Menu
What's new
By:
Filters Better Search

Search results

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

  1. Z

    Wireguard Session Manager (4th) thread

    Yea, putting everything (0.0.0.0/0) to vpn is troublesome and doing it twice is probably just a bad idea. Put your lan subnet there instead, but exclude router ip. You should remove your Interface rules as they have no purpose. Also you need to exclude router lan ip if you ever want to use the...
  2. Z

    Wireguard Session Manager (4th) thread

    You basically only need the keys and endpoint:port for the handshakes to work. Could this new config be not active? You can test it on your phone/computer to be sure. Did you check Endpoint and/or port didn't change? It's either that or some error in editing, some character missing or something?
  3. Z

    Wireguard Session Manager (4th) thread

    That's wierd. Are you sure everything turned out correctly? I know that wgm "builds" a new config, which is basically wg11.conf, with removed stuff that Wireguard itself does not handle, like dns and others, and runs it from /tmp. I did not check if it recreates it on start if it already exists...
  4. Z

    Wireguard Session Manager (4th) thread

    Ouch, 2h! I would be concerned about all the hassle I would need to go through to get it working so I would probably not use it. Perhaps worth your time to write a script that updates both wg11.conf and the sql database - and possibly retrieves a new config file - cron job every 2h. All bits...
  5. Z

    Wireguard question

    sure, it all depends on how you whish to retrieve things in your script. Im not sure the order always stay the same? perhaps it is? but to gain more control, I would probably use something like: ClientNr=1 TimeSinceHandshake=$(($(date +%s)-$(wg show wgs1 latest-handshakes | grep $(nvram get...
  6. Z

    Wireguard Session Manager (4th) thread

    as you are asking this question, I assume you wish to not delete your old peer and import the new? as that would be the most straight forward way. the keys exists in 2 places. mostly the config used for running the peer will be in: /opt/etc/wireguard.d/wg11.conf for wg11. but wgm also keeps...
  7. Z

    Wireguard question

    I think it only monitor handshake timer. If > 3min (or missing) then it's offline. Use wg userspace tool to monitor this. Example in @Martineau Wireguard Manager addon (search for Handshake) https://github.com/MartineauUK/wireguard/blob/main/wg_manager.sh I.e wg show wgs1 latest-handshakes Or...
  8. Z

    Wireguard on Asus: Can only see router, not LAN Devices!

    After doing some thinking (I'm alittle slow sometimes). 2 way could work with nat, maybe. As only new packets are treated but im not sure. It would not add any value, just slow everything down. Looking at your picture your server can ping lan (10.6.0.1 -> 192.168.60.x) so server is aware of...
  9. Z

    Wireguard on Asus: Can only see router, not LAN Devices!

    Understood. It means there is more to the picture. Probably AllowedIPs (server) not including lan on the other side. Nat have that side-effect - while it may make thing work in one direction, 2 way direct access will not be possible. But for 2 way to work properly nat need to be off and both...
  10. Z

    SBS. Script for using sing-box on Asus routers with Merlin firmware.

    Assuming data goes from your client over wan to sinbox sbtun interface onwards to wan it will be subject of MASQUARADE when leaving the router wan interface which is why it appears to come from your router wan ip externally. But internally, what address would data appear to come from? Are routes...
  11. Z

    SBS. Script for using sing-box on Asus routers with Merlin firmware.

    If it's for the router itself it would be filter table in the INPUT chain. So, like: iptables -I INPUT -p udp --dport <PortNr> -j ACCEPT iptables -I INPUT -p tcp --dport <PortNr> -j ACCEPT Usage of --dport requires you to use -p which means each rule is only for udp or tcp. 2 rules are needed...
  12. Z

    Wireguard on Asus: Can only see router, not LAN Devices!

    Thanks, close enough. On your client config you need to disable NAT (set to "nej") if this is site-2-site usage. Also on you client side you seem to have put in 2 ipv4 under Interface, Address. This would not be allowed/ok. You Interface Address should be 10.6.0.2/32 nothing else. 2 things...
  13. Z

    Wireguard on Asus: Can only see router, not LAN Devices!

    Better post pictures on how your setup is. Both the server config and the client config with vpndirector rules. Are you running more vpn services on any routers except this one on either side? I'm don't want to see any keys or Endpoint public ips so please obfuscate these. The router may use...
  14. Z

    Solved Wireguard Server not allowing access to Intranet even though selected

    For future reference, there are typically 3 ways your wireguard server fails to connect to your local lan resource, assuming the tunnel itself are up and running. 1. Remote/Local ip conflict. If the lan your roaming client share the same ip range as your lan has. Could be mitigated by adding...
  15. Z

    Entware How to update wireguard?

    Yes, there have not been very much activity on either kernel modules or userspace wg-tools the last years. Don't know why, could be lack of developers. Could also be that no major issues have been found now that Wireguard have been deployed on so many systems. Most fixes before have been to...
  16. Z

    Entware How to update wireguard?

    You can check which version you are currently running strings $(modprobe --show-depends wireguard | awk '{print $2}') | grep "^version" | cut -d'=' -f2 wg --version I think these were updated in fw not long ago: admin@RT-AX86U_Pro:/tmp/home/root# wg --version wireguard-tools v1.0.20210914 -...
  17. Z

    Solved Wireguard Server not allowing access to Intranet even though selected

    while 0.0.0.0/0 means all ip's, in the world of routing it also have the lowest priority. This means that if your device have a more specific route to i.e. the local network it is connected to it will choose that path instead. this implementation may differ between Wireguard implementation...
  18. Z

    Wireguard Wrong client Status

    If Im not mistaken, that view only shows the router peers summary. Clients = 0 refers to that you have no internet client configs imported (like Surfshark, Proton VPN et.c.). you are only using a server peer and roaming clients are not part of this view. its been a while since I used wgm, but...
  19. Z

    VPN Director - 2 VPN Clients and Killswitch (3004.388.8_2)

    Since the OP have atleast 1 ip set to use WAN it's a risk he/she will have to live with anyway. But if it's only ever going to be 1 ip to WAN, the OP could select that PC to be 192.168.10.3 via static dhcp and atleast do away with 1 rule: 192.168.10.4/30 #4-7 192.168.10.8/29 #8-15...
  20. Z

    VPN Director - 2 VPN Clients and Killswitch (3004.388.8_2)

    Sorry to interrupt, but I was just curious about the importance of leaving out .255 (broadcast) ip. Is it really nessisary? If not there would be fewer rules: 192.168.10.3/32 192.168.10.4/30 192.168.10.8/29 192.168.10.16/28 192.168.10.32/27 192.168.10.64/26 192.168.10.128/25 And ofcource if...
Top