Wireguard Session Manager - Discussion (3rd) thread

[ZebMcKayhan]

FW 386.5_2
View attachment 41884

No changes to DNS filter in GUI.




View attachment 41888

looks ok... iptables confirmes catching DNS packages and sending them to WGDNS1 Chain... but I'm missing the output of:

iptables -nvL WGDNS1 -t nat

to see which packages gets redirected where in the WGDNS1 chain.

 

[DreaZ]

looks ok... iptables confirmes catching DNS packages and sending them to WGDNS1 Chain... but I'm missing the output of:

iptables -nvL WGDNS1 -t nat

to see which packages gets redirected where in the WGDNS1 chain.

 

[ZebMcKayhan]

View attachment 41889

There's your problem. dont know why wgm does not populate the DNS rules in your system (@Martineau ?)

Perhaps wgm gets confused as you have 2 ipv4 DNS populated into wgm, but wgm can only redirect to one (did you get both from your import?). maybe try to change wg11 DNS to only your first one, then restart the peer and see if there is any difference?

E:Option ==> stop wg11
E:Option ==> peer wg11 dns=46.227.67.134
E:Option ==> start wg11

and see if the rules appears in WGDNS1 chain

 

[DreaZ]

There's your problem. dont know why wgm does not populate the DNS rules in your system (@Martineau ?)

Perhaps wgm gets confused as you have 2 ipv4 DNS populated into wgm, but wgm can only redirect to one (did you get both from your import?). maybe try to change wg11 DNS to only your first one, then restart the peer and see if there is any difference?

E:Option ==> stop wg11
E:Option ==> peer wg11 dns=46.227.67.134
E:Option ==> start wg11

and see if the rules appears in WGDNS1 chain

Got both from import.

E:Option ==> stop wg11
E:Option ==> peer wg11 dns=46.227.67.134
E:Option ==> start wg11

Makes no difference.

 

[ZebMcKayhan]

Got both from import.

E:Option ==> stop wg11
E:Option ==> peer wg11 dns=46.227.67.134
E:Option ==> start wg11

Makes no difference.

crap... then I have no idea, think that @Martineau will need to look at your output to figure out why wgm does not populate your WGDNS1 rules. meanwhile, could you post the output of:

E:Option ==> stop wg11
E:Option ==> start wg11 debug

and remove any sensitive information (private keys, public ip's a.s.o.) so we can check for any signs of this.

 

[Martineau]

View attachment 41889

You will need to provide a FULL debug trace for wg11

e.g. Ensure wg11 is stopped, then assuming wg11 is not in Policy mode (auto=Y) issue

sh -x /jffs/addons/wireguard/wg_client wg11

otherwise if (auto=P) use

sh -x /jffs/addons/wireguard/wg_client wg11 policy

There should be no Public/Private keys included in the output so you can safely send the resulting output to me via PM.

 

[Martineau]

@RMerlin's

Addons API

Third party firmware for Asus routers (newer codebase) - RMerl/asuswrt-merlin.ng

github.com

states:

'If you need more complex values (like strings with carriage returns), it's recommended to use base64 encoding,'​

So I've successfully passed a Base64 encoded string back to my WireGuard® Manager Client WebUI....using

am_settings_set wgm_ExecuteResults xxxxxxxxxxxxxxxx

but could someone please kindly provide the .method to decode the Base64 string in my .asp code.

 

[RMerlin]

but could someone please kindly provide the .method to decode the Base64 string in my .asp code.

How To Encode and Decode Strings with Base64 in JavaScript | DigitalOcean

Learn how to use JavaScript’s btoa() and atob() to convert strings from binary data to ASCII and vice versa.

www.digitalocean.com

 

[Martineau]

How To Encode and Decode Strings with Base64 in JavaScript | DigitalOcean

Learn how to use JavaScript’s btoa() and atob() to convert strings from binary data to ASCII and vice versa.

www.digitalocean.com

Thanks

 

[Martineau]

View attachment 41889

Thanks for the debug trace, and it shows you are currently running wg_client

+ VERSION=v4.16.19

+ CONFIG_DIR=/opt/etc/wireguard.d/
+ INSTALL_DIR=/jffs/addons/wireguard/
+ SQL_DATABASE=/opt/etc/wireguard.d/WireGuard.db
+ nvram get buildno

To be honest it's weird - not sure why it should silently fail.

However, can you please update to the latest wg_manager Beta v4.17b8 Last Updated Date: 08-Jun-2022

e  = Exit Script [?]

E:Option ==> uf dev

This should update wg_client Last Updated Date: 22-May-2022

VERSION="v4.17.6"

then please test

wgm stop wg11;wgm start wg11;iptables --line -t nat -nvL WGDNS1

 

[RMerlin]

Thanks

There's also a base64.js within the firmware webui, tho nothing is currently using it, so it may disappear in the future.

 

[unrealliving]

Hello everybody, I own GT-AX11000 and I want to use WireGuard. I tried to install from amtm but get some error. But Still amtm is showing that I installed it. What are other simple steps to use it? Should i see somewhere web'ui to manage it? I have a VPN provider, which supports WG and I can get that file, but where to add it and how? My plans is to use WG with VPNdirector rules, so is it possible or no?
Thanks

 

[ZebMcKayhan]

Hello everybody, I own GT-AX11000 and I want to use WireGuard. I tried to install from amtm but get some error. But Still amtm is showing that I installed it. What are other simple steps to use it? Should i see somewhere web'ui to manage it? I have a VPN provider, which supports WG and I can get that file, but where to add it and how? My plans is to use WG with VPNdirector rules, so is it possible or no?
Thanks

Looks like there were some problem with wgm loading your wireguard kernel module possibly. Wgm seems to install fine but were not able to setup the wg21 Wireguard server. What firmware are you on? You could still use wgm but chances are you will get the same error when trying to start your imported client.

There is a guide for importing client files and setting it up to autostart, create rules and so on here:
https://github.com/ZebMcKayhan/WireguardManager#setup-wgm
Scroll up for clickable table-of-content to easier find what you are looking for.

No Wireguard GUI has been released yet, but there is an option to duplicate the VPNdirector rules into wgm (menu item 12) if you find that easier then just enter the rules in the wgm menu.

 

[unrealliving]

Looks like there were some problem with wgm loading your wireguard kernel module possibly. Wgm seems to install fine but were not able to setup the wg21 Wireguard server. What firmware are you on?

There is a guide for importing client files and setting it up to autostart, create rules and so on here:
https://github.com/ZebMcKayhan/WireguardManager#setup-wgm
Scroll up for clickable table-of-content to easier find what you are looking for.

No Wireguard GUI has been released yet, but there is an option to duplicate the VPNdirector rules into wgm (menu item 12) if you find that easier then just enter the rules in the wgm menu.

I am running Merlin 386.5_2. Thanks for the web link, I bookmarked it, but it seems a lot to do to get it working. Maybe it is better to wait when more developed release outs...

 

[ZebMcKayhan]

I am running Merlin 386.5_2. Thanks for the web link, I bookmarked it, but it seems a lot to do to get it working. Maybe it is better to wait when more developed release outs...

Not really, just import you config file:

import MyVPNConfig.conf

then create a rule for i.e a computer to use vpn:

peer wg11 rule add vpn 192.168.1.30 comment MyComputer

then set your peer to autostart in policy mode:

peer wg11 auto=P

Thats it! Not really that complicated, but your choice.

 

[Martineau]

No Wireguard GUI has been released yet,

Well OK.....

I've uploaded wg_manager Beta v4.17b9

Use at your own RISK!!!

Not all features are available, it is simply a proof of concept as the GUI front-end to wg_manager.

All defined buttons should work, except the Dummy SAVE Button and the red 'client' Peer Delete button (see below)

NOTE: Advanced users; be aware that if a command is entered that requires a reply prompt e.g. Peer delete request, then you will have zombie wg_manager.sh processes lurking
(Use killall wg_manager.sh to get out of trouble)

To install the Beta WebUI TAB use

e  = Exit Script [?]

E:Option ==> uf dev

then repeat to physically download 'wg_manager.asp' that is now included in the v4.17b9 wg_manager.sh update

e  = Exit Script [?]

E:Option ==> uf dev

To install the WebUI issue

e  = Exit Script [?]

E:Option ==> www mount

Hopefully the WireGuard® Manager ADDon Tab will now be present.

To permanently install the WebUI (i.e. survives a reboot), then update the configuration to set the 'WEBUI' directive

e  = Exit Script [?]

E:Option ==> createconfig

To remove the WebUI

e  = Exit Script [?]

E:Option ==> www unmount

and comment/delete the 'WEBUI' directive from the configuration.

My HTML/Javascript programming skills are rubbish as shown by the coyote-ugly coding and GUI visual layout..

There are a couple of minor flaws that that I need to immediately address....or perhaps someone can point out my errors...

1. Seemingly attempting to show a 'client' other than wg11 fails as the selection of the 'client' Peer index doesn't update.

2. The scrollable text box which shows the results of the command sent to script wg_manager.sh sometimes doesn't immediately refresh - simply keep pressing the Refresh Results button after a couple seconds and the timestamp shown in the results window should now be displayed as expected.

2a. The scollable text box can truncate lengthy resulting output. Might be a limitation of the am_settings_set API although I think I observed the truncation with the Javacript method 'stolen' from @juched's Adblock script .

It is a work in progress, so be gentle!.

 

[ZebMcKayhan]

Well OK.....

I've uploaded wg_manager Beta v4.17b9

Use at your own RISK!!!

Not all features are available, it is simply a proof of concept as the GUI front-end to wg_manager.

All defined buttons should work, except the Dummy SAVE Button and the red 'client' Peer Delete button (see below)

NOTE: Advanced users; be aware that if a command is entered that requires a reply prompt e.g. Peer delete request, then you will have zombie wg_manager.sh processes lurking
(Use killall wg_manager.sh to get out of trouble)

To install the Beta WebUI TAB use

e  = Exit Script [?]

E:Option ==> uf dev

then repeat to physically download 'wg_manager.asp' that is now included in the v4.17b9 wg_manager.sh update

e  = Exit Script [?]

E:Option ==> uf dev

To install the WebUI issue

e  = Exit Script [?]

E:Option ==> www mount

Hopefully the WireGuard® Manager ADDon Tab will now be present.

View attachment 41978

To permanently install the WebUI (i.e. survives a reboot), then update the configuration to set the 'WEBUI' directive

e  = Exit Script [?]

E:Option ==> createconfig

To remove the WebUI

e  = Exit Script [?]

E:Option ==> www unmount

and comment/delete the 'WEBUI' directive from the configuration.

My HTML/Javascript programming skills are rubbish as shown by the coyote-ugly coding and GUI visual layout..

There are a couple of minor flaws that that I need to immediately address....or perhaps someone can point out my errors...

1. Seemingly attempting to show a 'client' other than wg11 fails as the selection of the 'client' Peer index doesn't update.

2. The scrollable text box which shows the results of the command sent to script wg_manager.sh sometimes doesn't immediately refresh - simply keep pressing the Refresh Results button after a couple seconds and the timestamp shown in the results window should now be displayed as expected.

2a. The scollable text box can truncate lengthy resulting output. Might be a limitation of the am_settings_set API although I think I observed the truncation with the Javacript method 'stolen' from @juched's Adblock script .

It is a work in progress, so be gentle!.

Cool! This is really great! Super job!

Tried it out and the gui mounts correctly under the addons tab.

However, I cant seem to send any commands to wgm, whatever I try I only get, ie:

***ERROR Unrecognised command line command via WebUI: 'peer wg11'...ignored

Perhaps only some commands implemented?

peer wg11 info is displayed first after restart of the peers, not unexpected. Guess you store away the info needed upon start.

The config part display all disabled even though I have Entware modules enabled. Maybee not finalized yet.

Some food for thought for the future:
1) import would Ideally open file location from your device same as when we upgrade firmware. Perhaps this is really difficult, I dunno.
2) if the plan is that the user should use VPNDirector to create rules, then maybe there should be a Button for it in the gui?
3) support to edit the peer info such as dns a.s.o. perhaps all should be editeable which would ease the process of setting up a server in the future, then a future create button could simply splash a typical server then the user could change as he/she wants.

Don't know if any of above makes sense to you or wheither it easy/hard to do. Feel free to disregard if you like.

 

[Martineau]

Cool! This is really great! Super job!

Tried it out and the gui mounts correctly under the addons tab.

However, I cant seem to send any commands to wgm, whatever I try I only get, ie:

***ERROR Unrecognised command line command via WebUI: 'peer wg11'...ignored

Perhaps only some commands implemented?

Correct,

I naively assumed I would just simply write the GUI to pass the command string to the script,...but it's not that simple.

Command wgm peer xxxxx has never been allowed; you would always be silently presented with the menu! as would wgm clearly, wot a waste of time and effort !

However,peer import xxxxxx has been implemented in GUI so most users should be able to get a basic wg11 configured and running via the GUI, although they can't yet set auto=y/auto=p etc.

peer wg11 info is displayed first after restart of the peers, not unexpected. Guess you store away the info needed upon start.

Yes most would only have one 'client' Peer and would probably expect everything to be routed via wg11 by default?

The config part display all disabled even though I have Entware modules enabled. Maybee not finalized yet.

Correct

Some food for thought for the future:
1) import would Ideally open file location from your device same as when we upgrade firmware. Perhaps this is really difficult, I dunno.

Yup

2) if the plan is that the user should use VPNDirector to create rules, then maybe there should be a Button for it in the gui?

I am slowly working thru' the necessary mods to implement the missing features...but VPN Director support is now available (but custom re-mapping/filtering isn't implemented yet) in wg_manager Beta v4.17bA/ wg_manager.asp EXPERIMENTAL Beta v0,04

To upgrade

e  = Exit Script [?]

E:Option ==> uf dev

then to refresh the ADDON TAB with the new version

e  = Exit Script [?]

E:Option ==> www unmount

e  = Exit Script [?]

E:Option ==> www mount

then select another ADDON TAB, then re-enter the WebUI

3) support to edit the peer info such as dns a.s.o. perhaps all should be editeable which would ease the process of setting up a server in the future, then a future

Well given the main button is titled Dummy SAVE Button surely this might give you a clue why I've deliberately made the wg11 Configuration fields read-only?

Don't know if any of above makes sense to you or wheither it easy/hard to do. Feel free to disregard if you like.

I will indeed - but thanks for the kinda harsh feed-back for an already stated proof of concept/work-in-progress.

 

[ZebMcKayhan]

Command wgm peer xxxxx has never been allowed; you would always be silently presented with the menu! as would wgm clearly, wot a waste of time and effort !

Well, I know a wgm addon that does this quite nicely ;-)

Well given the main button is titled Dummy SAVE Button surely this might give you a clue why I've deliberately made the wg11 Configuration fields read-only?

Yea, I didn't get that, sorry. Maybe because the dummy save button is under configuration options.

I am slowly working thru' the necessary mods to implement the missing features...but VPN Director support is now available (but custom re-mapping/filtering isn't implemented yet) in wg_manager Beta v4.17bA/ wg_manager.aspEXPERIMENTAL Beta v0,04

I might sit this one out as I have never used VPNDirector and my setup is kind-of mission-critical (if I value my life that is).

thanks for the kinda harsh feed-back for an already stated proof of concept/work-in-progress.

It was never my intention of being harsh, just trying to support. well I just leave you to it instead.

 

[JGrana]

Well OK.....

I've uploaded wg_manager Beta v4.17b9

Use at your own RISK!!!

Not all features are available, it is simply a proof of concept as the GUI front-end to wg_manager.

All defined buttons should work, except the Dummy SAVE Button and the red 'client' Peer Delete button (see below)

NOTE: Advanced users; be aware that if a command is entered that requires a reply prompt e.g. Peer delete request, then you will have zombie wg_manager.sh processes lurking
(Use killall wg_manager.sh to get out of trouble)



2a. The scollable text box can truncate lengthy resulting output. Might be a limitation of the am_settings_set API although I think I observed the truncation with the Javacript method 'stolen' from @juched's Adblock script .

It is a work in progress, so be gentle!.

Nice work so far! I have installed on my AX88U and (for now) am just trying the Diagnostic commands. My site-to-site is very stable so I won’t mess too much with settings at this point.

Looks great so far - maybe Asus should “borrow” this code ;-)

@ZebMcKayhan , your github setup guide is going to grow in size!