Wireguard Session Manager (4th) thread

[RMerlin]

The blog bypass doesn't work on the RT-AX88U or GT-AX11000, only on newer SDKs.

 

[archiel]

The blog bypass doesn't work on the RT-AX88U or GT-AX11000, only on newer SDKs.

Thanks for the update, I had assumed that it would apply to all 388.2 devices. Probably a foolish question, but do you expect to receive updated SDKs for the RT-AX88U or GT-AX11000 which will allow the blog bypass or is this it?

 

[RMerlin]

Probably a foolish question, but do you expect to receive updated SDKs for the RT-AX88U or GT-AX11000 which will allow the blog bypass or is this it?

Broadcom didn't implement it for these models. I could try backporting it, but there's no guarantee it will work (it depends if the kernel patches would be compatible with the rest of the SDK used by these two models). That's something that will have to wait later during the 388.2 development cycle if I decide to try it out.

 

[ZebMcKayhan]

do you expect to receive updated SDKs for the RT-AX88U or GT-AX11000 which will allow the blog bypass or is this it?

Wg_manager adds packet marks in firewall to bypass flowcache for Wireguard communication already. There have been no reported issue with running Wireguard with flowcache enabled on AC86U and AX88U (to my knowledge). So if you ever decide to kick out qos then flowcache would be enabled again and you will be able to reach Gb speed on devices not going out Wireguard.

The problem is mainly with the newer AX routers that these marks dont work on them, probably because of the newer sdk so Asus/Broadcom developed this new methode.

But as you are running on AX88U then this would not be an issue for you.

 

[archiel]

Wg_manager adds packet marks in firewall to bypass flowcache for Wireguard communication already. There have been no reported issue with running Wireguard with flowcache enabled on AC86U and AX88U (to my knowledge). So if you ever decide to kick out qos then flowcache would be enabled again and you will be able to reach Gb speed on devices not going out Wireguard.

The problem is mainly with the newer AX routers that these marks dont work on them, probably because of the newer sdk so Asus/Broadcom developed this new methode.

But as you are running on AX88U then this would not be an issue for you.

if I enable flowcache and disable qos then this happens

Spoiler: Error mcast

Mar  1 16:25:47 Router kernel: [0;33;41m[ERROR mcast] bcm_mcast_blog_process,819: blog allocation failure[0m
Mar  1 16:25:47 Router kernel: [0;33;41m[ERROR mcast] bcm_mcast_blog_process,819: blog allocation failure[0m
Mar  1 16:25:47 Router kernel: [0;33;41m[ERROR mcast] bcm_mcast_blog_process,819: blog allocation failure[0m
Mar  1 16:25:47 Router kernel: [0;33;41m[ERROR mcast] bcm_mcast_blog_process,819: blog allocation failure[0m
Mar  1 16:25:57 Router kernel: [0;33;41m[ERROR mcast] bcm_mcast_blog_process,819: blog allocation failure[0m
Mar  1 16:25:57 Router kernel: [0;33;41m[ERROR mcast] bcm_mcast_blog_process,819: blog allocation failure[0m
Mar  1 16:25:58 Router kernel: [0;33;41m[ERROR mcast] bcm_mcast_blog_process,819: blog allocation failure[0m
Mar  1 16:25:58 Router kernel: [0;33;41m[ERROR mcast] bcm_mcast_blog_process,819: blog allocation failure[0m
Mar  1 16:25:59 Router kernel: [0;33;41m[ERROR mcast] bcm_mcast_blog_process,819: blog allocation failure[0m
Mar  1 16:25:59 Router kernel: [0;33;41m[ERROR mcast] bcm_mcast_blog_process,819: blog allocation failure[0m
Mar  1 16:26:09 Router kernel: [0;33;41m[ERROR mcast] bcm_mcast_blog_process,819: blog allocation failure[0m
Mar  1 16:26:09 Router kernel: [0;33;41m[ERROR mcast] bcm_mcast_blog_process,819: blog allocation failure[0m
Mar  1 16:26:10 Router kernel: [0;33;41m[ERROR mcast] bcm_mcast_blog_process,819: blog allocation failure[0m
Mar  1 16:26:10 Router kernel: [0;33;41m[ERROR mcast] bcm_mcast_blog_process,819: blog allocation failure[0m
Mar  1 16:26:19 Router kernel: [0;33;41m[ERROR mcast] bcm_mcast_blog_process,819: blog allocation failure[0m
Mar  1 16:26:19 Router kernel: [0;33;41m[ERROR mcast] bcm_mcast_blog_process,819: blog allocation failure[0m
Mar  1 16:26:20 Router kernel: [0;33;41m[ERROR mcast] bcm_mcast_blog_process,819: blog allocation failure[0m
Mar  1 16:26:20 Router kernel: [0;33;41m[ERROR mcast] bcm_mcast_blog_process,819: blog allocation failure[0m
Mar  1 16:26:21 Router kernel: [0;33;41m[ERROR mcast] bcm_mcast_blog_process,819: blog allocation failure[0m
Mar  1 16:26:21 Router kernel: [0;33;41m[ERROR mcast] bcm_mcast_blog_process,819: blog allocation failure[0m
Mar  1 16:26:31 Router kernel: [0;33;41m[ERROR mcast] bcm_mcast_blog_process,819: blog allocation failure[0m
Mar  1 16:26:31 Router kernel: [0;33;41m[ERROR mcast] bcm_mcast_blog_process,819: blog allocation failure[0m
Mar  1 16:26:32 Router kernel: [0;33;41m[ERROR mcast] bcm_mcast_blog_process,819: blog allocation failure[0m
Mar  1 16:26:32 Router kernel: [0;33;41m[ERROR mcast] bcm_mcast_blog_process,819: blog allocation failure[0m
Mar  1 16:26:42 Router kernel: [0;33;41m[ERROR mcast] bcm_mcast_blog_process,819: blog allocation failure[0m
Mar  1 16:26:42 Router kernel: [0;33;41m[ERROR mcast] bcm_mcast_blog_process,819: blog allocation failure[0m
Mar  1 16:26:43 Router kernel: [0;33;41m[ERROR mcast] bcm_mcast_blog_process,819: blog allocation failure[0m
Mar  1 16:26:43 Router kernel: [0;33;41m[ERROR mcast] bcm_mcast_blog_process,819: blog allocation failure[0m
Mar  1 16:26:43 Router kernel: [0;33;41m[ERROR mcast] bcm_mcast_blog_process,819: blog allocation failure[0m
Mar  1 16:26:43 Router kernel: [0;33;41m[ERROR mcast] bcm_mcast_blog_process,819: blog allocation failure[0m
Mar  1 16:26:53 Router kernel: [0;33;41m[ERROR mcast] bcm_mcast_blog_process,819: blog allocation failure[0m
Mar  1 16:26:53 Router kernel: [0;33;41m[ERROR mcast] bcm_mcast_blog_process,819: blog allocation failure[0m
Mar  1 16:26:54 Router kernel: [0;33;41m[ERROR mcast] bcm_mcast_blog_process,819: blog allocation failure[0m
Mar  1 16:26:54 Router kernel: [0;33;41m[ERROR mcast] bcm_mcast_blog_process,819: blog allocation failure[0m
Mar  1 16:27:00 Router kernel: [0;33;41m[ERROR mcast] bcm_mcast_blog_process,819: blog allocation failure[0m
Mar  1 16:27:00 Router kernel: [0;33;41m[ERROR mcast] bcm_mcast_blog_process,819: blog allocation failure[0m
Mar  1 16:27:04 Router kernel: [0;33;41m[ERROR mcast] bcm_mcast_blog_process,819: blog allocation failure[0m
Mar  1 16:27:04 Router kernel: [0;33;41m[ERROR mcast] bcm_mcast_blog_process,819: blog allocation failure[0m
Mar  1 16:27:05 Router kernel: [0;33;41m[ERROR mcast] bcm_mcast_blog_process,819: blog allocation failure[0m
Mar  1 16:27:05 Router kernel: [0;33;41m[ERROR mcast] bcm_mcast_blog_process,819: blog allocation failure[0m
Mar  1 16:27:15 Router kernel: [0;33;41m[ERROR mcast] bcm_mcast_blog_process,819: blog allocation failure[0m
Mar  1 16:27:15 Router kernel: [0;33;41m[ERROR mcast] bcm_mcast_blog_process,819: blog allocation failure[0m
Mar  1 16:27:16 Router kernel: [0;33;41m[ERROR mcast] bcm_mcast_blog_process,819: blog allocation failure[0m
Mar  1 16:27:16 Router kernel: [0;33;41m[ERROR mcast] bcm_mcast_blog_process,819: blog allocation failure[0m
Mar  1 16:27:20 Router kernel: [0;33;41m[ERROR mcast] bcm_mcast_blog_process,819: blog allocation failure[0m
Mar  1 16:27:20 Router kernel: [0;33;41m[ERROR mcast] bcm_mcast_blog_process,819: blog allocation failure[0m
Mar  1 16:27:27 Router kernel: [0;33;41m[ERROR mcast] bcm_mcast_blog_process,819: blog allocation failure[0m
Mar  1 16:27:27 Router kernel: [0;33;41m[ERROR mcast] bcm_mcast_blog_process,819: blog allocation failure[0m
Mar  1 16:27:27 Router kernel: [0;33;41m[ERROR mcast] bcm_mcast_blog_process,819: blog allocation failure[0m
Mar  1 16:27:27 Router kernel: [0;33;41m[ERROR mcast] bcm_mcast_blog_process,819: blog allocation failure[0m
Mar  1 16:27:38 Router kernel: [0;33;41m[ERROR mcast] bcm_mcast_blog_process,819: blog allocation failure[0m
Mar  1 16:27:38 Router kernel: [0;33;41m[ERROR mcast] bcm_mcast_blog_process,819: blog allocation failure[0m
Mar  1 16:27:38 Router kernel: [0;33;41m[ERROR mcast] bcm_mcast_blog_process,819: blog allocation failure[0m
Mar  1 16:27:38 Router kernel: [0;33;41m[ERROR mcast] bcm_mcast_blog_process,819: blog allocation failure[0m
Mar  1 16:27:41 Router kernel: [0;33;41m[ERROR mcast] bcm_mcast_blog_process,819: blog allocation failure[0m
Mar  1 16:27:41 Router kernel: [0;33;41m[ERROR mcast] bcm_mcast_blog_process,819: blog allocation failure[0m
etc...

Noticed this when I first installed WGM, disable flow cache and it goes away.

 

[ZebMcKayhan]

if I enable flowcache and disable qos then this happens

Yea thos are the usual msg from this incompatibility

Did you turn off pkg marks in wgm?

Could you check the firewall for them?

Have you had this in prior fw too?

 

[archiel]

Did you turn off pkg marks in wgm? - Not knowingly, what am looking for?

Could you check the firewall for them? - as above, what am I looking for?

Have you had this in prior fw too? - yes.

 

[ZebMcKayhan]

Did you turn off pkg marks in wgm? - Not knowingly, what am looking for?

Check command v or vx in cmd to look at your config for:

#NOSETXMARK

Could you check the firewall for them? - as above, what am I looking for?

So marking is happening in mangle table, like:

admin@RT-AC86U-D7D8:/tmp/home/root# iptables -nvL PREROUTING -t mangle
Chain PREROUTING (policy ACCEPT 2516K packets, 2936M bytes)
 pkts bytes target     prot opt in     out     source               destinati
on
    0     0 MARK       all  --  wg12   *       0.0.0.0/0            0.0.0.0/0
            /* WireGuard 'client' */ MARK xset 0x1/0x7
 615K  763M MARK       all  --  wg11   *       0.0.0.0/0            0.0.0.0/0
            /* WireGuard 'client' */ MARK xset 0x1/0x7

 

[archiel]

Check command v or vx in cmd to look at your config for:

#NOSETXMARK

So marking is happening in mangle table, like:

admin@RT-AC86U-D7D8:/tmp/home/root# iptables -nvL PREROUTING -t mangle
Chain PREROUTING (policy ACCEPT 2516K packets, 2936M bytes)
pkts bytes target     prot opt in     out     source               destinati
on
    0     0 MARK       all  --  wg12   *       0.0.0.0/0            0.0.0.0/0
            /* WireGuard 'client' */ MARK xset 0x1/0x7
615K  763M MARK       all  --  wg11   *       0.0.0.0/0            0.0.0.0/0
            /* WireGuard 'client' */ MARK xset 0x1/0x7

Spoiler: ip4 mangle

admin@Router:/tmp/home/root# iptables -nvL PREROUTING -t mangle
Chain PREROUTING (policy ACCEPT 205M packets, 165G bytes)
 pkts bytes target     prot opt in     out     source               destination
  66M   46G MARK       all  --  wg11   *       0.0.0.0/0            0.0.0.0/0            /* WireGuard 'client' */ MARK xset 0x1/0x7
53882 5102K MARK       all  --  wg21   *       0.0.0.0/0            0.0.0.0/0            /* WireGuard 'server' */ MARK xset 0x1/0x7
  52M   55G MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set wg11-mac src /* WireGuard 'client' */ MARK or 0x1000

Spoiler: ip6 mangle

admin@Router:/tmp/home/root# ip6tables -nvL PREROUTING -t mangle
Chain PREROUTING (policy ACCEPT 21M packets, 18G bytes)
 pkts bytes target     prot opt in     out     source               destination
4645K 1752M MARK       all      wg11   *       ::/0                 ::/0                 /* WireGuard 'client' */ MARK xset 0x1/0x7
 9929 2221K MARK       all      wg21   *       ::/0                 ::/0                 /* WireGuard 'server' */ MARK xset 0x1/0x7
5391K 6022M MARK       all      *      *       ::/0                 ::/0                 match-set wg11-mac src /* WireGuard 'client' */ MARK or 0x1000

from wireguardvpn.conf

# Override setting of the -t mangle FORWARD/PREROUTING '-j MARK --set-xmark 0x01/0x7' fwmarks
39 # (NOT the user Selective Routing fwmarks for Ports/IPSETs etc.)
40 #     Use command 'vx' to edit this setting.
41 #NOSETXMARK

 

[ZebMcKayhan]

Spoiler: ip4 mangle

admin@Router:/tmp/home/root# iptables -nvL PREROUTING -t mangle
Chain PREROUTING (policy ACCEPT 205M packets, 165G bytes)
 pkts bytes target     prot opt in     out     source               destination
  66M   46G MARK       all  --  wg11   *       0.0.0.0/0            0.0.0.0/0            /* WireGuard 'client' */ MARK xset 0x1/0x7
53882 5102K MARK       all  --  wg21   *       0.0.0.0/0            0.0.0.0/0            /* WireGuard 'server' */ MARK xset 0x1/0x7
  52M   55G MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set wg11-mac src /* WireGuard 'client' */ MARK or 0x1000

Spoiler: ip6 mangle

admin@Router:/tmp/home/root# ip6tables -nvL PREROUTING -t mangle
Chain PREROUTING (policy ACCEPT 21M packets, 18G bytes)
 pkts bytes target     prot opt in     out     source               destination
4645K 1752M MARK       all      wg11   *       ::/0                 ::/0                 /* WireGuard 'client' */ MARK xset 0x1/0x7
 9929 2221K MARK       all      wg21   *       ::/0                 ::/0                 /* WireGuard 'server' */ MARK xset 0x1/0x7
5391K 6022M MARK       all      *      *       ::/0                 ::/0                 match-set wg11-mac src /* WireGuard 'client' */ MARK or 0x1000

from wireguardvpn.conf

# Override setting of the -t mangle FORWARD/PREROUTING '-j MARK --set-xmark 0x01/0x7' fwmarks
39 # (NOT the user Selective Routing fwmarks for Ports/IPSETs etc.)
40 #     Use command 'vx' to edit this setting.
41 #NOSETXMARK

Either there is something in your setup that makes these marks ineffective. Or there is something in the firewall that changes them.

The marks are also in the forward table:

iptables -nvL FORWARD -t mangle

your ipsets are also using fw marks but it is OR:ed in so I didnt think it would be an issue

 

[archiel]

Either there is something in your setup that makes these marks ineffective. Or there is something in the firewall that changes them.

The marks are also in the forward table:

iptables -nvL FORWARD -t mangle

your ipsets are also using fw marks but it is OR:ed in so I didnt think it would be an issue

Do you have any suggestions on where to look, how to troubleshoot? if it helps

Spoiler: IPv4 FORWARD

admin@Router:/tmp/home/root# iptables -nvL FORWARD -t mangle
Chain FORWARD (policy ACCEPT 188M packets, 156G bytes)
 pkts bytes target     prot opt in     out     source               destination
  70M   68G MARK       all  --  *      wg11    0.0.0.0/0            0.0.0.0/0            /* WireGuard 'client' */ MARK xset 0x1/0x7
32265 1858K TCPMSS     tcp  --  wg11   *       0.0.0.0/0            0.0.0.0/0            tcpflags: 0x06/0x02 /* WireGuard 'client' */ TCPMSS clamp to PMTU
 242K   15M TCPMSS     tcp  --  *      wg11    0.0.0.0/0            0.0.0.0/0            tcpflags: 0x06/0x02 /* WireGuard 'client' */ TCPMSS clamp to PMTU
 221K  275M MARK       all  --  *      wg21    0.0.0.0/0            0.0.0.0/0            /* WireGuard 'server' */ MARK xset 0x1/0x7
  696 41760 TCPMSS     tcp  --  wg21   *       0.0.0.0/0            0.0.0.0/0            tcpflags: 0x06/0x02 /* WireGuard 'server' */ TCPMSS clamp to PMTU
  768 43724 TCPMSS     tcp  --  *      wg21    0.0.0.0/0            0.0.0.0/0            tcpflags: 0x06/0x02 /* WireGuard 'server' */ TCPMSS clamp to PMTU

Spoiler: IPv6 FORWARD

admin@Router:/tmp/home/root# ip6tables -nvL FORWARD -t mangle
Chain FORWARD (policy ACCEPT 27M packets, 24G bytes)
 pkts bytes target     prot opt in     out     source               destination
6174K 6742M MARK       all      *      wg11    ::/0                 ::/0                 /* WireGuard 'client' */ MARK xset 0x1/0x7
 4068  321K TCPMSS     tcp      wg11   *       ::/0                 ::/0                 tcpflags: 0x06/0x02 /* WireGuard 'client' */ TCPMSS clamp to PMTU
26334 2107K TCPMSS     tcp      *      wg11    ::/0                 ::/0                 tcpflags: 0x06/0x02 /* WireGuard 'client' */ TCPMSS clamp to PMTU
11524 8478K MARK       all      *      wg21    ::/0                 ::/0                 /* WireGuard 'server' */ MARK xset 0x1/0x7
  377 30160 TCPMSS     tcp      wg21   *       ::/0                 ::/0                 tcpflags: 0x06/0x02 /* WireGuard 'server' */ TCPMSS clamp to PMTU
  501 38980 TCPMSS     tcp      *      wg21    ::/0                 ::/0                 tcpflags: 0x06/0x02 /* WireGuard 'server' */ TCPMSS clamp to PMTU
30373 2970K DNSFILTERF  udp      br+    *       ::/0                 ::/0                 udp dpt:53
    0     0 DNSFILTERF  tcp      br+    *       ::/0                 ::/0                 tcp dpt:53

 

[ZebMcKayhan]

Do you have any suggestions on where to look, how to troubleshoot? if it helps

Maybee confirm first that it is Wireguard generating these messages by stopping peers and see if they are gone.

Start only client
Start only server

 

[archiel]

Good call, but now to work out where to look. I stopped the WG clients and server and disabled Cake (to re-enable flow cache) and the 'bcm_mcast_blog_process' errors reappeared.
As I was routing the Unbound DNS via wireguard, I also removed

# outgoing-interface: 192.168.3.1                       # routing to wan-event + wgm policy rules
# outgoing-interface: fd36:7ef1:2add:aa88:100::1        # routing to wan-event + wgm policy rules

from unbound.conf; these are the ipv4 and ipv6 aliases set in wan-event which are also attached to wg11 and wg12 as policy rules

I am working through various settings, but as the errors normally take an hour or so before appearing and the rest of the family do not want to constantly hear 'just restarting the router' this may take a while. I also note that even after setting each peer to auto=n (to prevent restarting on a reboot) I can see that wgm itself is starting.

Should #'ing out

/jffs/addons/wireguard/wg_manager.sh init "" & # WireGuard Manager

in post-mount be sufficient and/or is there a better way to stop wgm from starting on reboot, without uninstalling.

 

[archiel]

Good call, but now to work out where to look. I stopped the WG clients and server and disabled Cake (to re-enable flow cache) and the 'bcm_mcast_blog_process' errors reappeared.
As I was routing the Unbound DNS via wireguard, I also removed

# outgoing-interface: 192.168.3.1                       # routing to wan-event + wgm policy rules
# outgoing-interface: fd36:7ef1:2add:aa88:100::1        # routing to wan-event + wgm policy rules

from unbound.conf; these are the ipv4 and ipv6 aliases set in wan-event which are also attached to wg11 and wg12 as policy rules

I am working through various settings, but as the errors normally take an hour or so before appearing and the rest of the family do not want to constantly hear 'just restarting the router' this may take a while. I also note that even after setting each peer to auto=n (to prevent restarting on a reboot) I can see that wgm itself is starting.

Should #'ing out

/jffs/addons/wireguard/wg_manager.sh init "" & # WireGuard Manager

in post-mount be sufficient and/or is there a better way to stop wgm from starting on reboot, without uninstalling.

An update: - with my setup - 388.2 alpha 2 and no flow cache WGM was unstable and unusable

I tried just using wg11 (client) and just server (wg21) and sometimes I would get the

Router kernel: [0;33;41m[ERROR mcast] bcm_mcast_blog_process,819: blog allocation failure[0m

error and sometimes

Router kernel: potentially unexpected fatal signal 11.
Router kernel: CPU: 1 PID: 1237 Comm: httpd Tainted: P           O    4.1.51 #2
Router kernel: Hardware name: Broadcom-v8A (DT)
Router kernel: task: ffffffc03dc04b00 ti: ffffffc02e18c000 task.ti: ffffffc02e18c000
Router kernel: PC is at 0xf6ac8b10
Router kernel: LR is at 0x4fdac
Router kernel: pc : [<00000000f6ac8b10>] lr : [<000000000004fdac>] pstate: 20010010
Router kernel: sp : 00000000ffd11c28
Router kernel: x12: 00000000000c3184
Router kernel: x11: 00000000f663c08a x10: 00000000ffd11dac
Router kernel: x9 : 00000000000b04fc x8 : 0000000000000000
Router kernel: x7 : 00000000ffd11d08 x6 : 00000000ffd11d14
Router kernel: x5 : 00000000004773d8 x4 : 000000000048b2a8
Router kernel: x3 : 00000000f68977f4 x2 : 0000000000000000
Router kernel: x1 : 0000000000000000 x0 : 000000000048b2a8

and sometimes the client (wg11) would show as up but the connected device(s) would have no internet connectivity.

In each case I could not finds any other syslog events concurrent with the failures.

I also think my initial thoughts on the mcast errors being unconnected to Wireguard were mistaken, as it seems that they will persist until a reboot. Running with WGM off I did not get any recurrence.

At this point I do not know whether it was a result of enabling flow cache, using alpha 2 or that I have not done a full reset and clean install since moving from 384 to 386 in January 2021. For now I have reverted to 388.1 and disabled flow cache. The next step will be a reset, manual rebuild and then start testing again (on 388.1), but that will need to wait until I have a suitable window.

 

[archiel]

Okay, next step done, full reset and manual rebuild. Enabling flow cache is definitely an issue (I had forgotten that Cake only disables runner, so was very surprised the first time the errors recurred). Comparing pre and post rebuild I no longer have a bunch of extraneous scripts installed over the last couple of years for testing 'stuff' so once I have some free time (no one else around to complain) I can start testing to see if the errors are client only, server only or both only. Only challenge is that the errors can take quite a long time to appear (over 24 hours) and I cannot find anything else in the logs (I am using scribe) that precede them.

 

[ZebMcKayhan]

Only challenge is that the errors can take quite a long time to appear (over 24 hours) and I cannot find anything else in the logs (I am using scribe) that precede

So is it really an issue? I remember some of us using ac86u with flowcache enabled have got some occational blog mcast errors in the logs. I think you will find it if you trace these threads backwards. In my case it seemed linked to specific firmware and only times when my daughter was home so linked to some type of communication I guess. There were never any real issue reported and the errors were just a couple each hour. After checking a month or so later the errors were gone. Never did get to find out if firmware upgrade changed anything or if my daughter stopped using some app / playing some game.

Im using dual stack, same as you but Im running on self-assigned AA addresses and only over wireguard as I dont have ipv6 wan. And Im behind cgnat so not running any server. Still curious if your ipv6 and/or ipsets pkg marks are involved in giving you these errors?

So, except from syslog messages, do you actually experience errors, and how?

 

[archiel]

Definitely experience errors. I only started looking through the syslog because of all web connections (across all connected devices) becoming very sluggish and complaints from the family along the lines of 'what's wrong with the internet'. Symptoms do not appear to start until the mcast errors have been running for a couple of hours or more. Will not have any time to test for a few days, but when I do I will take proper notes on environment (connected devices, etc) and symptoms.

 

[heysoundude]

quick query for those in the know - will/does netplan make using/config-ing Wireguard any easier/simpler/better?

 

[Martineau]

/proc/blog/skip_wireguard_port
/proc/blog/skip_wireguard_network

Then maybe its just as easy as adding source ips in the file?

Dont know if @Martineau has interest/time/motivation to continue develop wgm, but even if not it should be possible with using up/down scripts.

A bit late..........RT-AX86U Pro v388.2_beta1 @ZebMcKayhan / @RMerlin but when I try to manually modify the 'blog' files

ll /proc/blog/

-r--r--r--    1 admin    root             0 Mar 22 20:55 skip_wireguard_network
-r--r--r--    1 admin    root             0 Mar 22 18:12 skip_wireguard_port

I get errors

e.g.

echo "1234 either" >> /proc/blog/skip_wireguard_port
echo: write error: Invalid argument

echo "172.16.1.1/32" >> /proc/blog/skip_wireguard_network
echo: write error: Invalid argument

 

[ZebMcKayhan]

A bit late..........RT-AX86U Pro v388.2_beta1 @ZebMcKayhan / @RMerlin but when I try to manually modify the 'blog' files

ll /proc/blog/

-r--r--r--    1 admin    root             0 Mar 22 20:55 skip_wireguard_network
-r--r--r--    1 admin    root             0 Mar 22 18:12 skip_wireguard_port

I get errors

e.g.

echo "1234 either" >> /proc/blog/skip_wireguard_port
echo: write error: Invalid argument

echo "172.16.1.1/32" >> /proc/blog/skip_wireguard_network
echo: write error: Invalid argument

Great that you pick this up and start trying!!

Could it be that fc are using this file and need to be turned off while changing them?

As I said before, I dont have the skills needed to understand the firmware code, Im more of a "try again and again untill the firmware gives up and let me do what I want" kind of guy.