I have written a blog with more detailed instructions and a bit updated findings, during my setup.
Especially with the latest WireGuard something must have been changed. The config file needs to be re-build in a different way as in the initial instructions.
The config settings under "Peer" you need to move the Endpoint IP before the Public Key. Otherwise I didn't got the WireGuard connection to work.
So, here's a journal of how I got on with this. (TL;DR: badly).
1) I had to figure out how to enable SSH on the router.
(Not too hard!)
2) Needed to figure out how PUTTY works. (Again, not too hard!)
3) Couldn't get the router to acknowledge my USB stick as a viable drive. I did some googling and followed the instructions here:
https://github.com/RMerl/asuswrt-merlin/wiki/Initialize-OPTWARE - that may or may not have been a good idea...?
4) Took a few minutes to figure out how to get Entware installed, but managed that.
5) The process of getting the router to acknowledge my USB stick involved reformatting it in ext2 format; consequently my Windows PC now doesn't recognise it as a viable drive, meaning it's impossible to copy a downloaded file directly onto it from the PC. What I eventually tried was plugging it into the router, then browsing to the Download\Complete folder under the router in Windows Explorer and copying it there. It then took me a while to find that where that folder is in the directory structure in the SSH shell, but found it eventually.
6) It took me a minute or so to figure out that this command:
opkg install wireguard_0.0.20180910-ac28449_aarch64-3.10.ipk only works when run inside the
/tmp/mnt/sda1/Download2/Complete folder.
But wireguard installed successfully (I think).
7) The folder
/etc/opt/wireguard doesn't exist. The closest I could find is
/tmp/mnt/sda1/entware/etc/wireguard - hoped that might do instead(!).
8) Figured out how to install nano(!), created the .conf file in the above folder, and made the requisite changes.
9) Went to
/tmp/mnt/sda1/entware/etc/init.d . Made the specified changes to S50wireguard.
10) Went back to
/tmp/mnt/sda1/entware/etc/wireguard and made the changes to wg-up.
11) Checked DNS config: okay.
12) Attempted to run
/opt/etc/init.d/S50wireguard start - various errors:
insmod: can't insert '/opt/lib/modules/wireguard.ko': File exists
fopen: No such file or directory
need at least a destination address
13) Tried running
/tmp/mnt/sda1/entware/etc/init.d/S50wireguard start instead - same result.
14) Tried editing the line in the wg-up file that points to the .conf file to read
wg setconf wg0 /tmp/mnt/sda1/entware/etc/wireguard/xxx.conf
instead to see if that helped. That actually gives me an extra error:
insmod: can't insert '/opt/lib/modules/wireguard.ko': File exists
Line unrecognized: '[Interface]PrivateKey=xxxxxxxx'
Configuration parsing error
need at least a destination address
So, I'm a bit stuck now.
Any suggestions as to where I'm going wrong?
