Wireguard Session Manager - Discussion thread (CLOSED/EXPIRED Oct 2021 use http://www.snbforums.com/threads/session-manager-discussion-2nd-thread.75129/)

[chongnt]

'WireguardVPN.conf' does not need to be modified for Peer configurations - all parameters are now held in the SQL database.

You simply need to use the import command using the 'client' Peer configuration provided by NordVPN as-is.

Thanks for the info. I have reinstall and leave WireguardVPN.conf as is. Good news is I am able to get wg11 connected. Somehow devices that I have explicitly defined to use OVPN client is down, others are all going through wg11. How do I define devices to go through wg11 and leave others to go through ovpnc and WAN? In my current setup I leave everything to WAN, only specify 3 devices to go through ovpnc3. I am trying to add another device to go through wg11 for testing purpose.

Spoiler

admin@RT-AC86U-DBA8:/tmp/home/root# ip rule
0:      from all lookup local
9990:   from all fwmark 0x8000/0x8000 lookup main
9993:   from all fwmark 0x4000/0x4000 lookup ovpnc3
10501:  from 10.22.0.0/24 lookup ovpnc3
10502:  from 192.168.1.2 lookup ovpnc3
10503:  from 192.168.1.11 lookup ovpnc3
10504:  from 192.168.1.21 lookup ovpnc3
32766:  from all lookup main
32767:  from all lookup default
admin@RT-AC86U-DBA8:/tmp/home/root# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         *               128.0.0.0       U     0      0        0 wg11
default         <WAN IP>        0.0.0.0         UG    0      0        0 ppp0
10.8.0.0        *               255.255.255.0   U     0      0        0 tun13
10.21.0.0       *               255.255.255.0   U     0      0        0 tun21
10.22.0.0       *               255.255.255.0   U     0      0        0 tun22
127.0.0.0       *               255.0.0.0       U     0      0        0 lo
128.0.0.0       *               128.0.0.0       U     0      0        0 wg11
169.254.0.0     *               255.255.0.0     U     0      0        0 vlan500
<WAN IP>        *               255.255.255.255 UH    0      0        0 ppp0
192.168.1.0     *               255.255.255.0   U     0      0        0 br0
202.87.221.198  <WAN IP>        255.255.255.255 UGH   0      0        0 ppp0
admin@RT-AC86U-DBA8:/tmp/home/root#

Update: Linux based route table is something new to me. Mess around not fully understand what I did but finally get something I anticipated. I am now able to define source device to go through WAN, ovpnc3 and wg11.

admin@RT-AC86U-DBA8:/tmp/home/root# ip route get 8.8.8.8 from 192.168.1.2 iif eth0
8.8.8.8 from 192.168.1.2 via 10.8.2.1 dev tun13 
    cache iif eth0 
admin@RT-AC86U-DBA8:/tmp/home/root# ip route get 8.8.8.8 from 192.168.1.91 iif eth0
8.8.8.8 from 192.168.1.91 via <wan ip> dev ppp0 
    cache iif eth0 
admin@RT-AC86U-DBA8:/tmp/home/root# ip route get 8.8.8.8 from 192.168.1.111 iif eth0
8.8.8.8 from 192.168.1.111 dev wg11 
    cache iif eth0

 

[ZebMcKayhan]

Thanks for the info. I have reinstall and leave WireguardVPN.conf as is. Good news is I am able to get wg11 connected. Somehow devices that I have explicitly defined to use OVPN client is down, others are all going through wg11. How do I define devices to go through wg11 and leave others to go through ovpnc and WAN? In my current setup I leave everything to WAN, only specify 3 devices to go through ovpnc3. I am trying to add another device to go through wg11 for testing purpose.

Spoiler

admin@RT-AC86U-DBA8:/tmp/home/root# ip rule
0:      from all lookup local
9990:   from all fwmark 0x8000/0x8000 lookup main
9993:   from all fwmark 0x4000/0x4000 lookup ovpnc3
10501:  from 10.22.0.0/24 lookup ovpnc3
10502:  from 192.168.1.2 lookup ovpnc3
10503:  from 192.168.1.11 lookup ovpnc3
10504:  from 192.168.1.21 lookup ovpnc3
32766:  from all lookup main
32767:  from all lookup default
admin@RT-AC86U-DBA8:/tmp/home/root# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         *               128.0.0.0       U     0      0        0 wg11
default         <WAN IP>        0.0.0.0         UG    0      0        0 ppp0
10.8.0.0        *               255.255.255.0   U     0      0        0 tun13
10.21.0.0       *               255.255.255.0   U     0      0        0 tun21
10.22.0.0       *               255.255.255.0   U     0      0        0 tun22
127.0.0.0       *               255.0.0.0       U     0      0        0 lo
128.0.0.0       *               128.0.0.0       U     0      0        0 wg11
169.254.0.0     *               255.255.0.0     U     0      0        0 vlan500
<WAN IP>        *               255.255.255.255 UH    0      0        0 ppp0
192.168.1.0     *               255.255.255.0   U     0      0        0 br0
202.87.221.198  <WAN IP>        255.255.255.255 UGH   0      0        0 ppp0
admin@RT-AC86U-DBA8:/tmp/home/root#

Update: Linux based route table is something new to me. Mess around not fully understand what I did but finally get something I anticipated. I am now able to define source device to go through WAN, ovpnc3 and wg11.

admin@RT-AC86U-DBA8:/tmp/home/root# ip route get 8.8.8.8 from 192.168.1.2 iif eth0
8.8.8.8 from 192.168.1.2 via 10.8.2.1 dev tun13
    cache iif eth0
admin@RT-AC86U-DBA8:/tmp/home/root# ip route get 8.8.8.8 from 192.168.1.91 iif eth0
8.8.8.8 from 192.168.1.91 via <wan ip> dev ppp0
    cache iif eth0
admin@RT-AC86U-DBA8:/tmp/home/root# ip route get 8.8.8.8 from 192.168.1.111 iif eth0
8.8.8.8 from 192.168.1.111 dev wg11
    cache iif eth0

Looks like you got wg11 set to Auto=Y (default route). If you want to keep control over what gets routed where I suggest you change wg11 to policy mode:
In wgm:

peer wg11 auto=p

However this will not work unless you have created a rule first.
Use "peer help" to learn syntax for setting up rule.

Use wgm to set up rules for devices going out wireguard interfaces.
Use gui to set up rules for devices going out open vpn.
Try not to create conflicting rules.
Devices that does not have a matching rule will be routed with default table which will be wan (if no vpn is in default routing mode).

//Zeb

 

[paulmorabi]

For Yazfi you could follow this post to allow guest subnet to access wireguard interfaces:
https://www.snbforums.com/threads/e...-hnd-platform-4-1-x-kernels.46164/post-664947

Just replace the interfaces wlX.Y and wg0 with your interfaces.
disregard the "masquarading to /16" part since we will handle that below:

For wireguard manager:
Create a custom script for your peer (assuming wg11 below):

nano /jffs/addons/wireguard/Scripts/wg11-up.sh

Populate the file with (assuming guest wifi subnet 192.168.2.xxx to wg11):

#!/bin/sh

#add custom config here

iptables -t nat -I POSTROUTING -s 192.168.2.0/24 -o wg11 -j MASQUERADE

Save the file.
Make it executable:

chmod +x /jffs/addons/wireguard/Scripts/wg11-up.sh

Then redo same thing for another file (to delete rules when peer is stopped:

nano /jffs/addons/wireguard/Scripts/wg11-down.sh

#!/bin/sh

#add custom config here

iptables -t nat -D POSTROUTING -s 192.168.2.0/24 -o wg11 -j MASQUERADE

Save the file.
Make it executable.

Then the rest of the config in wgm
peer in policy mode,
rule add FROM 192.168.2.0/24 to VPN.
rule add TO 192.168.0.0/16 to WAN

//Zeb

Thanks for this. I'll give it a try. For now, I think I have more basic problems. I set a Wireguard server and used the QR code to add clients but there seems to be some DNS related weirdness.

• IPad 1 when connected shows internal sites but not external sites.
• IPad 2 works fine on both.
• Samsung phone 1 can't connect to internal or external sites.
• Samsung phone 2 works on internal but not external.

I thought it might be DNS related so I disabled private dns where it's used and I can see from the Wireguard client that it's setting the DNS. However, the DNS looks like an IP from my ISP, it's not 192.168.1.1 (my router). I tried manually setting that in the client config but it didn't make any difference.

Everything else on my network is working fine across the other subnets. Is there something obvious I am missing here?

 

[chongnt]

Looks like you got wg11 set to Auto=Y (default route). If you want to keep control over what gets routed where I suggest you change wg11 to policy mode:
In wgm:

peer wg11 auto=p

However this will not work unless you have created a rule first.
Use "peer help" to learn syntax for setting up rule.

Use wgm to set up rules for devices going out wireguard interfaces.
Use gui to set up rules for devices going out open vpn.
Try not to create conflicting rules.
Devices that does not have a matching rule will be routed with default table which will be wan (if no vpn is in default routing mode).

//Zeb

I still don’t get the idea. Say I want to allow single host 192.168.1.111 to route through wg11, what peer command to use?
What I did was
1. manually delete default route via wg11 in route table main. This leave default route in route table main to my WAN, so whatever not specified is routed to WAN
2. Manually add route 192.168.1.111 in table 121. This make sure the single host is routed through wg11
I have doubt this will stay after reboot. What is the proper way to do this?
I also noticed ipset is available. But my use case is different. Instead of ipset routed through VPN, I want to leak ipset to WAN. I want ipset from 192.168.1.111 to go through WAN, and everything else go through wg11. I can achieve this with openvpn but don’t know how to get it done in wg.
My next goal is route wg21 to wg11. Say I dial back home via wg21, I want to have the same ipset route through WAN and everything else route through wg11.

 

[paulmorabi]

For Yazfi you could follow this post to allow guest subnet to access wireguard interfaces:
https://www.snbforums.com/threads/e...-hnd-platform-4-1-x-kernels.46164/post-664947

Just replace the interfaces wlX.Y and wg0 with your interfaces.
disregard the "masquarading to /16" part since we will handle that below:

For wireguard manager:
Create a custom script for your peer (assuming wg11 below):

nano /jffs/addons/wireguard/Scripts/wg11-up.sh

Populate the file with (assuming guest wifi subnet 192.168.2.xxx to wg11):

#!/bin/sh

#add custom config here

iptables -t nat -I POSTROUTING -s 192.168.2.0/24 -o wg11 -j MASQUERADE

Save the file.
Make it executable:

chmod +x /jffs/addons/wireguard/Scripts/wg11-up.sh

Then redo same thing for another file (to delete rules when peer is stopped:

nano /jffs/addons/wireguard/Scripts/wg11-down.sh

#!/bin/sh

#add custom config here

iptables -t nat -D POSTROUTING -s 192.168.2.0/24 -o wg11 -j MASQUERADE

Save the file.
Make it executable.

Then the rest of the config in wgm
peer in policy mode,
rule add FROM 192.168.2.0/24 to VPN.
rule add TO 192.168.0.0/16 to WAN

//Zeb

I've had an attempt at this. I've made a new wifi network, imported a wg config, and created the up and down scripts.

The wg11 connection is in policy mode.

When I stop the connection, it seems to kill my internet/DNS so I need to reboot to recover.

Also, not sure what you mean by these two:

rule add FROM 192.168.2.0/24 to VPN.
rule add TO 192.168.0.0/16 to WAN

Where/how do I make these rules?

 

[ZebMcKayhan]

I still don’t get the idea. Say I want to allow single host 192.168.1.111 to route through wg11, what peer command to use?
What I did was
1. manually delete default route via wg11 in route table main. This leave default route in route table main to my WAN, so whatever not specified is routed to WAN
2. Manually add route 192.168.1.111 in table 121. This make sure the single host is routed through wg11
I have doubt this will stay after reboot. What is the proper way to do this?
I also noticed ipset is available. But my use case is different. Instead of ipset routed through VPN, I want to leak ipset to WAN. I want ipset from 192.168.1.111 to go through WAN, and everything else go through wg11. I can achieve this with openvpn but don’t know how to get it done in wg.
My next goal is route wg21 to wg11. Say I dial back home via wg21, I want to have the same ipset route through WAN and everything else route through wg11.

I can't help with the server part since I'm behind a cgnat so I have never set up one.
Lets Start with getting policy routing to work before attempting ipsets through wan.

1) this is basically what wgm does for you when peer is in policy mode.
2) the proper way would be to use wgm to add the routes (policy mode) and rules.

After messing around with the rules, reboot the router.

Open wgm and stop the peers:

E:Option ==> 5

Add the rule:

E:Option ==> peer wg11 rule add vpn 192.168.1.111 comment MyVPNrule

Set the peer in policy mode:

E:Option ==> peer wg11 auto=p

Start the peer again:

E:Option ==> 4

Add more rules as you need. Think you need to restart the peer though.

Does this work for you?

//Zeb

 

[ZebMcKayhan]

Also, not sure what you mean by these two:

rule add FROM 192.168.2.0/24 to VPN.
rule add TO 192.168.0.0/16 to WAN

Where/how do I make these rules?

in wgm:

E:Option ==> peer wg11 rule add vpn 192.168.2.0/24 comment Guest2VPN

E:Option ==> peer wg11 rule add wan 0.0.0.0/0 192.168.0.0/16 comment ToLocalUseWan

Restart the peer.

I have no idea why your connection dies when you stop the peer. Have you made rules outside wgm??? How did you get wg11 in policy mode without making rules?

//Zeb

 

[paulmorabi]

in wgm:

E:Option ==> peer wg11 rule add vpn 192.168.2.0/24 comment Guest2VPN

E:Option ==> peer wg11 rule add wan 0.0.0.0/0 192.168.0.0/16 comment ToLocalUseWan

Restart the peer.

I have no idea why your connection dies when you stop the peer. Have you made rules outside wgm??? How did you get wg11 in policy mode without making rules?

//Zeb

Thanks so much for your help. I got it 100% working now. The problem was the last two rules. I didn't quite have the syntax right on them. So this will auto start on every reboot?

Also, I set up wg21 so remote clients can connect and use internal services. But as per my previous post, there is something odd with the routing and its exhibiting different behavior on different devices. Is there any way to make internal services on 192.168.1.* and other internal subnets accessible to wg21?

 

[ZebMcKayhan]

So this will auto start on every reboot?

Yes! Why not reboot and check.

Sorry, I can't help you with your server since I have never set up one, but I'm sure there are lots of people here who have, that can help you.

//Zeb

 

[chongnt]

I can't help with the server part since I'm behind a cgnat so I have never set up one.
Lets Start with getting policy routing to work before attempting ipsets through wan.

1) this is basically what wgm does for you when peer is in policy mode.
2) the proper way would be to use wgm to add the routes (policy mode) and rules.

After messing around with the rules, reboot the router.

Open wgm and stop the peers:

E:Option ==> 5

Add the rule:

E:Option ==> peer wg11 rule add vpn 192.168.1.111 comment MyVPNrule

Set the peer in policy mode:

E:Option ==> peer wg11 auto=p

Start the peer again:

E:Option ==> 4

Add more rules as you need. Think you need to restart the peer though.

Does this work for you?

//Zeb

Oh yes, this is working now. Thanks a lot for the detail explanation. Now I got wg11 running in policy mode, will let it run and compare between wg and open vpn with NordVPN.

Next I want to try ipset. Can I use the same ipset rules created before? For example, I have an ipset Astro with fwmark rule lookup in table main that these are routed to WAN.

admin@RT-AC86U-DBA8:/tmp/home/root# iptables -nvL PREROUTING -t mangle --line
Chain PREROUTING (policy ACCEPT 9874K packets, 11G bytes)
num   pkts bytes target     prot opt in     out     source               destination     
1    11590 1040K MARK       all  --  wg21   *       0.0.0.0/0            0.0.0.0/0            /* WireGuard 'server' */ MARK xset 0x1/0x7
2     5885  981K MARK       all  --  wg22   *       0.0.0.0/0            0.0.0.0/0            /* WireGuard 'server' */ MARK xset 0x1/0x7
3     3711 1940K MARK       all  --  wg11   *       0.0.0.0/0            0.0.0.0/0            /* WireGuard 'client' */ MARK xset 0x1/0x7
4      351  162K MARK       all  --  br0    *       0.0.0.0/0            0.0.0.0/0            match-set Astro dst MARK or 0x8000
...snipped...

UPDATE: I am able to make use of the existing ipset. In order to make it work, I have to move ip rule for table 121 to a lower priority than fwmark 0x8000.
Is it hardcoded for table 121?

9911:   from 192.168.1.111 lookup 121
9990:   from all fwmark 0x8000/0x8000 lookup main

 

[Martineau]

UPDATE: I am able to make use of the existing ipset. In order to make it work, I have to move ip rule for table 121 to a lower priority than fwmark 0x8000.
Is it hardcoded for table 121?

9911:   from 192.168.1.111 lookup 121
9990:   from all fwmark 0x8000/0x8000 lookup main

I deliberated over the WireGuard RPDB rules priority and made a decision to assume that they should/could co-exist but be preferred over the 'slower' OpenVPN client configuration hence the use of RPDB PRIO 991x rather than re-use the OpenVPN 999x priorities.

However, the fwmark WAN priority should ALWAYS have priority over the VPN clients irrespective if they are OpenVPN or WireGuard, therefore (for your specific usecase) you will need to manually alter nat-start (assuming you have followed: Selective Routing fwmark implementation)

e.g. edit nat-start

ip rule add from 0/0 fwmark "0x8000/0x8000" table main   prio 9990        # WAN   fwmark

change to

ip rule del prio 9900 2>/dev/null
ip rule add from 0/0 fwmark "0x8000/0x8000" table main   prio 9900        # WAN   fwmark

 

[chongnt]

I deliberated over the WireGuard RPDB rules priority and made a decision to assume that they should/could co-exist but be preferred over the 'slower' OpenVPN client configuration hence the use of RPDB PRIO 991x rather than re-use the OpenVPN 999x priorities.

However, the fwmark WAN priority should ALWAYS have priority over the VPN clients irrespective if they are OpenVPN or WireGuard, therefore (for your specific usecase) you will need to manually alter nat-start (assuming you have followed: Selective Routing fwmark implementation)

e.g. edit nat-start

ip rule add from 0/0 fwmark "0x8000/0x8000" table main   prio 9990        # WAN   fwmark

change to

ip rule add from 0/0 fwmark "0x8000/0x8000" table main   prio 9900        # WAN   fwmark

I don’t see the rules in nat-start but found it in x3mrouting.sh script. Should I add this in nat-start or make changes in x3mrouting.sh?

I also try to route wg21 to wg11 but the client loss connection. I can route wg21 to tun13 though. Any idea?
One thing i noticed is I cannot ping wg11 ip 10.5.0.1 directly from the router. I can ping when I specify source 10.5.0.2. I have manually add a static route to 10.5.0.1 via wg11 and I can ping it directly now. Does it make any difference?

admin@RT-AC86U-DBA8:/tmp/home/root# ifconfig wg11
wg11      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00            inet addr:10.5.0.2  P-t-P:10.5.0.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP  MTU:1420  Metric:1
          RX packets:55963 errors:0 dropped:0 overruns:0 frame:0
          TX packets:55096 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:29538872 (28.1 MiB)  TX bytes:16714564 (15.9 MiB)

admin@RT-AC86U-DBA8:/tmp/home/root#

 

[Martineau]

I don’t see the rules in nat-start but found it in x3mrouting.sh script. Should I add this in nat-start or make changes in x3mrouting.sh?

I don't use x3mrouting so I would suggest that you make the modification to nat-start assuming it doesn't conflict with the x3mrouting configuration.

 

[ZebMcKayhan]

I don’t see the rules in nat-start but found it in x3mrouting.sh script. Should I add this in nat-start or make changes in x3mrouting.sh?

I Put this in wgm custom script wg11-up.sh:

ip rule add from 192.168.1.0/24 fwmark 0x8000 table main prio 9900
echo 2 > /proc/sys/net/ipv4/conf/eth0/rp_filter

You also need then to Put in wg11-down.sh:

ip rule del prio 9900

I don't see a problem with keeping both rules. If you bring wg down the other rule will still be there.
I make use of specific source adress in the rule since I don't want it to affect my other vpn outputs as it would defy the purpose but you could change to 0/0 instead if you wish.
You probably don't need the rp_filter line since x3mrouting already does this for you. Test and decide.

//Zeb

 

[paulmorabi]

Yes! Why not reboot and check.

Sorry, I can't help you with your server since I have never set up one, but I'm sure there are lots of people here who have, that can help you.

//Zeb

I rebooted a few times and everything was fine but just wanted to triple check. Thanks again for your help! I’ll look into the other issue with running as a server and also let this group know if I can solve it.

 

[juniorsweet]

Does anyone know if @Odkrys is still maintaining their wireguard code? Last update I saw from them was in early April and there have been 2 wireguard code updates for arch-based implementations released since then--most recently on 20210606.

[Experimental] WireGuard for HND platform (4.1.x kernels)

1. Install WireGuard You need Entware-aarch64-3.10 to use wireguard without a new firmware build. ㅡ Kernel Module ㅡ RT-AC86U, GT-AC2900 - 4.1.27 https://github.com/odkrys/entware-makefile-for-merlin/raw/main/wireguard-kernel_1.0.20210219-k27_1_aarch64-3.10.ipk opkg install...

www.snbforums.com

Installation - WireGuard

www.wireguard.com

 

[chongnt]

I Put this in wgm custom script wg11-up.sh:

ip rule add from 192.168.1.0/24 fwmark 0x8000 table main prio 9900
echo 2 > /proc/sys/net/ipv4/conf/eth0/rp_filter

You also need then to Put in wg11-down.sh:

ip rule del prio 9900

I don't see a problem with keeping both rules. If you bring wg down the other rule will still be there.
I make use of specific source adress in the rule since I don't want it to affect my other vpn outputs as it would defy the purpose but you could change to 0/0 instead if you wish.
You probably don't need the rp_filter line since x3mrouting already does this for you. Test and decide.

//Zeb

I have go with your approach. I also add ip rule to route wg22 to wg11 and ipset rules in wg11 up/down script as well. Earlier I made some mistake in phone wg dns. Now I am able to route wg22 to wg11 just like what I have with openvpn.

 

[ZebMcKayhan]

Hello,

Wondering how to enterpret the stats (which by the way have not produced any negative numbers!)
For example 2 consecutive statistics:

Jun 21 18:59:00 RT-AC86U-D7D8 (wg_manager.sh): 676 Clients [97m2[95m, Servers [97m0
Jun 21 18:59:01 RT-AC86U-D7D8 (wg_manager.sh): 676 wg11:[97m transfer: 13.41 GiB received, 688.76 MiB sent        [97m2 days 08:54:10 from 2021-06-19 10:04:51 >>>>>>[0m
Jun 21 18:59:01 RT-AC86U-D7D8 (wg_manager.sh): 676 wg11: period : 6.41 GiB received, 311.53 MiB sent (Rx=6885967133;Tx=326662880)
Jun 21 18:59:02 RT-AC86U-D7D8 (wg_manager.sh): 676 wg12:[97m transfer: 373.07 MiB received, 14.10 MiB sent        [97m2 days 08:54:09 from 2021-06-19 10:04:53 >>>>>>[0m
Jun 21 18:59:02 RT-AC86U-D7D8 (wg_manager.sh): 676 wg12: period : 107.78 MiB received, 7.46 MiB sent (Rx=113020599;Tx=7825491)
Jun 21 19:59:00 RT-AC86U-D7D8 (wg_manager.sh): 3564 Clients [97m2[95m, Servers [97m0
Jun 21 19:59:01 RT-AC86U-D7D8 (wg_manager.sh): 3564 wg11:[97m transfer: 13.44 GiB received, 691.04 MiB sent        [97m2 days 09:54:10 from 2021-06-19 10:04:51 >>>>>>[0m
Jun 21 19:59:01 RT-AC86U-D7D8 (wg_manager.sh): 3564 wg11: period : 7.03 GiB received, 379.51 MiB sent (Rx=7545122982;Tx=397945079)
Jun 21 19:59:02 RT-AC86U-D7D8 (wg_manager.sh): 3564 wg12:[97m transfer: 373.08 MiB received, 14.10 MiB sent        [97m2 days 09:54:09 from 2021-06-19 10:04:53 >>>>>>[0m
Jun 21 19:59:02 RT-AC86U-D7D8 (wg_manager.sh): 3564 wg12: period : 265.30 MiB received, 6.64 MiB sent (Rx=278182135;Tx=6959431)

What is the relation between transfer and period, I thoughts period was since last stats but wg11 above is
1: 13.41 GiB received - Period: 6.41 GiB
2: 13.44 GiB received - Period: 7.03 GiB

How come the Period numbers increase faster than transfer... or could someone explain the mechanism. Or are there some arithmetic/logic error?

//Zeb

Edit: aah, get it... 13.44-6.41=7.03 only delta values stored in database so period = transfer - prevDelta.

 

[Martineau]

Hello,

Wondering how to enterpret the stats (which by the way have not produced any negative numbers!)
For example 2 consecutive statistics:

Jun 21 18:59:00 RT-AC86U-D7D8 (wg_manager.sh): 676 Clients [97m2[95m, Servers [97m0
Jun 21 18:59:01 RT-AC86U-D7D8 (wg_manager.sh): 676 wg11:[97m transfer: 13.41 GiB received, 688.76 MiB sent        [97m2 days 08:54:10 from 2021-06-19 10:04:51 >>>>>>[0m
Jun 21 18:59:01 RT-AC86U-D7D8 (wg_manager.sh): 676 wg11: period : 6.41 GiB received, 311.53 MiB sent (Rx=6885967133;Tx=326662880)
Jun 21 18:59:02 RT-AC86U-D7D8 (wg_manager.sh): 676 wg12:[97m transfer: 373.07 MiB received, 14.10 MiB sent        [97m2 days 08:54:09 from 2021-06-19 10:04:53 >>>>>>[0m
Jun 21 18:59:02 RT-AC86U-D7D8 (wg_manager.sh): 676 wg12: period : 107.78 MiB received, 7.46 MiB sent (Rx=113020599;Tx=7825491)
Jun 21 19:59:00 RT-AC86U-D7D8 (wg_manager.sh): 3564 Clients [97m2[95m, Servers [97m0
Jun 21 19:59:01 RT-AC86U-D7D8 (wg_manager.sh): 3564 wg11:[97m transfer: 13.44 GiB received, 691.04 MiB sent        [97m2 days 09:54:10 from 2021-06-19 10:04:51 >>>>>>[0m
Jun 21 19:59:01 RT-AC86U-D7D8 (wg_manager.sh): 3564 wg11: period : 7.03 GiB received, 379.51 MiB sent (Rx=7545122982;Tx=397945079)
Jun 21 19:59:02 RT-AC86U-D7D8 (wg_manager.sh): 3564 wg12:[97m transfer: 373.08 MiB received, 14.10 MiB sent        [97m2 days 09:54:09 from 2021-06-19 10:04:53 >>>>>>[0m
Jun 21 19:59:02 RT-AC86U-D7D8 (wg_manager.sh): 3564 wg12: period : 265.30 MiB received, 6.64 MiB sent (Rx=278182135;Tx=6959431)

What is the relation between transfer and period, I thoughts period was since last stats but wg11 above is
1: 13.41 GiB received - Period: 6.41 GiB
2: 13.44 GiB received - Period: 7.03 GiB

How come the Period numbers increase faster than transfer... or could someone explain the mechanism. Or are there some arithmetic/logic error?

//Zeb

Edit: aah, get it... 13.44-6.41=7.03 only delta values stored in database so period = transfer - prevDelta.

In trying to provide a USP for WireGuard 'clients' with additional reporting metrics, I ended up with a brain-dead algorithm

Clearly I meant to have stored both the delta value and the current absolute (as reported by the wg tool) session total.

 

[heysoundude]

Does anyone know if @Odkrys is still maintaining their wireguard code? Last update I saw from them was in early April and there have been 2 wireguard code updates for arch-based implementations released since then--most recently on 20210606.

[Experimental] WireGuard for HND platform (4.1.x kernels)

1. Install WireGuard You need Entware-aarch64-3.10 to use wireguard without a new firmware build. ㅡ Kernel Module ㅡ RT-AC86U, GT-AC2900 - 4.1.27 https://github.com/odkrys/entware-makefile-for-merlin/raw/main/wireguard-kernel_1.0.20210219-k27_1_aarch64-3.10.ipk opkg install...

www.snbforums.com

Installation - WireGuard

www.wireguard.com

https://www.wireguard.com/install/ is where to check currency, and it looks like a bunch of linux stuff does indeed need updating...
last I checked, the link in the thread you reference auto-updates when the author makes any changes after a WireGuard update. if that hasn't happened, perhaps nothing needs to be done on his end, and perhaps he's waiting for what he needs to proceed. (assuming it's a he)