it up on Vultr using Cloud init script. However, Vultr seems to trigger huge latency spikes in some games. The same script does not work on Oracle/AWS.

Can someone please help set up SmoothWAN with Engarde on Oracle Cloud? A script for AWS EC2 would be a bonus!

Thanks in advance!

Yes, Oracle and AWS are tricky to setup, and you need to open ports in the VPC page.
Will create a manual installation script next release for setup without cloud-init.

1 Like

I would greatly appreciate it! Thanks :smiley:

Hey, I tried to do on my own according your cloud-init, but not working :frowning: maybe I do need more ports to be exposed in VCN on oracle? I did 1024-65000
Please correct me where can be a problem :confused: (my second time writing shell script :smiley: )


# ANSI color codes  // light colors

# Check if you are running as sudo
if [ "$EUID" -ne 0 ]; then
  echo && echo
  echo -e "${RED}This script requires superuser privileges. Please run it with sudo.${RESET}"
  exit 1

# Start
echo && echo
echo -e "${CYAN}Running the installation script for Engarde...${RESET}"
sleep 3

# Install WireGuard
apt-get update
apt-get install -y wireguard

# Set the Password

# Disable firewalld and ufw
systemctl disable firewalld
systemctl stop firewalld
ufw disable

# Configure WireGuard
SERVER_PUB_NIC=$(ip route | awk 'NR==1{print$5}')
printf $Password | openssl dgst -binary -sha256 | openssl base64 -A > /root/private-key
ckey=$(cat /root/private-key | openssl dgst -binary -sha256 | openssl base64 -A)
cpubkey=$(echo $ckey | wg pubkey)
printf $ckey | openssl dgst -binary -sha256 | openssl base64 -A > /root/preshared-key
ip link add dev wg0 type wireguard
ip address add dev wg0 peer
wg set wg0 listen-port 65532 private-key /root/private-key peer $cpubkey preshared-key /root/preshared-key allowed-ips persistent-keepalive 25
ip link set up dev wg0

# Download and install engarde-server
wget -O /usr/bin/engarde-server
chmod +x /usr/bin/engarde-server
mkdir -p /etc/engarde
wget -O /etc/engarde/engarde.yml
/usr/bin/engarde-server /etc/engarde/engarde.yml &

# Configure network settings
ip link set wg0 mtu 1280
ulimit -n 65535
sysctl -w net.core.rmem_max=26214400
sysctl -w net.core.rmem_default=26214400
sysctl -w net.core.wmem_max=26214400
sysctl -w net.core.wmem_default=26214400
sysctl -w net.core.netdev_max_backlog=2048
echo 1 > /proc/sys/net/ipv4/ip_forward

# Configure iptables rules
iptables -A FORWARD -i $SERVER_PUB_NIC -o wg0 -j ACCEPT
iptables -A FORWARD -i wg0 -j ACCEPT
iptables -t nat -A POSTROUTING -s -j MASQUERADE

# Change port range for port forwarding
iptables -t nat -A PREROUTING -i $SERVER_PUB_NIC -p udp --dport 1024:65000 -j DNAT --to-destination
iptables -t nat -A PREROUTING -i $SERVER_PUB_NIC -p tcp --dport 1024:65000 -j DNAT --to-destination

# End
echo && echo
echo -e "${CYAN}Script has been completed${RESET}"
echo -e "${ORANGE}for further information visit SmoothWAN documentation -->${RESET}"
echo -e "${ORANGE}-->${RESET}"
echo && echo
1 Like

I would also appreciate if anyone has a solution in the meantime to use this with Oracle Cloud :slight_smile:

Hey there, is there some update on Oracle cloud installation?

Yes, Engarde runs at 65531
I couldn’t open an Oracle account for testing unfortunately.

Hi Talal, can you kindly provide a cloud-init script for Oracle? I should be able to test it. I am not an advanced user, but I do use engarde on Vultr on a daily basis.

Otherwise, it would greatly help if you could test on Amazon AWS? Aside from Oracle and Amazon, I find that I have significantly higher gaming ping on other cloud providers.

I can test things too, just let me know.

Does anyone know of a solution or alternatives?

I can’t make the script without testing firsthand unfortunately.
Would AWS be ok?
Edit: Just saw the previous reply mentioning it, will let you know soon.

Hi Talal, I understand. Should you get the opportunity, please do test on Oracle. In the meantime, the AWS script will have a huge impact :smiley:

Amazon AWS was fairly simple, haven’t tested with >100Mbit connections with the t3.micro though:

Can you please confirm that you used the exact same Cloud init script that is used for Vultr?

Yes it’s the same.

I’m happy to report it’s working :smiley: thank you! Not sure if the issues were caused by t2.micro (1 CPU) previously. If you need me for testing Oracle or any future releases, let me know. I’ll join the discord.

Have you tried doing similar steps in VPC (security list) with Oracle?
Note that the Ubuntu image in Oracle is modified and strict, you need to login to the VPS and run:

iptables -P INPUT ACCEPT
iptables -F

If that works then it needs to be added to the cloud-init field.

I can confirm this is working for Oracle as well :smiley: thanks!

Should I add the IPTABLES commands by default for cloud-init?

It worked when I added the IPTABLES in the cloud-init before running the instance.

Please note, I did not try logging into the VPS and running the IPTABLES commands manually.

1 Like