What's new

Wireguard Session Manager - Discussion (2nd) thread

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

i am also getting that error below once starting wg11. not sure what it means. thank you.

wireguard-clientwg11: Initialising Wireguard VPN 'client' Peer (wg11) DNS=1.0.0.1
Error: table traffic has 6 columns but 4 values were supplied
wireguard-clientwg11: Initialisation complete.

//Zeb
 
besides, i got 2 clients setup (wg11 & wg12 ) but i can't get the routing policy working. both of them route all devices through the vpn. how do i put them in policy? thanks
There are quite a lot of examples for this in the initial thread.

You need to add rules in wgm for which ip/range that should be routed out each vpn for each client before setting the client in policy mode.
Code:
E:Option ==> peer wg11 rule add vpn src=192.168.1.x comment SingleIpToWg11
E:Option ==> peer wg12 rule add vpn src=192.168.1.x comment SingleIpToWg12
E:Option ==> peer wg11 auto=p
E:Option ==> peer wg12 auto=p

Change the ips to your needs. You can also use cidr notation to cover a larger ip range in a single rule.

//Zeb
 
i am also getting that error below once starting wg11. not sure what it means. thank you.

wireguard-clientwg11: Initialising Wireguard VPN 'client' Peer (wg11) DNS=1.0.0.1
Error: table traffic has 6 columns but 4 values were supplied
wireguard-clientwg11: Initialisation complete.
Completly delete the current wireguard_manager installation (you should clone/rename '/opt/etc/wireguard.d' if you have wireguard
profiles stored there from your Wireguard ISP that you need to re-import),

Then perform the wireguard_manager re-install from the Github dev branch

 
Last edited:
There are quite a lot of examples for this in the initial thread.

You need to add rules in wgm for which ip/range that should be routed out each vpn for each client before setting the client in policy mode.
Code:
E:Option ==> peer wg11 rule add vpn src=192.168.1.x comment SingleIpToWg11
E:Option ==> peer wg12 rule add vpn src=192.168.1.x comment SingleIpToWg12
E:Option ==> peer wg11 auto=p
E:Option ==> peer wg12 auto=p

Change the ips to your needs. You can also use cidr notation to cover a larger ip range in a single rule.

//Zeb
Thank you.
 
There are quite a lot of examples for this in the initial thread.

You need to add rules in wgm for which ip/range that should be routed out each vpn for each client before setting the client in policy mode.
Code:
E:Option ==> peer wg11 rule add vpn src=192.168.1.x comment SingleIpToWg11
E:Option ==> peer wg12 rule add vpn src=192.168.1.x comment SingleIpToWg12
E:Option ==> peer wg11 auto=p
E:Option ==> peer wg12 auto=p

Change the ips to your needs. You can also use cidr notation to cover a larger ip range in a single rule.

//Zeb
Hi Zeb, if i want to direct all traffic from a remote ip. what command am i using? thank you
 
Completly delete the current wireguard_manager installation (you should clone/rename '/opt/etc/wireguard.d' if you have wireguard
profiles stored there from your Wireguard ISP that you need to re-import),

Then perform the wireguard_manager re-install from the Github dev branch

i uninstalled and re-installed from the dev brunch and still getting the same error. it connects but error exists. thx
 
Hi Zeb, if i want to direct all traffic from a remote ip. what command am i using? thank you
I'm not sure I understand. I'm gonna assume you mean TO a remote ip, ie:
Code:
E:Option ==> peer wg11 rule add vpn dst=8.8.8.8 comment GoogleDnsViaWg11

By the way, you error is because your wireguard.db is lacking columns since it was created in an earlier version of wgm. Make sure the latest dev version is creating the new .db and not copy your old one. Only backup and replace your original .conf files (the ones you got from your wg isp).

//Zeb
 
Last edited:
I'm not sure I understand. I'm gonna assume you mean TO a remote ip, ie:
Code:
E:Option ==> peer wg11 rule add vpn dst=8.8.8.8 comment GoogleDnsViaWg11

By the way, you error is because your wireguard.db is lacking columns since it was created in an earlier version of wgm. Make sure the latest dev version is creating the new .db and not copy your old one.

//Zeb
You assumed right. Thanks

After uninstall I checked with Winscp and didn’t see that file anymore. Does it keep a copy of it somewhere? How do I know it’s new file? The file has a date of the recent installation.
 
You assumed right. Thanks

After uninstall I checked with Winscp and didn’t see that file anymore. Does it keep a copy of it somewhere? How do I know it’s new file? The file has a date of the recent installation.
Well, you could always follow my link above to issue the commands from the shell to add the columns in your existing database...

//Zeb
 
After uninstall I checked with Winscp and didn’t see that file anymore. Does it keep a copy of it somewhere?
The wireguard_manager uninstall process does optionally allow retaining the current/existing custom config files, but after a FULL uninstall then the directories
Code:
/opt/etc/wireguard.d/
/opt/etc/wireguard
should not exist which means the SQL database '/opt/etc/wireguard.d/WireGuard.db' will be recreated during the next fresh wireguard_manager install.

However, as the actual error you have reported indicates that there is insufficient data to populate the SQL 'traffic' table and not an issue with the SQL 'traffic' table column definition, you can debug/dump the raw SQL database table data using
Code:
e  = Exit Script [?]

E:Option ==> diag sql
i.e. hopefully the above command will show which two column data values are missing from the 'traffic' table, as the six expected formally tabulated values should appear as shown below with a default value of '0' inserted as necessary.
Code:
e  = Exit Script [?]

E:Option ==> diag sql traffic

    DEBUG: SQL '/opt/etc/wireguard.d/WireGuard.db'

    Table:traffic
Peer  Timestamp            RX        TX       RX Total  TX Total
wg12  2021-10-08 11:23:17  0         0        0         0
wg12  2021-10-08 11:25:25  3019899   660132   3019899   660132

<snip>
 
Last edited:
The wireguard_manager uninstall process does optionally allow retaining the current/existing custom config files, but after a FULL uninstall then the directories
Code:
/opt/etc/wireguard.d/
/opt/etc/wireguard
should not exist which means the SQL database '/opt/etc/wireguard.d/WireGuard.db' will be recreated during the next fresh wireguard_manager install.

However, as the actual error you have reported indicates that there is insufficient data to populate the SQL 'traffic' table and not an issue with the SQL 'traffic' table column definition, you can debug/dump the raw SQL database table data using
Code:
e  = Exit Script [?]

E:Option ==> diag sql
i.e. hopefully the above command will show which two column data values are missing from the 'traffic' table, as the six expected formally tabulated values should appear as shown below with a default value of '0' inserted as necessary.
Code:
e  = Exit Script [?]

E:Option ==> diag sql traffic

    DEBUG: SQL '/opt/etc/wireguard.d/WireGuard.db'

    Table:traffic
Peer  Timestamp            RX        TX       RX Total  TX Total
wg12  2021-10-08 11:23:17  0         0        0         0
wg12  2021-10-08 11:25:25  3019899   660132   3019899   660132

<snip>
Well, attached the results I am getting. How do I go from here? Is that error effects anything or I can just ignore it?

Another question, does it make sense that I got higher speeds from Wireguard on AC86U vs AX86U? Or my testing is wrong.
 

Attachments

  • 6BC7D7DF-B54E-4908-A87C-B50749F21632.jpeg
    6BC7D7DF-B54E-4908-A87C-B50749F21632.jpeg
    69.3 KB · Views: 125
  • 6A25FD4C-5B67-4045-8399-94F8535A1882.jpeg
    6A25FD4C-5B67-4045-8399-94F8535A1882.jpeg
    39 KB · Views: 133
Well, you could always follow my link above to issue the commands from the shell to add the columns in your existing database...

//Zeb
Tried your method. I get that. Thanks
 

Attachments

  • FEB1405B-2863-415C-B7A4-D15DF0183564.jpeg
    FEB1405B-2863-415C-B7A4-D15DF0183564.jpeg
    38.8 KB · Views: 109
I'm not sure I understand. I'm gonna assume you mean TO a remote ip, ie:
Code:
E:Option ==> peer wg11 rule add vpn dst=8.8.8.8 comment GoogleDnsViaWg11

By the way, you error is because your wireguard.db is lacking columns since it was created in an earlier version of wgm. Make sure the latest dev version is creating the new .db and not copy your old one. Only backup and replace your original .conf files (the ones you got from your wg isp).

//Zeb
Zeb, why Destination shows "Any" after entering the command for google only?


E:Option ==> peer wg11 rule add vpn dst=8.8.8.8 comment GoogleDnsViaWg11

[✔] Updated RPDB Selective Routing rule for wg11


Peers (Auto=P - Policy, Auto=X - External i.e. Cell/Mobile)

Client Auto IP Endpoint DNS MTU Public Private Annotate
wg11 N 10.5.0.2/16 31.168.98.72:51820 1.0.0.1

Selective Routing RPDB rules
ID Peer Interface Source Destination Description
1 wg11 VPN Any Any GoogleDnsViaWg11


WireGuard ACTIVE Peer Status: Clients 0, Servers 0
 
Tried your method. I get that. Thanks
Sorry, was to fast in my assumptions and didn't read your initial text. Looks like you have the correct columns. But wgm is not supplying all data.
Are you sure you are running latest dev version of wgm?
Starting over with a fresh database as @Martineau suggest is probably the best way.

The error will only affect statistic calculation and not the operation in general. Think you can leave it there.

//Zeb
 
Zeb, why Destination shows "Any" after entering the command for google only?


E:Option ==> peer wg11 rule add vpn dst=8.8.8.8 comment GoogleDnsViaWg11

[✔] Updated RPDB Selective Routing rule for wg11


Peers (Auto=P - Policy, Auto=X - External i.e. Cell/Mobile)

Client Auto IP Endpoint DNS MTU Public Private Annotate
wg11 N 10.5.0.2/16 31.168.98.72:51820 1.0.0.1

Selective Routing RPDB rules
ID Peer Interface Source Destination Description
1 wg11 VPN Any Any GoogleDnsViaWg11


WireGuard ACTIVE Peer Status: Clients 0, Servers 0
It shouldn't, something went wrong with the rule, you should delete it
Code:
E:Option ==> peer wg11 rule del 1
You could try other ways to enter the rule:
Code:
E:Option ==> peer wg11 rule add vpn 8.8.8.8 comment GoogleDnsViaWg11
#or
E:Option ==> peer wg11 rule add vpn 0.0.0.0/0 8.8.8.8/0 comment GoogleDnsViaWg11

Check how the rule looks as before and delete it again if it's not satisfactory.

//Zeb
 
Zeb, why Destination shows "Any" after entering the command for google only?


E:Option ==> peer wg11 rule add vpn dst=8.8.8.8 comment GoogleDnsViaWg11

[✔] Updated RPDB Selective Routing rule for wg11


Peers (Auto=P - Policy, Auto=X - External i.e. Cell/Mobile)

Client Auto IP Endpoint DNS MTU Public Private Annotate
wg11 N 10.5.0.2/16 31.168.98.72:51820 1.0.0.1

Selective Routing RPDB rules
ID Peer Interface Source Destination Description
1 wg11 VPN Any Any GoogleDnsViaWg11


WireGuard ACTIVE Peer Status: Clients 0, Servers 0
Looks like explicitly specifiying dst= (when clearly there is no possible ambiguity i.e. 8.8.8.8 is not a LAN IP/Subnet and 'vpn' is specified)
Code:
E:Option ==> peer wg12 rule add vpn dst=8.8.8.8 comment Google DNS via wg12
is a bug :oops: and generates dst=Any:rolleyes:


However, the original shorthand works
Code:
E:Option ==> peer wg12 rule add vpn 8.8.8.8 comment Google DNS via wg12

    [✔] Updated RPDB Selective Routing rule for wg12


    Peers (Auto=P - Policy, Auto=X - External i.e. Cell/Mobile)

Client  Auto  IP               Endpoint              DNS             MTU  Public                                        Private                                       Annotate
wg12    P     10.62.46.32/32  209.58.188.180:51820  193.138.218.74       0SAvR1RHoF/pev2L2KLUj++H9AiLwnh9GHBMiB5F/gM=  e+xLdD40oz/v7TG08t3VjolrCel/DY3Y+4BTEdRJSlo=  # Mullvad China, Hong Kong

    Selective Routing RPDB rules
ID  Peer  Interface  Source  Destination  Description
2   wg12  VPN        Any     8.8.8.8      Google DNS via wg12

IPSet    Enable  Peer  FWMark  DST/SRC
Netflix  Y       wg12  0x2000  dst

So it isn't necessary to specify src= or dst= unless you are supplying both IPs or subnets and need to override the default implied src first and dst second parameter order, but I'll include a fix/patch for the next release.
 
Last edited:
Another question, does it make sense that I got higher speeds from Wireguard on AC86U vs AX86U? Or my testing is wrong.
This thread reported a performance issue
so back in May 2021, a patch was applied to wireguard_manager on the Github dev branch.......


Not sure if it is still relevant/warranted or should now be backed-out as the RT-AX86U kernel seemingly controls it anyway?
 
Last edited:
wonder what it would take to compile this ourselves? looking at @Odkrys github page it looks like instructions on how to compile this, perhaps he wishes someone to take over the compilation process?

it looks like he points to the source of packages here:
wireguard-linux-compat - WireGuard kernel module backport for Linux 3.10 - 5.5 (zx2c4.com)

latest release is: 2021-06-06
could it be compiled on my router (AC86) or desktop (dont have any linux desktop)? I have not compiled anything for many years now and especially not embedded so I dont know if I have what it takes. or are there some better than me to attempt this??

//Zeb
Manually copied your new RT-AC86U kernel module.....
Code:
mv /jffs/addons/wireguard/wireguard-kernel_1.0.20210219-k27_1_aarch64-3.10.ipk /jffs/addons/wireguard/wireguard-kernel_1.0.20210219-k27_1_aarch64-3.10.ipkZ

cp /tmp/wireguard-kernel_1.0.20210606-ac_aarch64-3.10.ipk /jffs/addons/wireguard/wireguard-kernel_1.0.20210606-ac_aarch64-3.10.ipk
then used wireguard_manager to implement
Code:
e  = Exit Script [?]

E:Option ==> loadmod

    Loading WireGuard Kernel module and Userspace Tool for RT-AC86U (v386.4)
Upgrading wireguard-kernel on root from 1.0.20210219-k27_1 to 1.0.20210606-ac...
Configuring wireguard-kernel.
Package wireguard-tools (1.0.20210315-1) installed in root is up to date.
    wireguard: WireGuard 1.0.20210219 loaded. See www.wireguard.com for information.
    wireguard: Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.


    WireGuard ACTIVE Peer Status: Clients 1, Servers 1
Rebooted, then checked Syslog...
Code:
May  5 06:05:26 Entware: Starting Entware services on /tmp/mnt/RT-AC86U
May  5 06:05:26 admin: Started syslog-ng from /jffs/scripts/post-mount.
May  5 06:05:26 S02haveged: Starting Haveged entropy /opt/etc/init.d/S02haveged
May  5 06:05:26 S61unbound: Waiting for NTP to sync before starting Unbound...
Oct 11 15:05:10 avahi-daemon[1794]: Files changed, reloading.
Oct 11 15:05:10 avahi-daemon[1794]: Loading service file /tmp/avahi/services/mt-daap.service.
Oct 11 15:05:11 avahi-daemon[1794]: Got SIGTERM, quitting.
Oct 11 15:05:11 avahi-daemon[1794]: Leaving mDNS multicast group on interface br0.IPv4 with address 192.168.1.1.
Oct 11 15:05:11 avahi-daemon[1794]: Leaving mDNS multicast group on interface lo.IPv4 with address 127.0.1.1.
Oct 11 15:05:11 avahi-daemon[1794]: avahi-daemon 0.7 exiting.
Oct 11 15:05:11 kernel: ip_set: protocol 6
Oct 11 15:05:11 kernel: wireguard: WireGuard 1.0.20210606 loaded. See www.wireguard.com for information.
Oct 11 15:05:11 kernel: wireguard: Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
As my wg12 is currently a Geo location Policy client, switched my laptop....
Code:
e  = Exit Script [?]

E:Option ==> livin wg12 192.168.1.38
then checked which Geo location was now reported (all correct as expected), then reverted back
Code:
e  = Exit Script [?]

E:Option ==> livin @home 192.168.1.38

    [✔] Welcome home Sir!!!
Looks good! - thanks for your efforts/assistance, but it might be prudent to let this run for a while to see if either of us observe/detect any showstoppers.

P.S. When you are ready, if you host the file on your Github, I can then use this latest RT-AC86U kernel module (as apparently ASUS are only currently supporting Wireguard in RC3 for AX models?) for future installs. :rolleyes:
 
Last edited:
Manually copied your new RT-AC86U kernel module.....
Code:
mv /jffs/addons/wireguard/wireguard-kernel_1.0.20210219-k27_1_aarch64-3.10.ipk /jffs/addons/wireguard/wireguard-kernel_1.0.20210219-k27_1_aarch64-3.10.ipkZ

cp /tmp/wireguard-kernel_1.0.20210606-ac_aarch64-3.10.ipk /jffs/addons/wireguard/wireguard-kernel_1.0.20210606-ac_aarch64-3.10.ipk
then used wireguard_manager to implement
Code:
e  = Exit Script [?]

E:Option ==> loadmod

    Loading WireGuard Kernel module and Userspace Tool for RT-AC86U (v386.4)
Upgrading wireguard-kernel on root from 1.0.20210219-k27_1 to 1.0.20210606-ac...
Configuring wireguard-kernel.
Package wireguard-tools (1.0.20210315-1) installed in root is up to date.
    wireguard: WireGuard 1.0.20210219 loaded. See www.wireguard.com for information.
    wireguard: Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.


    WireGuard ACTIVE Peer Status: Clients 1, Servers 1
Rebooted, then checked Syslog...
Code:
Oct 11 15:05:11 kernel: ip_set: protocol 6
Oct 11 15:05:11 kernel: wireguard: WireGuard 1.0.20210606 loaded. See www.wireguard.com for information.
Oct 11 15:05:11 kernel: wireguard: Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
As my wg12 is currently a Geo location Policy client, switched my laptop....
Code:
e  = Exit Script [?]

E:Option ==> livin wg12 192.168.1.38
then checked which Geo location was now reported (all correct as expected), then reverted back
Code:
e  = Exit Script [?]

E:Option ==> livin @home 192.168.1.38

    [✔] Welcome home Sir!!!
Looks good! - thanks for your efforts/assistance, but it might be prudent to let this run for a while to see if either of us observe/detect any showstoppers.

P.S. When you are ready, if you host the file on your Github, I can then use this latest RT-AC86U kernel module (as apparently ASUS are only currently supporting Wireguard in RC3 for AX models?) for future installs. :rolleyes:
Wow, cool!

Will try to install tonight hopefully.

Just need to figure out how github works and how to commit files. Guessing compiling the kernel module was the easy part ;-)

Thanks for the initial test, so I dare install it on my router with minimal risk of being kicked out on the street.

//Zeb

Edit: Will look into the userspace tools as well when I have time but it feels less critical.
 
Last edited:

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Top