Wireguard Session Manager - Discussion (2nd) thread

[abir1909]

Mostly flexibility I guess. You could keep a basic setup that always applies like your network to wg11 then change a single ip output without disturbing the others.

It allows you to keep all peers up all the time with the basic config and only change what you want.

So basically on every phone you could have buttons for which wg1x this phone should use without affecting the entire network.

Hi Zeb,
So i am testing the livin feature and it’s very convenient. It works from the ssh client but can’t get it to work from shortcuts. I run the same ssh command and getting error file locked.
any ideas?

 

[abir1909]

Mostly flexibility I guess. You could keep a basic setup that always applies like your network to wg11 then change a single ip output without disturbing the others.

It allows you to keep all peers up all the time with the basic config and only change what you want.

So basically on every phone you could have buttons for which wg1x this phone should use without affecting the entire network.

also, how do I add/edit the Annotate?
Annotate
wg11 # N/A
wg12 # N/A
wg13 # N/A
wg14 # TorGuard WireGuard Config

 

[ZebMcKayhan]

I run the same ssh command and getting error file locked.

Think you need to run the echo to place the entire command inside wgm, i.e:

echo -e "livin wg11 192.168.1.94\ne" | wg_manager

Or

echo -e "livin @home 192.168.1.94\ne" | wg_manager

You could add more command to each line just use
\n = Enter
To separate between them and end with
e = Exit
So the shell is not left with wgm running.

also, how do I add/edit the Annotate?
Annotate

Try:

E:Option ==> peer wg11 comment My 1st VPN Client

//Zeb

 

[ZebMcKayhan]

I run the same ssh command and getting error file locked.

This error means that wgm is currently running. I have got this acouple of times. You might need to ssh in and kill the pid. It usually kills itself after acouple of minutes.

Make sure you exit wgm properly in the shell and use the echo -e with \ne at the end to exit properly.

 

[Martineau]

So i am testing the livin feature and it’s very convenient. It works from the ssh client but can’t get it to work from shortcuts. I run the same ssh command and getting error file locked.

wireguard_manager is primarily menu driven so it is/was deemed prudent to prevent two instances of the interface being active concurrently.

However, certain critical commands are allowed to bypass the menu e.g. when called from other scripts (or shortcuts)

i.e. wg_manager [ start [arg] | stop [arg] | restart [arg] | show | diag | import {arg} ]

Sadly command livin | geo | jump isn't.

Feel free to submit a DAR (Development Action Request); usually interpreted as "Don't Await Reply" for most of the DARs I submitted over the years!

 

[ZebMcKayhan]

However, certain critical commands are allowed to bypass the menu e.g. when called from other scripts (or shortcuts)

i.e. wg_manager [ start [arg] | stop [arg] | restart [arg] | show | diag | import {arg} ]

Sadly command livin | geo | jump isn't.

are you sure that a command like:

echo -e "livin wg11 192.168.1.94\ne" | wg_manager

wont work when executed from another script or Apple Shortcuts/Android SSH Buttons?

I remember testing it in shell which works fine even when executed inside another script. also think I tested in SSH buttons but memory is a bit fuzzy.

 

[abir1909]

are you sure that a command like:

echo -e "livin wg11 192.168.1.94\ne" | wg_manager

wont work when executed from another script or Apple Shortcuts/Android SSH Buttons?

I remember testing it in shell which works fine even when executed inside another script. also think I tested in SSH buttons but the memory is a bit fuzzy.

It does work!

 

[chongnt]

are you sure that a command like:

echo -e "livin wg11 192.168.1.94\ne" | wg_manager

wont work when executed from another script or Apple Shortcuts/Android SSH Buttons?

I remember testing it in shell which works fine even when executed inside another script. also think I tested in SSH buttons but the memory is a bit fuzzy.

I almost forget this feature. I just try but get the following error message

E:Option ==> livin wg12 192.168.1.21
Error: near "client": syntax error

        [✔] Welcome Expat to '# xxx.nordvpn.com 'client' (wg12)'

What I did previously is I create another ip rule with a fixed higher priority to route my phone in shortcuts. First I use the ready scripting in shortcuts “get current IP address”.

Eg, to route thru wg11

 ip rule del prio 9909; ip rule add from Current IP Address table 121 prio 9909

To reset the route

 ip rule del prio 9909

Edit: the livin command did works even though it has a syntax error. This should be my part as I create manual ip rule during startup.

 

[ZebMcKayhan]

It does work!

Cool! Thanks for the feedback!

Guess the downside is you dont get any meaningful feedback in the app if wgm was successful or not?

 

[Martineau]

are you sure that a command like:

echo -e "livin wg11 192.168.1.94\ne" | wg_manager

wont work when executed from another script or Apple Shortcuts/Android SSH Buttons?

I remember testing it in shell which works fine even when executed inside another script. also think I tested in SSH buttons but memory is a bit fuzzy.

I never got a successful connection using Android SSH Button, despite being able to currently ping and actually being logged in via SSH!

I think the paid SSH apps such as JuiceSSH etc. have true scripting? allowing 'wait for string' to ensure that the command(s) submitted worked and can provide confirmation that the command has ended before sending the next etc.

However if it works for @abir1909 then that's good to know.

 

[chongnt]

Cool! Thanks for the feedback!

Guess the downside is you dont get any meaningful feedback in the app if wgm was successful or not?

In my context, I added show ssh output as alert. It shows the specific ip rule so I know where it is routed to after execution.

 ip rule del prio 9909; ip rule add from Current IP Address table wgc2 prio 9909; ip rule | grep Current IP Address | head -1

Actually in shortcuts, I ssh first to get current ip rule for the ip, then display it as menu option header. Screenshot show it was originally routed to wgc2. After I select route to wgc1 I get another alert notification.

 

[abir1909]

Cool! Thanks for the feedback!

Guess the downside is you dont get any meaningful feedback in the app if wgm was successful or

Cool! Thanks for the feedback!

Guess the downside is you dont get any meaningful feedback in the app if wgm was successful or not?

Cool! Thanks for the feedback!

Guess the downside is you dont get any meaningful feedback in the app if wgm was successful or not?

I actually get a feedback in Siri Shortcuts:


[H[J
+======================================================================+
| Welcome to the [92mWireGuard Manager/Installer script (Asuswrt-Merlin)[0m |
| |
| Version [95mv4.15b5[0m by Martineau |
| |
+======================================================================+[0m
[0m[95mWireGuard ACTIVE Peer Status: Clients [97m2[95m, Servers [97m0 [0m
[42m
[0m

[93m1 [0m = [90mUpdate[90m WireGuard modules [93m7 [0m = [32mQRcode[0m for a Peer {device} e.g. iPhone[0m
[93m2 [0m = [91mRemove[90m WireGuard/[0m(wg_manager) [93m8 [0m = [32mPeer[0m management [ "list" | "category" | "new" ] | [ {Peer | category} [ del | show | add [{"auto="[y|n|p]}] ][0m
[93m9 [0m = [32mCreate[split][0m Key-pair for Peer {Device} e.g. Nokia6310i (creates Nokia6310i.conf etc.)[0m
[93m3 [0m = [32mList[0m ACTIVE Peers Summary [Peer...] [full] [93m10 [0m= [32mIPSet[0m management [ "list" ] | [ "upd" { ipset [ "fwmark" {fwmark} ] | [ "enable" {"y"|"n"}] | [ "dstsrc"] ] } ] [0m
[93m4 [0m = [32mStart[0m [ [Peer [nopolicy]...] | category ] e.g. start clients [93m11 [0m= [32mImport[0m WireGuard configuration { [ "?" | [ "dir" directory ] | [/path/]config_file [ "name="rename_as ] ]} [0m
[93m5 [0m = [32mStop[0m [ [Peer... ] | category ] e.g. stop clients [93m12 [0m= [32mvpndirector[0m Clone VPN Director rules [ "clone" [ "wan" | "ovpn"n [ changeto_wg1n ]] | "delete" | "list" ] [0m
[93m6 [0m = [32mRestart[0m [ [Peer... ] | category ] e.g. restart servers

[93m? [0m = About Configuration
[93mv [0m = View [92m('/jffs/addons/wireguard/WireguardVPN.conf')

[93me [0m = Exit Script [?]

[96mE:[93mOption ==>[0m [s[92m
[✔] Welcome home Sir!!!
[0m
[0m
[0m[95mWireGuard ACTIVE Peer Status: Clients [97m2[95m, Servers [97m0 [0m
[42m
[0m

[93m1 [0m = [90mUpdate[90m WireGuard modules [93m7 [0m = [32mQRcode[0m for a Peer {device} e.g. iPhone[0m
[93m2 [0m = [91mRemove[90m WireGuard/[0m(wg_manager) [93m8 [0m = [32mPeer[0m management [ "list" | "category" | "new" ] | [ {Peer | category} [ del | show | add [{"auto="[y|n|p]}] ][0m
[93m9 [0m = [32mCreate[split][0m Key-pair for Peer {Device} e.g. Nokia6310i (creates Nokia6310i.conf etc.)[0m
[93m3 [0m = [32mList[0m ACTIVE Peers Summary [Peer...] [full] [93m10 [0m= [32mIPSet[0m management [ "list" ] | [ "upd" { ipset [ "fwmark" {fwmark} ] | [ "enable" {"y"|"n"}] | [ "dstsrc"] ] } ] [0m
[93m4 [0m = [32mStart[0m [ [Peer [nopolicy]...] | category ] e.g. start clients [93m11 [0m= [32mImport[0m WireGuard configuration { [ "?" | [ "dir" directory ] | [/path/]config_file [ "name="rename_as ] ]} [0m
[93m5 [0m = [32mStop[0m [ [Peer... ] | category ] e.g. stop clients [93m12 [0m= [32mvpndirector[0m Clone VPN Director rules [ "clone" [ "wan" | "ovpn"n [ changeto_wg1n ]] | "delete" | "list" ] [0m
[93m6 [0m = [32mRestart[0m [ [Peer... ] | category ] e.g. restart servers

[93m? [0m = About Configuration
[93mv [0m = View [92m('/jffs/addons/wireguard/WireguardVPN.conf')

[93me [0m = Exit Script [?]

[96mE:[93mOption ==>[0m [s[0m


Sent from my iPhone

 

[chongnt]

You probably have "SSH_Output" in show alert or show notification after run script over ssh.

 

[Martineau]

I almost forget this feature. I just try but get the following error message

E:Option ==> livin wg12 192.168.1.21
Error: near "client": syntax error

        [✔] Welcome Expat to '# xxx.nordvpn.com 'client' (wg12)'

Edit: the livin command did works even though it has a syntax error. This should be my part as I create manual ip rule during startup.

No idea why the syntax error?....but I've pushed wireguard_manager Beta v4.15b6

Effectively I have reverted the validation of the source IP to allow any LAN IP/CIDR, and also allow inbound OpenVPN clients and WireGuard Road Warrior 'client' Peers.

livin { [ wg_interface | location_tag ] [ hostname | IP ] }

 

[ZebMcKayhan]

never got a successful connection using Android SSH Button, despite being able to currently ping and actually being logged in via SSH!

Well, now I had to test.

Confirmed with ssh wg12 was running and sent via ssh button:

echo -e "stop wg12\ne" | wg_manager

I got OK as feedback and when I checked via ssh wg12 had stopped, so for sure it is working!

 

[Martineau]

I actually get a feedback in Siri Shortcuts:


[H[J
+======================================================================+
| Welcome to the [92mWireGuard Manager/Installer script (Asuswrt-Merlin)[0m |
| |
| Version [95mv4.15b5[0m by Martineau |
| |
+======================================================================+[0m
[0m[95mWireGuard ACTIVE Peer Status: Clients [97m2[95m, Servers [97m0 [0m
[42m
[0m

[93m1 [0m = [90mUpdate[90m WireGuard modules [93m7 [0m = [32mQRcode[0m for a Peer {device} e.g. iPhone[0m
[93m2 [0m = [91mRemove[90m WireGuard/[0m(wg_manager) [93m8 [0m = [32mPeer[0m management [ "list" | "category" | "new" ] | [ {Peer | category} [ del | show | add [{"auto="[y|n|p]}] ][0m
[93m9 [0m = [32mCreate[split][0m Key-pair for Peer {Device} e.g. Nokia6310i (creates Nokia6310i.conf etc.)[0m
[93m3 [0m = [32mList[0m ACTIVE Peers Summary [Peer...] [full] [93m10 [0m= [32mIPSet[0m management [ "list" ] | [ "upd" { ipset [ "fwmark" {fwmark} ] | [ "enable" {"y"|"n"}] | [ "dstsrc"] ] } ] [0m
[93m4 [0m = [32mStart[0m [ [Peer [nopolicy]...] | category ] e.g. start clients [93m11 [0m= [32mImport[0m WireGuard configuration { [ "?" | [ "dir" directory ] | [/path/]config_file [ "name="rename_as ] ]} [0m
[93m5 [0m = [32mStop[0m [ [Peer... ] | category ] e.g. stop clients [93m12 [0m= [32mvpndirector[0m Clone VPN Director rules [ "clone" [ "wan" | "ovpn"n [ changeto_wg1n ]] | "delete" | "list" ] [0m
[93m6 [0m = [32mRestart[0m [ [Peer... ] | category ] e.g. restart servers

[93m? [0m = About Configuration
[93mv [0m = View [92m('/jffs/addons/wireguard/WireguardVPN.conf')

[93me [0m = Exit Script [?]

[96mE:[93mOption ==>[0m [s[92m
[✔] Welcome home Sir!!!
[0m
[0m
[0m[95mWireGuard ACTIVE Peer Status: Clients [97m2[95m, Servers [97m0 [0m
[42m
[0m

[93m1 [0m = [90mUpdate[90m WireGuard modules [93m7 [0m = [32mQRcode[0m for a Peer {device} e.g. iPhone[0m
[93m2 [0m = [91mRemove[90m WireGuard/[0m(wg_manager) [93m8 [0m = [32mPeer[0m management [ "list" | "category" | "new" ] | [ {Peer | category} [ del | show | add [{"auto="[y|n|p]}] ][0m
[93m9 [0m = [32mCreate[split][0m Key-pair for Peer {Device} e.g. Nokia6310i (creates Nokia6310i.conf etc.)[0m
[93m3 [0m = [32mList[0m ACTIVE Peers Summary [Peer...] [full] [93m10 [0m= [32mIPSet[0m management [ "list" ] | [ "upd" { ipset [ "fwmark" {fwmark} ] | [ "enable" {"y"|"n"}] | [ "dstsrc"] ] } ] [0m
[93m4 [0m = [32mStart[0m [ [Peer [nopolicy]...] | category ] e.g. start clients [93m11 [0m= [32mImport[0m WireGuard configuration { [ "?" | [ "dir" directory ] | [/path/]config_file [ "name="rename_as ] ]} [0m
[93m5 [0m = [32mStop[0m [ [Peer... ] | category ] e.g. stop clients [93m12 [0m= [32mvpndirector[0m Clone VPN Director rules [ "clone" [ "wan" | "ovpn"n [ changeto_wg1n ]] | "delete" | "list" ] [0m
[93m6 [0m = [32mRestart[0m [ [Peer... ] | category ] e.g. restart servers

[93m? [0m = About Configuration
[93mv [0m = View [92m('/jffs/addons/wireguard/WireguardVPN.conf')

[93me [0m = Exit Script [?]

[96mE:[93mOption ==>[0m [s[0m


Sent from my iPhone

Woah! feedback is a bit messy! - especially with the ASCII control sequences adding extra clutter

I've pushed a hotfix in wireguard_manager Beta v4.15b6

New command menu { hide | show } can be used to suppress the ugly display.

Not sure if the following now works as a cleaner Siri shortcut?

echo -e "menu hide\nlivin wg11 192.168.1.94\ne" | wg_manager

 

[abir1909]

Woah! feedback is a bit messy! - especially with the ASCII control sequences adding extra clutter

I've pushed a hotfix in wireguard_manager Beta v4.15b6

New command menu { hide | show } can be used to suppress the ugly display.

Not sure if the following now works as a cleaner Siri shortcut?

echo -e "menu hide\nlivin wg11 192.168.1.94\ne" | wg_manager

i updated to the latest beta.
same results...

 

[abir1909]

Well, now I had to test.

Confirmed with ssh wg12 was running and sent via ssh button:

echo -e "stop wg12\ne" | wg_manager

I got OK as feedback and when I checked via ssh wg12 had stopped, so for sure it is working!

yes it does work However, when using the echo command the menu clutter comes up. not just with livin. i just tried your "echo -e "stop wg12\ne" | wg_manager" and got that clutter again.

 

[Martineau]

yes it does work However, when using the echo command the menu clutter comes up. not just with livin. i just tried your "echo -e "stop wg12\ne" | wg_manager" and got that clutter again.

If you can SSH to the console, is the menu command available and does it suppress the menu like this?

1  = Update WireGuard modules                                           7  = QRcode for a Peer {device} e.g. iPhone
2  = Remove WireGuard/(wg_manager)                                      8  = Peer management [ "list" | "category" | "new" ] | [ {Peer | category} [ del | show | add [{"auto="[y|n|p]}] ]
                                                                        9  = Create[split] Key-pair for Peer {Device} e.g. Nokia6310i (creates Nokia6310i.conf etc.)
3  = List ACTIVE Peers Summary [Peer...] [full]                         10 = IPSet management [ "list" ] | [ "upd" { ipset [ "fwmark" {fwmark} ] | [ "enable" {"y"|"n"}] | [ "dstsrc"] ] } ]
4  = Start   [ [Peer [nopolicy]...] | category ] e.g. start clients     11 = Import WireGuard configuration { [ "?" | [ "dir" directory ] | [/path/]config_file [ "name="rename_as ] ]}
5  = Stop    [ [Peer... ] | category ] e.g. stop clients                12 = vpndirector Clone VPN Director rules [ "clone" [ "wan" | "ovpn"n [ changeto_wg1n ]] | "delete" | "list" ]
6  = Restart [ [Peer... ] | category ] e.g. restart servers                                   

?  = About Configuration                   
v  = View ('/jffs/addons/wireguard/WireguardVPN.conf')       

e  = Exit Script [?]

E:Option ==> menu hide

     WireGuard ACTIVE Peer Status: Clients 1, Servers 1

E:Option ==>

 

[abir1909]

If you can SSH to the console, is the menu command available and does it suppress the menu like this?

1  = Update WireGuard modules                                           7  = QRcode for a Peer {device} e.g. iPhone
2  = Remove WireGuard/(wg_manager)                                      8  = Peer management [ "list" | "category" | "new" ] | [ {Peer | category} [ del | show | add [{"auto="[y|n|p]}] ]
                                                                        9  = Create[split] Key-pair for Peer {Device} e.g. Nokia6310i (creates Nokia6310i.conf etc.)
3  = List ACTIVE Peers Summary [Peer...] [full]                         10 = IPSet management [ "list" ] | [ "upd" { ipset [ "fwmark" {fwmark} ] | [ "enable" {"y"|"n"}] | [ "dstsrc"] ] } ]
4  = Start   [ [Peer [nopolicy]...] | category ] e.g. start clients     11 = Import WireGuard configuration { [ "?" | [ "dir" directory ] | [/path/]config_file [ "name="rename_as ] ]}
5  = Stop    [ [Peer... ] | category ] e.g. stop clients                12 = vpndirector Clone VPN Director rules [ "clone" [ "wan" | "ovpn"n [ changeto_wg1n ]] | "delete" | "list" ]
6  = Restart [ [Peer... ] | category ] e.g. restart servers                                  

?  = About Configuration                  
v  = View ('/jffs/addons/wireguard/WireguardVPN.conf')      

e  = Exit Script [?]

E:Option ==> menu hide

     WireGuard ACTIVE Peer Status: Clients 1, Servers 1

E:Option ==>

Not sure if that’s what you meant. But see attached.
I run two commands.