What's new

Wireguard Session Manager (4th) thread

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

I can't remember but you might need to enable it from wgm cli:
Code:
E:Option ==> www mount

It should appear under the addons tab in the gui.
it worked but that's new for me, last time I installed it, gui was on by default,

thanks anyway

ps

without gui menu shows line
Code:
?  = About Configuration (WebUI http://://router_ip:/)

and with
Code:
?  = About Configuration (WebUI http://://router_ip:/user9.asp)
 
do anyone know how can I update/replace the private key for my client peer?
as you are asking this question, I assume you wish to not delete your old peer and import the new? as that would be the most straight forward way.

the keys exists in 2 places.

mostly the config used for running the peer will be in:
Code:
/opt/etc/wireguard.d/wg11.conf
for wg11.

but wgm also keeps it in its sql database
Code:
/opt/etc/wireguard.d/WireGuard.db
the SQL database is mainly used by WGM when setting up everything around the peer (firewall rules, policy rules et.c)

you can try to stop the peer, exist wgm and update the keys in the config file by, i.e.:
Code:
nano /opt/etc/wireguard.d/wg11.conf
but Im not sure wgm will notice the mismatch and throw some errors. in that case you may need to update the SQL database as well.

I have sometimes copied the SQL database to my android phone and used "SQLite Editor" to update it and put it back and it works good, its well structured so its obvious what to change and where.
you should probably stop all peers and exit wgm before doing this, and make a safety copy of the database before you start changing it.
 
as you are asking this question, I assume you wish to not delete your old peer and import the new? as that would be the most straight forward way.

the keys exists in 2 places.

mostly the config used for running the peer will be in:
Code:
/opt/etc/wireguard.d/wg11.conf
for wg11.

but wgm also keeps it in its sql database
Code:
/opt/etc/wireguard.d/WireGuard.db
the SQL database is mainly used by WGM when setting up everything around the peer (firewall rules, policy rules et.c)

you can try to stop the peer, exist wgm and update the keys in the config file by, i.e.:
Code:
nano /opt/etc/wireguard.d/wg11.conf
but Im not sure wgm will notice the mismatch and throw some errors. in that case you may need to update the SQL database as well.

I have sometimes copied the SQL database to my android phone and used "SQLite Editor" to update it and put it back and it works good, its well structured so its obvious what to change and where.
you should probably stop all peers and exit wgm before doing this, and make a safety copy of the database before you start changing it.
thanks for your explanation, yes, I don't want to delete the peer and re-import the config to it. The wg config from my service provide valid only 2 hours every time, once the wg tunnel need to reconnect after then I need obtain an new private key. So want to update just the private key of the peer config and remain all others same.

I've tried to update on /opt/etc/wireguard.d/wg11.conf, but no luck. So I assume the sqldb should be updated also. I'm going to find some tools to open sqldb.
 
The wg config from my service provide valid only 2 hours every time, once the wg tunnel need to reconnect after then I need obtain an new private key.
Ouch, 2h!
I would be concerned about all the hassle I would need to go through to get it working so I would probably not use it.
Perhaps worth your time to write a script that updates both wg11.conf and the sql database - and possibly retrieves a new config file - cron job every 2h.
All bits and pieces about changes to the files are already in wgm script.

I really thought it would be enough with wg11.conf. out of curiosity, what error message did you get?
 
Ouch, 2h!
I would be concerned about all the hassle I would need to go through to get it working so I would probably not use it.
Perhaps worth your time to write a script that updates both wg11.conf and the sql database - and possibly retrieves a new config file - cron job every 2h.
All bits and pieces about changes to the files are already in wgm script.

I really thought it would be enough with wg11.conf. out of curiosity, what error message did you get?
sorry for my expression not clearly, the key valid for 2h for connection, once connected will persistent keep alive until the link broken and need a new key to rebuild the connection.

update:
i try to update both wg11.conf and sqldb, but unfortunetely not working as expected. the sympton is 0 bytes transfer.

I decide to you Asus gui wireguard for now and try to do more troubeshooting when i have time later.

thanks again for your concern about my issue.
 
i try to update both wg11.conf and sqldb, but unfortunetely not working as expected. the sympton is 0 bytes transfer.
That's wierd. Are you sure everything turned out correctly?
I know that wgm "builds" a new config, which is basically wg11.conf, with removed stuff that Wireguard itself does not handle, like dns and others, and runs it from /tmp. I did not check if it recreates it on start if it already exists.

When your updated peer is running you could run directly in shell:
Code:
wg showconf wg11

It will output the config it's currently using. Compare your keys, are they still the old keys?
 
Last edited:
That's wierd. Are you sure everything turned out correctly?
I know that wgm "builds" a new config, which is basically wg11.conf, with removed stuff that Wireguard itself does not handle, like dns and others, and runs it from /tmp. I did not check if it recreates it on start if it already exists.

When your updated peer is running you could run directly in shell:
Code:
wg showconf wg11

It will output the config it's currently using. Compare your keys, are they still the old keys?
yes, it's really new key, but transfer 0
I think it should be something wrong during my update steps, but I don't which is it.

[Interface]
ListenPort = 33922
PrivateKey = xxx <-- new key

[Peer]
PublicKey = XvfaTRG0IMezPQNzNvtW4Vn2T2RTEijsR1NhoM0XPmc=
AllowedIPs = 0.0.0.0/0
Endpoint = 149.88.98.226:51820
PersistentKeepalive = 21

but trasfer 0

interface: wg11 EndPoint=149.88.98.226:51820 172.21.4.129 # N/A
peer: XvfaTRG0IMezPQNzNvtW4Vn2T2RTEijsR1NhoM0XPmc=
transfer: 0 B received, 888 B sent 0 Days, 00:00:30 since Thu Oct 10 16:11:27 2024 >>>>>>

WireGuard® ACTIVE Peer Status: Clients 1, Servers 0
ASUS GUI Peers: Clients 3, Servers 0



checked back wg11.conf
admin@asuswifi:/tmp/home/root# cat /opt/etc/wireguard.d/wg11.conf
[Interface]
PrivateKey=xxx <- same new key
Address=172.21.4.129
DNS=149.88.98.225,149.88.98.227
[Peer]
PublicKey=XvfaTRG0IMezPQNzNvtW4Vn2T2RTEijsR1NhoM0XPmc=
AllowedIPs=0.0.0.0/0
Endpoint=sx0320108-wg.pointtoserver.com:51820
PersistentKeepalive=21
admin@asuswifi:/tmp/home/root#
 
yes, it's really new key, but transfer 0
I think it should be something wrong during my update steps, but I don't which is it.

[Interface]
ListenPort = 33922
PrivateKey = xxx <-- new key

[Peer]
PublicKey = XvfaTRG0IMezPQNzNvtW4Vn2T2RTEijsR1NhoM0XPmc=
AllowedIPs = 0.0.0.0/0
Endpoint = 149.88.98.226:51820
PersistentKeepalive = 21

but trasfer 0

interface: wg11 EndPoint=149.88.98.226:51820 172.21.4.129 # N/A
peer: XvfaTRG0IMezPQNzNvtW4Vn2T2RTEijsR1NhoM0XPmc=
transfer: 0 B received, 888 B sent 0 Days, 00:00:30 since Thu Oct 10 16:11:27 2024 >>>>>>

WireGuard® ACTIVE Peer Status: Clients 1, Servers 0
ASUS GUI Peers: Clients 3, Servers 0



checked back wg11.conf
admin@asuswifi:/tmp/home/root# cat /opt/etc/wireguard.d/wg11.conf
[Interface]
PrivateKey=xxx <- same new key
Address=172.21.4.129
DNS=149.88.98.225,149.88.98.227
[Peer]
PublicKey=XvfaTRG0IMezPQNzNvtW4Vn2T2RTEijsR1NhoM0XPmc=
AllowedIPs=0.0.0.0/0
Endpoint=sx0320108-wg.pointtoserver.com:51820
PersistentKeepalive=21
admin@asuswifi:/tmp/home/root#
You basically only need the keys and endpoint:port for the handshakes to work. Could this new config be not active? You can test it on your phone/computer to be sure.
Did you check Endpoint and/or port didn't change?

It's either that or some error in editing, some character missing or something?
 
Last edited:
You basically only need the keys and endpoint:port for the handshakes to work. Could this new config be not active? You can test it on your phone/computer to be sure.
Did you check Endpoint and/or port didn't change?

It's either that or some error in editing, some character missing or something?
I found the issue casued by vpn rule of vpn director conflict with wgm, it works when I disable all rules
 

Attachments

  • Snipaste_2024-10-10_18-11-48.png
    Snipaste_2024-10-10_18-11-48.png
    35.9 KB · Views: 12
I found the issue casued by vpn rule of vpn director conflict with wgm, it works when I disable all rules
Yea, putting everything (0.0.0.0/0) to vpn is troublesome and doing it twice is probably just a bad idea.

Put your lan subnet there instead, but exclude router ip. You should remove your Interface rules as they have no purpose. Also you need to exclude router lan ip if you ever want to use the killswitch.
Like
Local ip: 192.168.1.1 inerface: wan
Local ip: 192.168.1.0/24 interface: wgc1

You could duplicate the last rule for ovpn but you should only have 1 active if you want to decide vpn interface, otherwise your router decides.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Top