Is wireguard available on RT-AC86U ?

[Jeffrey Young]

manually running S50wireguard starts your client and is useable? Can you post the contents of that file? Entware start up files must be in a specific format. If it is not, then the calling system likely does not know what to do with it.

 

[alannts425]

manually running S50wireguard starts your client and is useable? Can you post the contents of that file? Entware start up files must be in a specific format. If it is not, then the calling system likely does not know what to do with it.

This 2 files only

 

[Jeffrey Young]

If the script is working when called manually, then I suspect Entware is trying to call the script too early. The WAN is not up yet. Back when I setting a wg client to a VM, I had the same issue. Even called from services-start, it was trying to start too early. I ended up having to move the script to wan-event and have it start only on a "connected" event.

You can test this. Put a line something like

echo "wg client script tried to run" > /tmp/wg_client.txt

Reboot the router and see if the file wg_client.txt exist.

If the file exists, then it tells me that the script tried to run, but too early.

 

[alannts425]

If the script is working when called manually, then I suspect Entware is trying to call the script too early. The WAN is not up yet. Back when I setting a wg client to a VM, I had the same issue. Even called from services-start, it was trying to start too early. I ended up having to move the script to wan-event and have it start only on a "connected" event.

You can test this. Put a line something like

echo "wg client script tried to run" > /tmp/wg_client.txt

Reboot the router and see if the file wg_client.txt exist.

If the file exists, then it tells me that the script tried to run, but too early.

Okay. I'll test it. Btw. Thanks

 

[alannts425]

Okay. I'll test it. Btw. Thanks

tested file not exit and not working after reboot.

 

[Jeffrey Young]

tested file not exit and not working after reboot.

Hmmm. So, when you start the script manually; i.e. ./S50wireguard start, your client starts and you can use it. But it is not starting when entware starts it on a bootup (as you don't see the dbug file created). That is weird.

There is a logger statement in the script. Do you see the script trying to start in the syslog?

The only thing I can suggest, as I stated above, the WAN has to be up before the client will start. I suggest you create a /jffs/scripts/wan-event script and add the following;

#!/bin/sh

# variables passed to wan-event
# $1 > Wan Adaptor Number
# $2 > Wan state
#        init
#        connecting
#        connected
#        disconnected
#        stopped
#        disabled
#        stopping

case $2 in
    "connected")

        sleep 5

        C1="True"
        C2=0

        while [ "$C1" = "True" ]
        do
            if [ "$(nvram get ntp_ready)" -eq 0 ]; then
                sleep 10
                let "C2=C2+1"

                if [ "$C2" -gt 10 ]; then
                    logger "wan-event - wan event script did not start - ntp server failed to respond"
                    exit
                fi
            else
                C1="False"
                sleep 10
                /path/to/wireguard_client_script
            fi
        done
    ;;
esac

replacing /path/to/wireguard_client_script with the path to the script that starts your client (S50wireguard). I would move it out of the init.d directory as it is clearly not doing anything there.

Unless I am missing something, that is about all I can help you with. I still think you may be better off installing wireguard_manager from amtm and setup your client that way.

 

[alannts425]

Hmmm. So, when you start the script manually; i.e. ./S50wireguard start, your client starts and you can use it. But it is not starting when entware starts it on a bootup (as you don't see the dbug file created). That is weird.

There is a logger statement in the script. Do you see the script trying to start in the syslog?

The only thing I can suggest, as I stated above, the WAN has to be up before the client will start. I suggest you create a /jffs/scripts/wan-event script and add the following;

#!/bin/sh

# variables passed to wan-event
# $1 > Wan Adaptor Number
# $2 > Wan state
#        init
#        connecting
#        connected
#        disconnected
#        stopped
#        disabled
#        stopping

case $2 in
    "connected")

        sleep 5

        C1="True"
        C2=0

        while [ "$C1" = "True" ]
        do
            if [ "$(nvram get ntp_ready)" -eq 0 ]; then
                sleep 10
                let "C2=C2+1"

                if [ "$C2" -gt 10 ]; then
                    logger "wan-event - wan event script did not start - ntp server failed to respond"
                    exit
                fi
            else
                C1="False"
                sleep 10
                /path/to/wireguard_client_script
            fi
        done
    ;;
esac

replacing /path/to/wireguard_client_script with the path to the script that starts your client (S50wireguard). I would move it out of the init.d directory as it is clearly not doing anything there.

Unless I am missing something, that is about all I can help you with. I still think you may be better off installing wireguard_manager from amtm and setup your client that way.

Sorry, just saw your message. I got the issue already. I have installed the wireguard kernel from amtm then am manually create my own wireguard script installation which is double caused amtm is not recognized the script once the router reboot and the script is gone.

I'm trying manually create a script without installing wireguard kernel from amtm then reboot the router, the script is not gone but no internet access. I need to manually switch off the wireguard then only was able to access the internet, but I need manually reconnected the wireguard connection.

Btw, thanks for your advise and help

 

[NickolauBr]

Just want to thank you for your support!

Wireguard running smoothly on my RT-AC86U.

Took the guts to config it today and now running smoothly and way faster.
From a 500MB connection I was around 100-130 down 90 up with OPENVPN and now bumped up to 410 - 90 with Wireguard!

After digging into the command lines I found out that we can manage it from the GUI as well.
Great work guys!
Many thanks

 

[NickolauBr]

Well, I ran into some issues. All is running well, speed is up. No issues until I connect my tv and try to watch any app. Netflix, Amazon Prime or Disney+. They all behave differently:
Netflix : Login is ok, but the main page is not loaded correctly, some Series/Movies are shown and blank spots are seen. As I get inside the content and click on play, the loading is forever.
Prime: Can login, can see what's available and cant play.
Disney+ can't even login.

Any clue? Firewall issue?
As soon as I connect to my ISP Router, everything works fine.

OBS. It was all running with my exact configuration under OPENVPN.

I use Surfshark VPN service. From Brazil but living in Portugal. I use this to listen and see Brazil's content.

Thanks!

 

[Jeffrey Young]

Does your ISP do any Deep Packet Inspection on UDP? Same question with your firewall? DPI is known to mess with WG.

Before retiring, I learned to avoid some hotels as their ISPs mucked around with DPI which made WG connections pretty goofy and nearly impossible to use.

 

[ZebMcKayhan]

Well, I ran into some issues. All is running well, speed is up. No issues until I connect my tv and try to watch any app. Netflix, Amazon Prime or Disney+. They all behave differently:
Netflix : Login is ok, but the main page is not loaded correctly, some Series/Movies are shown and blank spots are seen. As I get inside the content and click on play, the loading is forever.
Prime: Can login, can see what's available and cant play.
Disney+ can't even login.

Any clue? Firewall issue?
As soon as I connect to my ISP Router, everything works fine.

OBS. It was all running with my exact configuration under OPENVPN.

I use Surfshark VPN service. From Brazil but living in Portugal. I use this to listen and see Brazil's content.

Thanks!

Could it be that your surfshark vpn ip are blocked from these sites to prevent cross region streaming? Have you checked these streaming services from some other device via vpn?

Just a thought...

 

[Jeffrey Young]

Could it be that your surfshark vpn ip are blocked from these sites to prevent cross region streaming? Have you checked these streaming services from some other device via vpn?

Just a thought...

A lot of streaming companies endeavour to identify VPN IP addresses and block them.

If that is the case, maybe see about renting a VM service in the country you want and setup your own relay.

 

[NickolauBr]

Well, it was working with OPENVPN. (same provider, giving me the same IP address)
I will manage to get back to OPENVPN and retest.

 

[NickolauBr]

A lot of streaming companies endeavour to identify VPN IP addresses and block them.

If that is the case, maybe see about renting a VM service in the country you want and setup your own relay.

That would be an alternative!

 

[ataru80]

Just want to thank you for your support!

Wireguard running smoothly on my RT-AC86U.

Took the guts to config it today and now running smoothly and way faster.
From a 500MB connection I was around 100-130 down 90 up with OPENVPN and now bumped up to 410 - 90 with Wireguard!

After digging into the command lines I found out that we can manage it from the GUI as well.
Great work guys!
Many thanks

How can you configure it from the GUI?
Also, would you mind sharing your bash scripts?

 

[Jeffrey Young]

How can you configure it from the GUI?
Also, would you mind sharing your bash scripts?

You can't on the 386 code base.

 

[NickolauBr]

How can you configure it from the GUI?
Also, would you mind sharing your bash scripts?

the only thing I added was through SSH the config file that has this data (Private Key, Address, DNS....) at the specific folder. The client was recognized at the Wireguard Manager and I started it. I noticed it was working because I had OPENVPN cofigured and it showed *error connecting* but I had a connection and a Brazilian IP (due to the server I configured Wireguard)

Let me know if I can help you with anything more specific!

#
# Use this configuration with WireGuard client
#
[Interface]
Address = **********/16
PrivateKey = *******************************************
DNS = ******************************
[Peer]
PublicKey = *************************************
AllowedIPs = 0.0.0.0/0
Endpoint =**********************************

 

[NickolauBr]

You can't on the 386 code base.

Dunno if I can edit it, but I can see it from the GUI.. (pics posted)

 

[Jeffrey Young]

Dunno if I can edit it, but I can see it from the GUI.. (pics posted)

Which firmware version are you using?

 

[NickolauBr]

386.11