Here are some of my observations and input from a new install of wg_manager v4.11b3:
1. On a remote peer server I created a device peer:
From the local PC I logged in and it all works as expected. I then created a second device peer on the remote server and it all locked up upon login:
It looks like since I changed the original DNS on the first device peer, upon the creation of the second one the IP did not get incremented, hence the IP conflict and lockup.
It all works well after editing the second client:
Note that the second client has the 'Allowed IPs' field set to '0.0.0.0/0'. It works as is but I remember you mentioning a few posts up that the newly created clients should have that field set to the VPN pool.
Is the script doing that or a manual intervention is required?
Note: I just created a new device peer on the local server peer with:
and it came in with all zeroes as allowed IPs.
2.a I use selective routing through event scripts with a number of peer clients. The 'killswitch' as a global setting interferes with peer clients that have no need to be forced through the tunnel.
2.b Considering the above point I keep it as 'disabled' for now. However, the
command will enable it.
Any way of keeping it 'off' until a per interface option may be available?
3. We've discussed earlier in the thread the option of saving the content of /opt/etc/wireguard.d + /jffs/addons/wireguard/Scripts. The Scripts are not saved after uninstalling wg_manager. An alternative is having a cron job running every so often to back it up - that's what I do now.
4. The 'fwmark' values are identical to the OpenVPN ones. That makes selective routing troubleshooting hard on the eye and more. I changed the database values to:
and that is easier to work with - no side effects so far. I'm uncertain though if that's acceptable with the addons standardization suggestions/requirements or anything else.
and
1. On a remote peer server I created a device peer:
Code:
Device Auto IP DNS Allowed IPs Annotate
MSG X 10.50.1.3/32 192.168.2.1 0.0.0.0/0 # MSG "Device"
Code:
MSG X 10.50.1.3/32 192.168.2.1 0.0.0.0/0 # MSG "Device"
SGG X 10.50.1.3/32 1.1.1.1 0.0.0.0/0 # SGG "Device"
It all works well after editing the second client:
Code:
MSG X 10.50.1.3/32 192.168.2.1 0.0.0.0/0 # MSG "Device"
SGG X 10.50.1.4/32 192.168.2.1 0.0.0.0/0 # SGG "Device"
Is the script doing that or a manual intervention is required?
Note: I just created a new device peer on the local server peer with:
Code:
create ILO
2.a I use selective routing through event scripts with a number of peer clients. The 'killswitch' as a global setting interferes with peer clients that have no need to be forced through the tunnel.
2.b Considering the above point I keep it as 'disabled' for now. However, the
Code:
firewall restart
Any way of keeping it 'off' until a per interface option may be available?
3. We've discussed earlier in the thread the option of saving the content of /opt/etc/wireguard.d + /jffs/addons/wireguard/Scripts. The Scripts are not saved after uninstalling wg_manager. An alternative is having a cron job running every so often to back it up - that's what I do now.
4. The 'fwmark' values are identical to the OpenVPN ones. That makes selective routing troubleshooting hard on the eye and more. I changed the database values to:
Code:
FWMark Interface
0x1010 wg11
0x2010 wg12
0x4010 wg13
0x7010 wg14
0x3010 wg15
0x8010 wan
Code:
0: from all lookup local
9810: from all fwmark 0xd2 lookup 210
9890: from all fwmark 0x8010/0x8010 lookup main
9892: from all fwmark 0x7010/0x7010 lookup 124
9894: from all fwmark 0x2010/0x2010 lookup 122
9911: from 192.168.1.197 lookup 121
9921: from 192.168.1.198 lookup 122
<snip>
9990: from all fwmark 0x8000/0x8000 lookup main
9992: from all fwmark 0x7000/0x7000 lookup ovpnc4
9994: from all fwmark 0x2000/0x2000 lookup ovpnc2
9995: from all fwmark 0x1000/0x1000 lookup ovpnc1
10101: from 192.168.1.238 lookup ovpnc1
<snip>
32766: from all lookup main
32767: from all lookup default
Code:
<snip>
20 7952 1374K MARK all -- br0 * 0.0.0.0/0 0.0.0.0/0 match-set DRxxx dst MARK or 0x7000
21 7846 839K MARK all -- br0 * 0.0.0.0/0 0.0.0.0/0 match-set Pxxxx_rev dst MARK or 0x2000
22 8869 1152K MARK all -- br0 * 0.0.0.0/0 0.0.0.0/0 match-set cxxx dst MARK or 0x8010
23 3129 656K MARK all -- br0 * 0.0.0.0/0 0.0.0.0/0 match-set Dxxx dst MARK or 0x7010
24 4076 805K MARK all -- br0 * 0.0.0.0/0 0.0.0.0/0 match-set Sxxxx dst MARK or 0x2010
<snip>