What's new

Beta ASUS RT-AX88U Version 9.0.0.4.388.20477 (2022/08/02)

  • Thread starter Deleted member 80734
  • Start date
  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

WireGuard is possible using add-ons - it’s currently not possible with the core firmware.

If you like to pimp your router, as in pimp your ride, Merlin is the platform.

If you understand subnets and routing policy, give it a go. If you just want to click a few buttons, this Asus build is better for you.
 
Whilst I am not an expert in networking, I think you are probably talking about Wiregurd Session Manager and the 'current' thread is currently 47 pages long - that itself would fry my brain!
 
Whilst I am not an expert in networking, I think you are probably talking about Wiregurd Session Manager and the 'current' thread is currently 47 pages long - that itself would fry my brain!
Quick-start instructions for the installation of the GUI/shell-based addon wireguard_manager on ASUS routers running RMerlin firmware:

Enter the following commands (and answer the couple of setup questions as they appear)
Code:
amtm

i

wg

1

Now the wireguard_manager installation is complete, configure a 'client' Peer outbound WireGuard interface (default is ALL LAN devices).

As of v4.18, the Beta WireGuard Manager WebUI should also now appear on the Addons TAB, for basic management of the Peers, but the command line method is still avaialable:

i.e. copy either an existing Mullvad/Torguard etc. WireGuard profile (or generate a new Mullvad/Torguard etc. WireGuard profile) to the router as say '/opt/etc/wireguard.d/Torguard.conf', then enter the following wireguard_manager commands
Code:
peer import Torguard.conf

start wg11
This should now allow you to take advantage of the faster WireGuard speeds on ALL (or nominated) VPN LAN devices.

If you wish to have the 'client' Peer outbound WireGuard interface wg11 autostart @boot, issue command:
Code:
peer wg11 auto=y

For more detailed documentation see @ZebMcKayhan's Hint's and Tips Guide https://github.com/ZebMcKayhan/WireguardManager/blob/main/README.md#table-of-content
 
Last edited:
I have to realise my technical limitations, I would love to try this out and if I can figure a way I will


You don't explicitly say to use SSH but in the instructions I see XSHELL or maybe Putty mentioned even then they need configured

Version V4.18 of what? I would guess Wireguard Manager but I don't see a version history anywhere.

I'm guessing '/opt/ect/wireguard.d/Torguard.conf' should be '/opt/etc/wireguard.d/Torguard.conf'



I can follow instructions but I don't necessarily understand them fully and more importantly don't know how to rectify things when it all goes pear shaped. I'm buying an RT-AX86U based on the official Beta firmware supporting some sort of device based Wireguard VPN - I don't want to end up with a brick.
What is the cheapest router I can try this on that I can buy 2nd hand off Ebay - if the price is right I could give that a go - it could become a node from main AiMesh router when I graduate!
 
Just wanted to add that I tried Mullvad recently, and was very impressed. Both providers mentioned offer excellent WireGuard support, IMHO.
 
Just wanted to add that I tried Mullvad recently, and was very impressed. Both providers mentioned offer excellent WireGuard support, IMHO.
Sorry to be a dunce. I could not get Mullvad to work with wireguard, only OVPN on the new beta firmware. Did the Mullvad config just work for you out of the box?
 
Yes. Except that the conf files are generated with a txt extension, which confuses the router when trying to upload config.

Get rid of that .txt extension so you have a .conf extension - then it works fine.

This is easier said than done on an iOS device ;-)
 
Yes. Except that the conf files are generated with a txt extension, which confuses the router when trying to upload config.

Get rid of that .txt extension so you have a .conf extension - then it works fine.

This is easier said than done on an iOS device ;-)
More oddness with Mullvad wireguard, which may not be a Mullvad-specific issue and I can shut up if this is the wrong thread or it's uninteresting. Mullvad wireguard works if I enable it only for specific internal hosts as opposed to being the default connection OR it works if I disable router NAT and enable wireguard NAT. The issue seems to be mainly resolving domain names, so something to do with DNS. Even when I can get wireguard working, the router.asus.com name stops working and I have to manually key in my router IP address to access the control panel. (?shrug)
 
Last edited:
Heads up: beta users check the firewall to make sure the IPV4 firewall is enabled. Two and possibly all beta users of the AX86U found the IPV4 firewall disabled.
 
More oddness with Mullvad wireguard, which may not be a Mullvad-specific issue and I can shut up if this is the wrong thread or it's uninteresting. Mullvad wireguard works if I enable it only for specific internal hosts as opposed to being the default connection OR it works if I disable router NAT and enable wireguard NAT. The issue seems to be mainly resolving domain names, so something to do with DNS. Even when I can get wireguard working, the router.asus.com name stops working and I have to manually key in my router IP address to access the control panel. (?shrug)
Maybe try changing your router’s DNS settings. Just try Google’s 8.8.8.8 as an experiment. Don’t use your ISP’s DNS.

I don’t use my tunnels as the default connection. Devices are individually assigned to tunnels. The default connection is always the Internet connection, eg. WAN.
 
More oddness with Mullvad wireguard, which may not be a Mullvad-specific issue and I can shut up if this is the wrong thread or it's uninteresting. Mullvad wireguard works if I enable it only for specific internal hosts as opposed to being the default connection OR it works if I disable router NAT and enable wireguard NAT.
Sorry, where is the WireGuard NAT option?
I’m not familiar with that one.
 
need it working

Your only properly working option is Asuswrt-Merlin firmware and this custom script:


In Asuswrt Dual WAN is very basic and mostly works when the cables are physically unplugged.
 
I‘ve noticed some very interesting behaviour in this beta build. Almost like an undocumented feature - but one I love and want.

Under VPN Fusion, I have an „Internet Connection“ which is the WAN, and it‘s also the „Default Connection“ because of the option: Apply to all devices being switched on.

When I assign a tunnel to a device, that device should get the tunnel and not the default connection (WAN)

This is what I noticed:

The 2.4 GHz SSID is bound to the WAN regardless, even though the device has been assigned to the tunnel.

The 5 GHz SSID follows the device-based assignment to the tunnel.

Nowhere is this functionality mentioned. Nowhere does it seems to be configurable. But it‘s a GREAT feature.

I will play around and see if I can get Tunnel 1 as the Default Connection (2.4 GHz) and Tunnel 2 as the 5 GHz device-based assignment.

This is exactly the sort of feature I need. I don‘t need local / WAN access. I need two tunnels accessible by selecting either the 2.4 or 5 GHz SSID.
 
YES!

You can set a tunnel as your Default Connection - which all devices have access to via 2.4 GHz WiFi.

Then assign a 2nd tunnel to individual devices via 5 GHz WiFi.

This is a huge feature for me.
 
Some seriously buggy behaviour going on.

I changed the name of the 5 GHz SSID and rebooted.

The tunnels still showed connected, but both were showing local (WAN) IP addresses on connected devices. Tried everything, but still couldn‘t get the tunnel IP showing on any device connected to the 2.4 or 5 GHz network.

So I changed the 5 GHz SSID back to the original name and rebooted.

Everything back to normal! <scratches head>

I‘m not going to look a gift horse in the mouth. A rose by any other name would smell as sweet.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top