[Experimental] WireGuard for HND platform (4.1.x kernels)

[borris]

You have failed to follow the install instructions in post #1 (Step 1) and missed a crucial step for the Entware auto-startup Wireguard request,, and the User Space Tool nat-start script to work...

View attachment 29983

The problem I am having now is wireguard is no internet. It shows sending of data but that's it.

The RPI is on 193.168.50.3. it has pihole running and the wireguard server.

My wan DNS goes through the pihole.

I have set wireguard as 192.168.51.1.

I get connections and a handshake showing I'm connected and data being sent and received but very small amounts.

I installed the server one with pivpn.

Thanks on advance!

 

[borris]

some more info for anyone that can help.


peer: xxxxxx
preshared key: (hidden)
endpoint: 192.168.50.3:51820
allowed ips: 0.0.0.0/0, ::/0
latest handshake: 39 seconds ago
transfer: 26.03 KiB received, 1.55 GiB sent
persistent keepalive: every 25 seconds

it shows that it is sending data but not getting it back.


br0 Link encap:Ethernet HWaddr 24:4B:FE:09:97:F8
inet addr:192.168.50.1 Bcast:192.168.50.255 Mask:255.255.255.0
UP BROADCAST RUNNING ALLMULTI MULTICAST MTU:1500 Metric:1
RX packets:6353 errors:0 dropped:73 overruns:0 frame:0
TX packets:7659 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:957363 (934.9 KiB) TX bytes:7351560 (7.0 MiB)

eth0 Link encap:Ethernet HWaddr 24:4B:FE:09:97:F8
inet addr:xxxxx.174 Bcast:xxx Mask:255.255.0.0
UP BROADCAST RUNNING ALLMULTI MULTICAST MTU:1500 Metric:1
RX packets:4858942 errors:0 dropped:0 overruns:0 frame:0
TX packets:1202305 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:6389505926 (5.9 GiB) TX bytes:192535296 (183.6 MiB)

eth1 Link encap:Ethernet HWaddr 24:4B:FE:09:97:F8
UP BROADCAST ALLMULTI MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

eth2 Link encap:Ethernet HWaddr 24:4B:FE:09:97:F8
UP BROADCAST ALLMULTI MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

eth3 Link encap:Ethernet HWaddr 24:4B:FE:09:97:F8
UP BROADCAST ALLMULTI MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

eth4 Link encap:Ethernet HWaddr 24:4B:FE:09:97:F8
UP BROADCAST ALLMULTI MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

eth5 Link encap:Ethernet HWaddr 24:4B:FE:09:97:F8
UP BROADCAST RUNNING ALLMULTI MULTICAST MTU:1500 Metric:1
RX packets:14861 errors:0 dropped:22 overruns:0 frame:0
TX packets:25835 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1088314 (1.0 MiB) TX bytes:15186503 (14.4 MiB)

eth6 Link encap:Ethernet HWaddr 24:4B:FE:09:97:F8
UP BROADCAST RUNNING ALLMULTI MULTICAST MTU:1500 Metric:1
RX packets:21576777 errors:0 dropped:16 overruns:0 frame:0
TX packets:10668484 errors:0 dropped:250298 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:9950912245 (9.2 GiB) TX bytes:5542109507 (5.1 GiB)

eth7 Link encap:Ethernet HWaddr 24:4B:FE:09:97:FC
UP BROADCAST RUNNING ALLMULTI MULTICAST MTU:1500 Metric:1
RX packets:1623368 errors:0 dropped:15 overruns:0 frame:0
TX packets:1485469 errors:0 dropped:175049 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:492002234 (469.2 MiB) TX bytes:1016721233 (969.6 MiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MULTICAST MTU:65536 Metric:1
RX packets:275720 errors:0 dropped:0 overruns:0 frame:0
TX packets:275720 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:53911961 (51.4 MiB) TX bytes:53911961 (51.4 MiB)

lo:0 Link encap:Local Loopback
inet addr:127.0.1.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MULTICAST MTU:65536 Metric:1

ppp0 Link encapoint-to-Point Protocol
inet addr:xxx P-t-P:xxxxxx Mask:255.255.255.255
UP POINTOPOINT RUNNING MULTICAST MTU:1492 Metric:1
RX packets:5580 errors:0 dropped:0 overruns:0 frame:0
TX packets:3452 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:5098642 (4.8 MiB) TX bytes:488304 (476.8 KiB)

 

[ZebMcKayhan]

it shows that it is sending data but not getting it back.

This is usually a sign of masquarading not working properly... test shifting to /16 according to my previous post. I'm not sure Ive understood your system completally but it sounds like you are using different subnets which easaly runs into problems like this. standard WG files only masquareds packages with source adress with same subnet as your local LAN adress.

/Zeb

 

[borris]

Been running wireguard client on my AC86U now for a month and it is working great! running merlin 386 beta 2.

I have been running on some snags that I would like to share for others maybee experiencing the same problems:

my ordinary LAN is on 192.168.1.x on device br0.
guest wifi is per default on br1 and br2 192.168.101.x and 192.168.102.x

2 problems comes from this:
A) - router has set up firewall for br1, br2 to eth0 (wan) but not to wg0 (vpn) so when the new default routing table kicks in guest wifi will be useless (or any other subnet from the default one).
B) - masquarading on wg0 is set up to only masquarade /24 subnet which will be br0 only.

so to fix this edit wg-up (or wg-policy depending on which you use):
A) - Add these lines somewhere in the end:

iptables -t filter -D FORWARD -i br1 -o wg0 -j ACCEPT 2>/dev/null
iptables -t filter -D FORWARD -i br2 -o wg0 -j ACCEPT 2>/dev/null
iptables -t filter -I FORWARD -i br1 -o wg0 -j ACCEPT
iptables -t filter -I FORWARD -i br2 -o wg0 -j ACCEPT

The first 2 (the -D ones) should be added in wg-down aswell so the rules are removed when wireguard is stopped.
B) change these 2 lines:

iptables -t nat -D POSTROUTING -s $(nvram get lan_ipaddr)/24 -o wg0 -j MASQUERADE 2>/dev/null
iptables -t nat -I POSTROUTING -s $(nvram get lan_ipaddr)/24 -o wg0 -j MASQUERADE

to

iptables -t nat -D POSTROUTING -s $(nvram get lan_ipaddr)/16 -o wg0 -j MASQUERADE 2>/dev/null
iptables -t nat -I POSTROUTING -s $(nvram get lan_ipaddr)/16 -o wg0 -j MASQUERADE

The same change should be done in wg-down so the rules are properly removed when wireguard is stopped.

now br1 and br2 is allowed to be routed to wg0 (VPN) and masquarading will work on entire 192.168.x.x
please adjust further to your own need.

/Zeb

where would you add these? i have tried my client wg-policy but doesnt seem to work? what are the full post up and post down commands? thanks!

 

[ZebMcKayhan]

Depending on how you set up your S50wireguard. if you have "Route=default" then you will need to change in [wg-up] but if you have "Route=policy" then you need to change in [wg-policy]. in any case [wg-down] is executed for stop so you need to remove any rules created there.

for simplicity, you could just try to run directly from the terminal:

iptables -t nat -D POSTROUTING -s $(nvram get lan_ipaddr)/24 -o wg0 -j MASQUERADE #Remove old masq rule

iptables -t nat -I POSTROUTING -s $(nvram get lan_ipaddr)/16 -o wg0 -j MASQUERADE #Add new /16 masq rule

and see if that makes any difference for you. if not, then probably this is not your problem and you need to look elsewhere.

 

[borris]

Depending on how you set up your S50wireguard. if you have "Route=default" then you will need to change in [wg-up] but if you have "Route=policy" then you need to change in [wg-policy]. in any case [wg-down] is executed for stop so you need to remove any rules created there.

for simplicity, you could just try to run directly from the terminal:

iptables -t nat -D POSTROUTING -s $(nvram get lan_ipaddr)/24 -o wg0 -j MASQUERADE #Remove old masq rule

iptables -t nat -I POSTROUTING -s $(nvram get lan_ipaddr)/16 -o wg0 -j MASQUERADE #Add new /16 masq rule

and see if that makes any difference for you. if not, then probably this is not your problem and you need to look elsewhere.

thanks for fast reply.

no luck =/ added that to wg-policy and changed s50 to policy mode. it connects and handshakes but nothing else.

do i need to create a route?

Destination	Gateway	Genmask	Flags	Metric	Ref	Use	Iface
IPv4 Routing table
default	xxx.xxx.xxx	0.0.0.0	UG	0	0	0	WAN
10.9.0.0	*	255.255.255.0	U	0	0	0	wg0
169.254.0.0	*	255.255.0.0	U	0	0	0	MAN
xxx.xxx.xxx	*	255.255.255.255	UH	0	0	0	WAN
192.168.50.0	*	255.255.255.0	U	0	0	0	LAN
192.168.50.3	*	255.255.255.255	UH	0	0	0	LAN
239.0.0.0	*	255.0.0.0	U	0	0	0	LAN

is this how port forwarding should be done?

System Log - Port Forwarding

Source	Proto	Port range	Redirect to	Local Port	Chain
Virtual Servers
ALL	UDP	51820	192.168.50.3	51820	VSERVER

 

[borris]

getting this error when i shut down wireguard on router logs.

Feb 4 14:04:41 lldpd[1310]: removal request for address of 10.6.0.2%76, but no knowledge of it

i am setup for 10.6.0.2 as wireguard client. 192.168.50.3 rpi.

i installed pihole and pivpn to install wireguard.

port forward

​

�

Service Name	External Port	Internal Port	Internal IP Address	Protocol	Source IP	Edit	Delete
Port Forwarding List (Max Limit : 64)

​

wireguard

51820

192.168.50.3

UDP

routing table. im pretty sure this is where i am going wrong.

​

�

Destination	Gateway	Genmask	Flags	Metric	Ref	Use	Iface
IPv4 Routing table
default	*	128.0.0.0	U	0	0	0	wg0
default	172.16.16.171	0.0.0.0	UG	0	0	0	WAN
128.0.0.0	*	128.0.0.0	U	0	0	0	wg0
169.254.0.0	*	255.255.0.0	U	0	0	0	MAN
172.16.16.171	*	255.255.255.255	UH	0	0	0	WAN
192.168.50.0	*	255.255.255.0	U	0	0	0	LAN
192.168.50.3	*	255.255.255.255	UH	0	0	0	LAN
239.0.0.0	*	255.0.0.0	U	0	0	0	LAN

 

[borris]

can the router be a client while the rpi is behind it as the server? thats what i am trying to achieve.

 

[denskyson]

1. Install WireGuard

You need Entware-aarch64-3.10 to use wireguard without a new firmware build.


ㅡ Kernel Module ㅡ

RT-AC86U, GT-AC2900 - 4.1.27
entware-makefile-for-merlin/wireguard-kernel_1.0.20210124-ac_aarch64-3.10.ipk at main · odkrys/entware-makefile-for-merlin · GitHub

opkg install /path/wireguard-kernel_1.0.20210124-ac_aarch64-3.10.ipk

RT-AX88U - 4.1.51
entware-makefile-for-merlin/wireguard-kernel_1.0.20210124-ax_aarch64-3.10.ipk at main · odkrys/entware-makefile-for-merlin · GitHub

opkg install /path/wireguard-kernel_1.0.20210124-ax_aarch64-3.10.ipk

RT-AX86U - 4.1.52
entware-makefile-for-merlin/wireguard-kernel_1.0.20210124-ax86_aarch64-3.10.ipk at main · odkrys/entware-makefile-for-merlin · GitHub

opkg install /path/wireguard-kernel_1.0.20210124-ax86_aarch64-3.10.ipk

ㅡ User space tool ㅡ

https://github.com/odkrys/entware-makefile-for-merlin/raw/main/wireguard-tools_1.0.20200827-1_aarch64-3.10.ipk

opkg install /path/wireguard-tools_1.0.20200827-1_aarch64-3.10.ipk
cp /opt/etc/wireguard/S50wireguard /opt/etc/init.d

2. as Client configuration setting.

nano /opt/etc/init.d/S50wireguard

Mode=client

export LocalIP=
Route=default   #default or policy
export wgdns=
export Nipset=wgvpn

Init file has 5 options.
Mode=client

LocalIP is provided by VPN provider (e.g. AzireVPN, Mullvad) or your VPS.

default route will redirect your all internet traffic to VPN server.
policy work like Policy Rules (strict) on Merlin.

wgdns is option to change dns server.
Nipset is the name of ipset for ipset based policy routing.

AzireVPN, Mullvad, IVPN, TorGuard support WireGuard servers.

AzireVPN https://www.azirevpn.com/cfg/wg
Mullvad https://mullvad.net/en/servers/#wireguard
IVPN https://www.ivpn.net/wireguard
TorGuard https://torguard.net/knowledgebase.php?action=displayarticle&id=250

nano /opt/etc/wireguard/wg0.conf (example of AzireVPN)

[Interface]
PrivateKey = -------
Address = 10.40.12.49/19
DNS = 192.211.0.2

[Peer]
PublicKey = ----------
AllowedIPs = 0.0.0.0/0
Endpoint = IP:PORT

AzireVPN's config file looks like above one.
Fill the Address 10.40.12.49 at LocalIP of init file.

export LocalIP=10.40.12.49 (without prefix)
export wgdns=192.211.0.2

And comment out Address and DNS in the config file.
Then config file should looks like this. (I highly recommend you add keepalive.)

[Interface]
PrivateKey = -------
#Address = 10.40.12.49/19
#DNS = 192.211.0.2

[Peer]
PublicKey = -------
AllowedIPs = 0.0.0.0/0
Endpoint = IP:PORT
PersistentKeepalive = 25

Done. Start WireGuard.

/opt/etc/init.d/S50wireguard start

3. Advanced client settings.

For using Route=policy, wg-policy script has some rules.
Adjust to your situation.
Default table is 117.

nano /opt/etc/wireguard/wg-policy

#
##For ipset based Policy Routing
#

#ipset -N $Nipset hash:ip

#ip rule del prio 9997 2>/dev/null
#ip rule add fwmark 0x7000 table 117 prio 9997
#iptables -t mangle -D PREROUTING -m set --match-set $Nipset dst -j MARK --set-mark 0x7000/0x7000 2>/dev/null
#iptables -t mangle -A PREROUTING -m set --match-set $Nipset dst -j MARK --set-mark 0x7000/0x7000

#service restart_dnsmasq

4. as Server configuration setting.

(umask 077 && printf "[Interface]\nPrivateKey = " | tee /opt/etc/wireguard/wg1.conf > /dev/null)
wg genkey | tee -a /opt/etc/wireguard/wg1.conf | wg pubkey | tee /opt/etc/wireguard/server-publickey

nano /opt/etc/init.d/S50wireguard (example)

Mode=server

export Subnet=10.50.50.1/24   #e.g.)10.50.50.1/24
export wgport=51820

nano /opt/etc/wireguard/wg1.conf (Server uses wg1)

[Interface]
PrivateKey = ----------
ListenPort = 51820

[Peer]
PublicKey = ----------
AllowedIPs = 10.50.50.2/32

Done. Start WireGuard.

/opt/etc/init.d/S50wireguard start

4.5 Generate client QRcode.

Generator script will generate QRcode image for Android or iOS.
You need to install qrencode first.

opkg install qrencode

If you want to use your host address (192.168.50.1) as DNS server,
you have to add wg interface to Dnsmasq listening interface list.

sed -i '1s/^/interface=wg* \n/' /jffs/configs/dnsmasq.conf.add
service restart_dnsmasq

This script will ask you 3 options.
1. client name 2. client address 3. client DNS server



-------------------------------------------------------------------------
WireGuard use iptables so when the firewall is restarted, the rules will gone.
Please add this in nat-start script.

nano /jffs/scripts/nat-start

#!/bin/sh

WVPNROUTE=`ip route show | grep -i -a "dev wg"`
logger -s -t "($(basename $0))" $$ "Checking if WireGuard is UP...."$WVPNROUTE
if [ "$WVPNROUTE" != "" ];then
        logger -s -t "($(basename $0))" $$ "**Warning WireGuard is UP.... restarting WireGuard"
        /opt/etc/init.d/S50wireguard restart
fi

5. Remove WireGuard

/opt/etc/init.d/S50wireguard stop
opkg remove wireguard-kernel wireguard-tools
rm -r /opt/etc/wireguard
rm /opt/etc/init.d/S50wireguard

Scripts are not beautiful. They just work. Sorry, this is my best.
They have some rules to prevent duplicate.
The error messages (e.g. iptables) are not real error.
Don't worry.


Edit: iperf benchmark result.

WireGuard server on RT-AC86U. Windows 10 Tunsafe client. (https://tunsafe.com/download)
WireGuard author does not assure Tunsafe security. I just used it for benchmark purpose.

Spoiler

C:\iperf-2.0.9-win64>iperf -c 192.168.50.246 -N -M 1400 -t 20 -w 2M -P 5
WARNING: attempt to set TCP maximum segment size to 1400, but got 1281
WARNING: attempt to set TCP maximum segment size to 1400, but got 1281
WARNING: attempt to set TCP maximum segment size to 1400, but got 1281
WARNING: attempt to set TCP maximum segment size to 1400, but got 1281
WARNING: attempt to set TCP maximum segment size to 1400, but got 1281
------------------------------------------------------------
Client connecting to 192.168.50.246, TCP port 5001
TCP window size: 2.00 MByte
------------------------------------------------------------
[ 5] local 10.50.50.2 port 1911 connected with 192.168.50.246 port 5001
[ 7] local 10.50.50.2 port 1913 connected with 192.168.50.246 port 5001
[ 4] local 10.50.50.2 port 1910 connected with 192.168.50.246 port 5001
[ 6] local 10.50.50.2 port 1912 connected with 192.168.50.246 port 5001
[ 3] local 10.50.50.2 port 1909 connected with 192.168.50.246 port 5001
[ ID] Interval Transfer Bandwidth
[ 5] 0.0-20.0 sec 220 MBytes 92.4 Mbits/sec
[ 7] 0.0-20.0 sec 205 MBytes 86.1 Mbits/sec
[ 4] 0.0-20.1 sec 230 MBytes 96.1 Mbits/sec
[ 6] 0.0-20.0 sec 227 MBytes 95.2 Mbits/sec
[ 3] 0.0-20.0 sec 212 MBytes 89.1 Mbits/sec
[SUM] 0.0-20.1 sec 1.07 GBytes 457 Mbits/sec

Hello,
I have an error at installation:

RT-AX86U-B088:/tmp/home/root# opkg install wireguard-kernel_1.0.20210124-ax86_aarch64-3.10.ipk
Collected errors:
* pkg_init_from_file: Malformed package file wireguard-kernel_1.0.20210124-ax86_aarch64-3.10.ipk.

Could you please advise what I'm doing wrong?

 

[borris]

Hello,
I have an error at installation:

RT-AX86U-B088:/tmp/home/root# opkg install wireguard-kernel_1.0.20210124-ax86_aarch64-3.10.ipk
Collected errors:
* pkg_init_from_file: Malformed package file wireguard-kernel_1.0.20210124-ax86_aarch64-3.10.ipk.

Could you please advise what I'm doing wrong?

Corrupted download? Download the files on a computer and put on USB before amtm install

 

[denskyson]

Corrupted download? Download the files on a computer and put on USB before amtm install

Corrupted download? Download the files on a computer and put on USB before amtm install

Hi, the download is ok. I have tried different ways also with usb. Something is wrong with file compatibility and router software. I'm using the latest asus-merlin firmware RT-AX86U - 386.1.

 

[borris]

386.1 compatible before I upgrade?thanks

 

[denskyson]

386.1 compatible before I upgrade?thanks

Hi Borris,
Yes I'm using

RT-AX86U

386.1

 

[Goned75]

The kernel module is updated and need to be download from the first page with the latest version of Asus Merlin

 

[denskyson]

The kernel module is updated and need to be download from the first page with the latest version of Asus Merlin

I'm using latest asus-merlin and latest kernel wireguard-kernel_1.0.20210124-ax86_aarch64-3.10.ipk

 

[G313]

I'm using latest asus-merlin and latest kernel wireguard-kernel_1.0.20210124-ax86_aarch64-3.10.ipk

Have you been able to download and install wireguar? If not try these links for the RT-AX86U.

ssh your_username@your_router_ip

Type: "wget" space (copy and past one links each time) on you terminal.

https://github.com/odkrys/entware-m...ard-kernel_1.0.20210124-ax86_aarch64-3.10.ipk

https://github.com/odkrys/entware-m...reguard-tools_1.0.20200827-1_aarch64-3.10.ipk

The size for the wireguard-kernel should be: (57,387)
The size for the wireguard-tools should be: (46,309)

To install:

opkg install wireguard-kernel_1.0.20210124-ax86_aarch64-3.10.ipk

opkg install wireguard-tools_1.0.20200827-1_aarch64-3.10.ipk

Complete the installation following @Odkrys instructions.

I like to Thank You @Odkrys for all the great work, my installation has been rock solid for months on my RT-AX88U.

 

[G313]

Thank you for reply,

As I mentioned in my first post, I performed all installation steps and for some reason, kernel installation is not working.
I have an error:

RT-AX86U-B088:/tmp/home/root# opkg install wireguard-kernel_1.0.20210124-ax86_aarch64-3.10.ipk
Collected errors:
* pkg_init_from_file: Malformed package file wireguard-kernel_1.0.20210124-ax86_aarch64-3.10.ipk.

But no errors for wireguard-tools.

Today I decided to upgrade to the 1.0.20210124 kernel for my RT-AX88U, when downloaded using "wget" followed by copying and pasting
the link from post number 1. When I tried to install it returned the same error you got, when I checked the size and compared to the one
I had downloaded on my PC it was more than 30k larger. Then I went to: https://github.com/odkrys/entware-makefile-for-merlin, clicked on
the proper file, on the next page there is a button marked "Download" right clicked on it and chose "Copy Link Location".
Pasted the link after the command "wget" downloaded, checked the size and installed immediately with no problems.
Note that I have been running wireguard for some time, I stopped it to do the upgrade and started it once the upgrade was done.
That error made me think of your post, thought the cause of your problem might be the same.

 

[denskyson]

Today I decided to upgrade to the 1.0.20210124 kernel for my RT-AX88U, when downloaded using "wget" followed by copying and pasting
the link from post number 1. When I tried to install it returned the same error you got, when I checked the size and compared to the one
I had downloaded on my PC it was more than 30k larger. Then I went to: https://github.com/odkrys/entware-makefile-for-merlin, clicked on
the proper file, on the next page there is a button marked "Download" right clicked on it and chose "Copy Link Location".
Pasted the link after the command "wget" downloaded, checked the size and installed immediately with no problems.
Note that I have been running wireguard for some time, I stopped it to do the upgrade and started it once the upgrade was done.
That error made me think of your post, thought the cause of your problem might be the same.

Thank you very much!
Wireguard Successfully installed.

Now is a harder question.
I want to use it with NordVPN. But there is no step-by-step instruction for configuration.
The only comment from @Odkrys

[Experimental] WireGuard for HND platform (4.1.x kernels)

@RT-AC86U-69B8:/tmp/mnt/ssd/movie# ./nordvpn set technology NordLynx Technology is successfully set to 'NordLynx'. @RT-AC86U-69B8:/tmp/mnt/ssd/movie# ./nordvpn c Please enter your login details. Email / Username: Maybe need a few more steps, but I can't proceed now because I don't have an...

www.snbforums.com

Do you have more informaton?
Thank you!

 

[G313]

Thank you very much!
Wireguard Successfully installed.

Now is a harder question.
I want to use it with NordVPN. But there is no step-by-step instruction for configuration.
The only comment from @Odkrys

[Experimental] WireGuard for HND platform (4.1.x kernels)

@RT-AC86U-69B8:/tmp/mnt/ssd/movie# ./nordvpn set technology NordLynx Technology is successfully set to 'NordLynx'. @RT-AC86U-69B8:/tmp/mnt/ssd/movie# ./nordvpn c Please enter your login details. Email / Username: Maybe need a few more steps, but I can't proceed now because I don't have an...

www.snbforums.com

Do you have more informaton?
Thank you!

This is what I have done:

Replace your VPN provider by setting up WireGuard on DigitalOcean

How to do this the easiest and fastest way

drew2a.medium.com

 

[denskyson]

This is what I have done:

Replace your VPN provider by setting up WireGuard on DigitalOcean

How to do this the easiest and fastest way

drew2a.medium.com

At the time I set this up I had two VPN providers, since then one subscription has expired the other has a year to go,
I have never used them since.

What about the speed?
How fast is your download/upload?