Wireguard Session Manager (4th) thread

[ZebMcKayhan]

I just installed wgm and can't find gui

I can't remember but you might need to enable it from wgm cli:

E:Option ==> www mount

It should appear under the addons tab in the gui.

 

[kfahoo]

I can't remember but you might need to enable it from wgm cli:

E:Option ==> www mount

It should appear under the addons tab in the gui.

it worked but that's new for me, last time I installed it, gui was on by default,

thanks anyway

ps

without gui menu shows line

?  = About Configuration (WebUI http://://router_ip:/)

and with

?  = About Configuration (WebUI http://://router_ip:/user9.asp)

 

[wliu88]

do anyone know how can I update/replace the private key for my client peer?

 

[ZebMcKayhan]

do anyone know how can I update/replace the private key for my client peer?

as you are asking this question, I assume you wish to not delete your old peer and import the new? as that would be the most straight forward way.

the keys exists in 2 places.

mostly the config used for running the peer will be in:

/opt/etc/wireguard.d/wg11.conf

for wg11.

but wgm also keeps it in its sql database

/opt/etc/wireguard.d/WireGuard.db

the SQL database is mainly used by WGM when setting up everything around the peer (firewall rules, policy rules et.c)

you can try to stop the peer, exist wgm and update the keys in the config file by, i.e.:

nano /opt/etc/wireguard.d/wg11.conf

but Im not sure wgm will notice the mismatch and throw some errors. in that case you may need to update the SQL database as well.

I have sometimes copied the SQL database to my android phone and used "SQLite Editor" to update it and put it back and it works good, its well structured so its obvious what to change and where.
you should probably stop all peers and exit wgm before doing this, and make a safety copy of the database before you start changing it.

 

[wliu88]

as you are asking this question, I assume you wish to not delete your old peer and import the new? as that would be the most straight forward way.

the keys exists in 2 places.

mostly the config used for running the peer will be in:

/opt/etc/wireguard.d/wg11.conf

for wg11.

but wgm also keeps it in its sql database

/opt/etc/wireguard.d/WireGuard.db

the SQL database is mainly used by WGM when setting up everything around the peer (firewall rules, policy rules et.c)

you can try to stop the peer, exist wgm and update the keys in the config file by, i.e.:

nano /opt/etc/wireguard.d/wg11.conf

but Im not sure wgm will notice the mismatch and throw some errors. in that case you may need to update the SQL database as well.

I have sometimes copied the SQL database to my android phone and used "SQLite Editor" to update it and put it back and it works good, its well structured so its obvious what to change and where.
you should probably stop all peers and exit wgm before doing this, and make a safety copy of the database before you start changing it.

thanks for your explanation, yes, I don't want to delete the peer and re-import the config to it. The wg config from my service provide valid only 2 hours every time, once the wg tunnel need to reconnect after then I need obtain an new private key. So want to update just the private key of the peer config and remain all others same.

I've tried to update on /opt/etc/wireguard.d/wg11.conf, but no luck. So I assume the sqldb should be updated also. I'm going to find some tools to open sqldb.

 

[ZebMcKayhan]

The wg config from my service provide valid only 2 hours every time, once the wg tunnel need to reconnect after then I need obtain an new private key.

Ouch, 2h!
I would be concerned about all the hassle I would need to go through to get it working so I would probably not use it.
Perhaps worth your time to write a script that updates both wg11.conf and the sql database - and possibly retrieves a new config file - cron job every 2h.
All bits and pieces about changes to the files are already in wgm script.

I really thought it would be enough with wg11.conf. out of curiosity, what error message did you get?

 

[wliu88]

Ouch, 2h!
I would be concerned about all the hassle I would need to go through to get it working so I would probably not use it.
Perhaps worth your time to write a script that updates both wg11.conf and the sql database - and possibly retrieves a new config file - cron job every 2h.
All bits and pieces about changes to the files are already in wgm script.

I really thought it would be enough with wg11.conf. out of curiosity, what error message did you get?

sorry for my expression not clearly, the key valid for 2h for connection, once connected will persistent keep alive until the link broken and need a new key to rebuild the connection.

update:
i try to update both wg11.conf and sqldb, but unfortunetely not working as expected. the sympton is 0 bytes transfer.

I decide to you Asus gui wireguard for now and try to do more troubeshooting when i have time later.

thanks again for your concern about my issue.

 

[ZebMcKayhan]

i try to update both wg11.conf and sqldb, but unfortunetely not working as expected. the sympton is 0 bytes transfer.

That's wierd. Are you sure everything turned out correctly?
I know that wgm "builds" a new config, which is basically wg11.conf, with removed stuff that Wireguard itself does not handle, like dns and others, and runs it from /tmp. I did not check if it recreates it on start if it already exists.

When your updated peer is running you could run directly in shell:

wg showconf wg11

It will output the config it's currently using. Compare your keys, are they still the old keys?

 

[wliu88]

That's wierd. Are you sure everything turned out correctly?
I know that wgm "builds" a new config, which is basically wg11.conf, with removed stuff that Wireguard itself does not handle, like dns and others, and runs it from /tmp. I did not check if it recreates it on start if it already exists.

When your updated peer is running you could run directly in shell:

wg showconf wg11

It will output the config it's currently using. Compare your keys, are they still the old keys?

yes, it's really new key, but transfer 0
I think it should be something wrong during my update steps, but I don't which is it.

[Interface]
ListenPort = 33922
PrivateKey = xxx <-- new key

[Peer]
PublicKey = XvfaTRG0IMezPQNzNvtW4Vn2T2RTEijsR1NhoM0XPmc=
AllowedIPs = 0.0.0.0/0
Endpoint = 149.88.98.226:51820
PersistentKeepalive = 21

but trasfer 0

interface: wg11 EndPoint=149.88.98.226:51820 172.21.4.129 # N/A
peer: XvfaTRG0IMezPQNzNvtW4Vn2T2RTEijsR1NhoM0XPmc=
transfer: 0 B received, 888 B sent 0 Days, 00:00:30 since Thu Oct 10 16:11:27 2024 >>>>>>

WireGuard® ACTIVE Peer Status: Clients 1, Servers 0
ASUS GUI Peers: Clients 3, Servers 0



checked back wg11.conf
admin@asuswifi:/tmp/home/root# cat /opt/etc/wireguard.d/wg11.conf
[Interface]
PrivateKey=xxx <- same new key
Address=172.21.4.129
DNS=149.88.98.225,149.88.98.227
[Peer]
PublicKey=XvfaTRG0IMezPQNzNvtW4Vn2T2RTEijsR1NhoM0XPmc=
AllowedIPs=0.0.0.0/0
Endpoint=sx0320108-wg.pointtoserver.com:51820
PersistentKeepalive=21
admin@asuswifi:/tmp/home/root#

 

[ZebMcKayhan]

yes, it's really new key, but transfer 0
I think it should be something wrong during my update steps, but I don't which is it.

[Interface]
ListenPort = 33922
PrivateKey = xxx <-- new key

[Peer]
PublicKey = XvfaTRG0IMezPQNzNvtW4Vn2T2RTEijsR1NhoM0XPmc=
AllowedIPs = 0.0.0.0/0
Endpoint = 149.88.98.226:51820
PersistentKeepalive = 21

but trasfer 0

interface: wg11 EndPoint=149.88.98.226:51820 172.21.4.129 # N/A
peer: XvfaTRG0IMezPQNzNvtW4Vn2T2RTEijsR1NhoM0XPmc=
transfer: 0 B received, 888 B sent 0 Days, 00:00:30 since Thu Oct 10 16:11:27 2024 >>>>>>

WireGuard® ACTIVE Peer Status: Clients 1, Servers 0
ASUS GUI Peers: Clients 3, Servers 0



checked back wg11.conf
admin@asuswifi:/tmp/home/root# cat /opt/etc/wireguard.d/wg11.conf
[Interface]
PrivateKey=xxx <- same new key
Address=172.21.4.129
DNS=149.88.98.225,149.88.98.227
[Peer]
PublicKey=XvfaTRG0IMezPQNzNvtW4Vn2T2RTEijsR1NhoM0XPmc=
AllowedIPs=0.0.0.0/0
Endpoint=sx0320108-wg.pointtoserver.com:51820
PersistentKeepalive=21
admin@asuswifi:/tmp/home/root#

You basically only need the keys and endpointort for the handshakes to work. Could this new config be not active? You can test it on your phone/computer to be sure.
Did you check Endpoint and/or port didn't change?

It's either that or some error in editing, some character missing or something?

 

[wliu88]

You basically only need the keys and endpointort for the handshakes to work. Could this new config be not active? You can test it on your phone/computer to be sure.
Did you check Endpoint and/or port didn't change?

It's either that or some error in editing, some character missing or something?

I found the issue casued by vpn rule of vpn director conflict with wgm, it works when I disable all rules

 

[ZebMcKayhan]

I found the issue casued by vpn rule of vpn director conflict with wgm, it works when I disable all rules

Yea, putting everything (0.0.0.0/0) to vpn is troublesome and doing it twice is probably just a bad idea.

Put your lan subnet there instead, but exclude router ip. You should remove your Interface rules as they have no purpose. Also you need to exclude router lan ip if you ever want to use the killswitch.
Like
Local ip: 192.168.1.1 inerface: wan
Local ip: 192.168.1.0/24 interface: wgc1

You could duplicate the last rule for ovpn but you should only have 1 active if you want to decide vpn interface, otherwise your router decides.