What's new

Wireguard Session Manager - Discussion (2nd) thread

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

What would you say will be the benefit of using the livin feature vs start/stop?
Mostly flexibility I guess. You could keep a basic setup that always applies like your network to wg11 then change a single ip output without disturbing the others.

It allows you to keep all peers up all the time with the basic config and only change what you want.

So basically on every phone you could have buttons for which wg1x this phone should use without affecting the entire network.
 
Mostly flexibility I guess. You could keep a basic setup that always applies like your network to wg11 then change a single ip output without disturbing the others.

It allows you to keep all peers up all the time with the basic config and only change what you want.

So basically on every phone you could have buttons for which wg1x this phone should use without affecting the entire network.
Hi Zeb, I must be doing something wrong. I execute “livin wg12 192.168.1.6” and get an Error “Invalid host IPv4 address”

also, what’s the difference between livin/jump/geo? Thx
 
Hi Zeb, I must be doing something wrong. I execute “livin wg12 192.168.1.6” and get an Error “Invalid host IPv4 address”
Whoops :rolleyes:

wireguard_manager Beta v4.15b5 patched
Update using
Code:
e  = Exit Script [?]

E:Option ==> uf dev
also, what’s the difference between livin/jump/geo? Thx
None - simply aliases for the feature
 
I updated. Still
Whoops :rolleyes:

wireguard_manager Beta v4.15b5 patched
Update using
Code:
e  = Exit Script [?]

E:Option ==> uf dev

None - simply aliases for the feature
Updated. Still getting same Error.
 
I updated. Still

Updated. Still getting same Error.
Do you have the IP reserved?
Code:
grep -F 192.168.1.6 /etc/dnsmasq.conf
 
Do you have the IP reserved?
Code:
grep -F 192.168.1.6 /etc/dnsmasq.conf
I don't think so. any ip I try I get the same Error.

E:Option ==> livin wg12 192.168.1.100

***ERROR: Invalid host IPv4 address!'

WireGuard ACTIVE Peer Status: Clients 2, Servers 0



E:Option ==> grep -F 192.168.1.6 /etc/dnsmasq.conf

Invalid Option "grep -F 192.168.1.6 /etc/dnsmasq.conf" Please enter a valid option

WireGuard ACTIVE Peer Status: Clients 2, Servers 0
 
I don't think so. any ip I try I get the same Error.

E:Option ==> livin wg12 192.168.1.100

***ERROR: Invalid host IPv4 address!'

WireGuard ACTIVE Peer Status: Clients 2, Servers 0



E:Option ==> grep -F 192.168.1.6 /etc/dnsmasq.conf

Invalid Option "grep -F 192.168.1.6 /etc/dnsmasq.conf" Please enter a valid option

WireGuard ACTIVE Peer Status: Clients 2, Servers 0
Code:
grep -F 192.168.1.6 /etc/dnsmasq.conf
is not awireguard_manager command!

If you have not reserverd/assigned the IP to a specific LAN device, then the livin command won't work, as it is trying to validate that the IP address is authorised.
 
Last edited:
I don't think so. any ip I try I get the same Error
So add your ip to the manual ip list in gui, under LAN-->DHCP-Server.

Guess it makes sense that wgm only allows this for static ips.


If you have not reserverd/assigned the IP to a specific LAN device, then the livin command won't work, as it is trying to validate that the IP address is authorised.
Some time ago when I attempted this it was possible to use cidr notation with this command. Is this no longer possible with this check?
 
Code:
grep -F 192.168.1.6 /etc/dnsmasq.conf
is not awireguard_manager command!

If you have not reserverd/assigned the IP to a specific LAN device, then the livin command won't work, as it is trying to validate that the IP address is authorised.
got it! thank you.
now its working.
 
So add your ip to the manual ip list in gui, under LAN-->DHCP-Server.

Guess it makes sense that wgm only allows this for static ips.
The original check was for IPv4 or IPv4 CIDR format only, but I suppose you could have several subnets or even wish to have passthru' clients such as OpenVPN 10.8.0.x addresses use the feature, but it is prudent when implementing Selective Routing, that you ensure that the IPs are reserved/static to prevent the wrong device from being accidentally routed out the wrong interface.
Some time ago when I attempted this it was possible to use cidr notation with this command. Is this no longer possible with this check?
At present no.
 
Hi all. I was previously using a guide by @Odkrys to install their experimental WireGuard kernel module and tools. It had easy to follow instructions for setup of vpn server.

After upgrading to 386.4 I note it DOES already include wg kernel and tools. So I can’t use the experimental ones and follow it’s guide. I saw in AMTM that this wg session manager script was available but not sure how to import my old configuration which used custom listening ports and pre shared keys. Should I roll back to 386.3 and go back to using experimental wg for now? Not sure how to proceed.
 
After upgrading to 386.4 I note it DOES already include wg kernel and tools. So I can’t use the experimental ones and follow it’s guide.
You should be able to run @Odkrys scripts even though there is buildt in modules. You could still load custom modules (or use the scripts with the buildt in modules).

Wireguard Session Manager will probably serve your needs well, it sets up a server peer when you install it. You can then change listen port if you need.
If you want to give it a try, backup your current solution and start experimenting.

I think you change the port of the server peer with:
Code:
E:Option ==> peer wg21 port=xxxxx

//Zeb
 
Last edited:
I saw in AMTM that this wg session manager script was available but not sure how to import my old configuration which used custom listening ports and pre shared keys.
wireguard_manager uses SQL tables (in lieu of NVRAM) so .conf files need to be imported.

wireguard_manager 'server' Peers are named 'wg2x' and during the initial install 'server' Peer 'wg21' is created.

If your 'server'/'client' Peers are currently called 'wg0' or 'wg1' then after the wireguard_manager install, save/rename the .conf files as say

'/opt/etc/wireguard.d/wg0_old.conf'
'/opt/etc/wireguard.d/wg1_old.conf'


then delete the default 'server' Peer
Code:
e  = Exit Script [?]

E:Option ==> peer wg21 del
then import the .configs
Code:
e  = Exit Script [?]

E:Option ==> peer import wg0_old type=server
Code:
e  = Exit Script [?]

E:Option ==> peer import wg1_old type=server
You should now be able to view the imported Peers
Code:
e  = Exit Script [?]

E:Option ==> peer
and their details...complete with your custom Ports/Keys etc.

e,g. 'server' Peer
Code:
e  = Exit Script [?]

E:Option ==> peer wg21 config

to have the imported Peers auto-start @ boot; for each Peer issue the auto=y directive
Code:
e  = Exit Script [?]

E:Option ==> peer wg21 auto=y
 
Last edited:
does wgm somehow understand that you import a server peer with
Code:
E:Option ==> peer import wg1_old
Or would you need to specify:
Code:
E:Option ==> peer import wg1_old type=server
Until the Site-to-Site feature was implemented, a wireguard_manager created 'server' Peer .conf file never contained an Endpoint = socket directive so the peer import xxx request is able to differentiate between a 'server' and 'client' Peer.

So for most import requests there is no requirement to explicitly specify type=, but whilst for advanced Peer topology requirements it is mandatory, in this case it wouldn't hurt! ;)

EDIT:type=server is mandatory! - post #595 updated.

We will have to wait and see if the OP's attempt to port his current 'server' Peer to wireguard_manager is successful, or if he will need to start from scratch and use wireguard_manager's default 'server' Peer 'wg21' and (re)create the necessary Road Warrior 'client' Peers.
 
Last edited:
I can confirm the old experimental WireGuard Kernel and tools still install and work on 386.4. There seems to be no conflicts with the inbuilt wg kernel. Will report back if anything breaks. For now I can continue using my wireguard server like before, which is a relief because I don’t have time yet to investigate setting up something different. Thanks for your help guys.
 
Until the Site-to-Site feature was implemented, a wireguard_manager created 'server' Peer .conf file never contained an Endpoint = socket directive so the peer import xxx request is able to differentiate between a 'server' and 'client' Peer.

So for most import requests there is no requirement to explicitly specify type=, but whilst for advanced Peer topology requirements it is mandatory, in this case it wouldn't hurt! ;)

We will have to wait and see if the OP's attempt to port his current 'server' Peer to wireguard_manager is successful, or if he will need to start from scratch and use wireguard_manager's default 'server' Peer 'wg21' and (re)create the necessary Road Warrior 'client' Peers.
I appreciate your effort. If I had more time available for experimenting and then testing I would have tried importing and figuring it out. But I’m sure your instructions are going to help people. And I might come back to them if I get time to revisit. Thanks.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top