Wireguard Session Manager - Discussion thread (CLOSED/EXPIRED Oct 2021 use http://www.snbforums.com/threads/session-manager-discussion-2nd-thread.75129/)
- Thread starter Martineau
- Start date
Martineau
Part of the Furniture
I don't use diversion, but the default DNS 1.1.1.1
should be changed manually in the WireGuard config on the iPhone.EDIT: Hotfix
Update wg_manager.sh · MartineauUK/wireguard@fdd2b4c
Fix DNS 1.1.1.1 is hardcoded for Road-Warrior Peer .conf, use router's 'nvram wan0_dns' unless user specifies the DNS when creating the Peer .confgithub.com
To update use
Code:
e = Exit Script [?]
E:Option ==> u
Code:
E:Option ==> ?
v3.04 WireGuard Session Manager (Change Log: https://github.com/MartineauUK/wireguard/commits/main/wg_manager.sh)
MD5=b074e6ebed695f34cdd4203bc4ac29ed /jffs/addons/wireguard/wg_manager.sh
Last edited:
D
Deleted member 62525
Guest
I am currently running wireguard in Ubuntu vm on my Mac as a test. I suppose after reading all messages here that I can re-use my current Ubuntu /etc/wireguard/w0.conf only rename it to w11.cong. I have a question about the DNS and policy routing for the clients. I use Unbound DNS on my AC86U as primary DNS - dnsmasq is disabled. Do I need to add DNS entry in the new wg11.conf under [Interface] section and point it to my router default IP?
As for the policy routing, I can modify current [Peer] AllowedIPs and change it to 192.168.50.2/27as an example.
Am I correct with these points?
As for the policy routing, I can modify current [Peer] AllowedIPs and change it to 192.168.50.2/27as an example.
Am I correct with these points?
Yes, expect it to work
. There are 2 parts to it:1. Modify the sample /opt/etc/wireguard.d/wg11.conf with your information based on the provider's configuration - make sure to leave the commented lines as they are -.
2. At the WireGuard Manager menu prompt type vx - that will open /jffs/addons/wireguard/WireguardVPN.conf in the editor (nano).
Make your changes as appropriate on the wg11 line and use P for policy mode and use your provider's DNS or your Unbound internal IP DNS. Then on the rp11 line add
Code:
<Internal_Range>192.168.50.2/27>>VPN
Code:
E:Option ==> 4 wg11
Code:
E:Option ==> 3
D
Deleted member 62525
Guest
Thanks for the information and details. Appreciate it.Yes, expect it to work
1. Modify the sample /opt/etc/wireguard.d/wg11.conf with your information based on the provider's configuration - make sure to leave the commented lines as they are -.
2. At the WireGuard Manager menu prompt type vx - that will open /jffs/addons/wireguard/WireguardVPN.conf in the editor (nano).
Make your changes as appropriate on the wg11 line and use P for policy mode and use your provider's DNS or your Unbound internal IP DNS. Then on the rp11 line addPres F3 to save, F2 to exit the editor. ThenCode:<Internal_Range>192.168.50.2/27>>VPNto start the client peer. Once started you can check the status withCode:E:Option ==> 4 wg11If you see lively figures as received / sent you're in.Code:E:Option ==> 3
heysoundude
Part of the Furniture
Now that a bunch of people are onboard with this and using it, I'm curious if anyone has looked to see just how resource-intensive this is on their router.
Does it require the use of a swap on the entware drive to keep RAM on ac86u's happy? Or am I overthinking things?
I've only a 50/10 DSL service to my router - does a client connecting to wireguard server on my router have the potential to saturate the upload so that everything on my LAN is slowed down, or will my QoS (cake) keep everything humming along, both at home and remotely?
psychologically I'm ready to push the go-button on installing this, but I don't want any troubles from (at) home when I'm connected remotely
Does it require the use of a swap on the entware drive to keep RAM on ac86u's happy? Or am I overthinking things?
I've only a 50/10 DSL service to my router - does a client connecting to wireguard server on my router have the potential to saturate the upload so that everything on my LAN is slowed down, or will my QoS (cake) keep everything humming along, both at home and remotely?
psychologically I'm ready to push the go-button on installing this, but I don't want any troubles from (at) home when I'm connected remotely
I'm inclined to say yes, but I'll give you some pointers and let you come up with the final answer...
On the AX86U I'm working with I see little if any resource-intensiveness I could attribute to the WireGuard client and host. The swap file which is there because Skynet insists upon it has never been used while running WireGuard and/or any other workload, scripts etc. At all... There is though more memory and CPUs (double) on the AX86U than on AC86U and that makes a difference. Everything else, as in use cases, network configuration etc. is the other part of the difference.
As for the upload saturation potential - that's real, but in Cake and FlexQoS you have 2 solid options to mitigate that (not what goes through the tunnel though). I don't use QoS and don't have any resource intensive requirements while remote so I can't speak to that.
The WireGuard session manager (while still work in progress) is quite easy to install, configure and removes itself well. So, give it a try and let us know what the final answer is.
heysoundude
Part of the Furniture
Right, double the processors and double the RAM in the AX over the AC 86...
Thank you. I'm leaning towards waiting for 386.2 with cake built-in, but I think I'll sleep on your recommendation and make a decision in the morning. Weekends are much easier to fool with these sorts of things without major disruptions to network users.
(If there's one good thing about Covid for me, it's how much I've learned about networking. It used to be a bit of black magic, now it's just magic, and I can wave my wand tentatively)
Will Diversion and Skynet still work when using WG?
Edit:
Wireguard Manager won't install:
I'm on 386.2_beta1
What can I do?
Edit:
Wireguard Manager won't install:
I'm on 386.2_beta1
Code:
ASUSWRT-Merlin RT-AC86U 386.2_beta1 Wed Mar 10 16:45:39 UTC 2021
admin@RT-AC86U-9AD0:/tmp/home/root# curl --retry 3 "https://raw.githubusercontent.com/MartineauUK/wireguard/main/wg_manager.sh" --create-dirs -o "/jffs/addons/wireguard/wg_manager.sh" && chmod 755 "/jffs/addons/wireguard/wg_manager.sh" &
& /jffs/addons/wireguard/wg_manager.sh install
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 107k 100 107k 0 0 212k 0 --:--:-- --:--:-- --:--:-- 235k
+======================================================================+
| Welcome to the WireGuard Manager/Installer script (Asuswrt-Merlin) |
| |
| Version v3.04 by Martineau |
| |
| Requirements: USB drive with Entware installed |
| |
| 1 = Install WireGuard |
| o1. Enable nat-start protection for Firewall rules |
| o2. Enable DNS |
| |
| |
+======================================================================+
WireGuard ACTIVE Peer Status: Clients 0, Servers 0
1 = Begin WireGuard Installation Process
e = Exit Script [?]
E:Option ==> 1
Installing WireGuard Manager - Router RT-AC86U (v386.2)
Downloading scripts
wg_client downloaded successfully
wg_server downloaded successfully
Package column (2.36-2) installed in root is up to date.
Downloading Wireguard Kernel module for RT-AC86U (v386.2)
Downloading WireGuard Kernel module 'wireguard-kernel_1.0.20210219-k27_aarch64-3.10.ipk' for RT-AC86U (v386.2)...
###################################################################################################################################################################################################################################### 100.0%
Downloading WireGuard User space Tool 'wireguard-tools_1.0.20210223-1_aarch64-3.10.ipk' for RT-AC86U (v386.2)
###################################################################################################################################################################################################################################### 100.0%
Loading WireGuard Kernel module and Userspace Tool for RT-AC86U (v386.2)
Unknown package 'wireguard-kernel'.
Collected errors:
* pkg_hash_fetch_best_installation_candidate: Packages for wireguard-kernel found, but incompatible with the architectures configured
* opkg_install_cmd: Cannot install package wireguard-kernel.
Unknown package 'wireguard-tools'.
Collected errors:
* pkg_hash_fetch_best_installation_candidate: Packages for wireguard-tools found, but incompatible with the architectures configured
* opkg_install_cmd: Cannot install package wireguard-tools.
Creating WireGuard configuration file '/jffs/addons/wireguard/WireguardVPN.conf'
Creating WireGuard 'Client' and 'Server' Peer templates 'wg11.conf' and wg21.conf'
Creating WireGuard Private/Public key-pairs for RT-AC86U (v386.2)
***ERROR: WireGuard install FAILED!
nat-start updated to protect WireGuard firewall rules
Added 'wg*' interfaces to DNSMasq
Done.
Creating 'wg_manager' alias for 'wg_manager.sh'
Adding Peer Auto-start @BOOT
Installing QR rendering module
Package qrencode (4.1.1-1) installed in root is up to date.
/jffs/addons/wireguard/wg_manager.sh: line 2470: wg: not found
Creating Wireguard Private/Public key pair for device 'iPhone'
/jffs/addons/wireguard/wg_manager.sh: line 2470: wg: not found
/jffs/addons/wireguard/wg_manager.sh: line 2470: wg: not found
Device 'iPhone' Public key=
cat: can't open '/opt/etc/wireguard.d/wg21_public.key': No such file or directory
Using Public key for 'server' Peer 'wg21'
Warning: No DDNS is configured!
Press y to use the current WAN IP or enter DDNS name or press [Enter] to SKIP.What can I do?
Last edited:
@Martineau: could you please publish a changelog of the dev branch. A lot has changed in v 4.01b2 ...
WireguardVPN.conf:
# RPDB Selection Routing rules same format as 'nvram get vpn_clientX_clientlist'
# <Desciption> Source IP / CIDR> [Target IP / CIDR]> WAN_or_VPN [...]
# WireGuard Session Manger v4.01
# Categories None =
# WAN KILL switch KILLSWITCH = N
# Statistics gathering STATS = Y
Where has the possibility of changing the IP addresses of the servers "gone?
Menu: 9 cl1_peer
# cl1_peer [Interface]
PrivateKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Address = .1 / 32 DNS = 9.9.9.9 1.1.1.2
I now have a lot of unanswered questions .....
WireguardVPN.conf:
# RPDB Selection Routing rules same format as 'nvram get vpn_clientX_clientlist'
# <Desciption> Source IP / CIDR> [Target IP / CIDR]> WAN_or_VPN [...]
# WireGuard Session Manger v4.01
# Categories None =
# WAN KILL switch KILLSWITCH = N
# Statistics gathering STATS = Y
Where has the possibility of changing the IP addresses of the servers "gone?
Menu: 9 cl1_peer
# cl1_peer [Interface]
PrivateKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Address = .1 / 32 DNS = 9.9.9.9 1.1.1.2
I now have a lot of unanswered questions .....
heysoundude
Part of the Furniture
It seems you need to set up DDNS, first off. I would guess that the script is looking for some indication that is not yet present because you may not have DDNS configured - this makes sense, because your end of the tunnel needs to be static, and DDNS makes it appear as such. If you don't do this, every time your ISP reassigns you an IP address, your WG server will "crash"
truthfully, though, you haven't given us enough details about your network setup to be able to help beyond this. sharing that will help people sort out why the install seems to have failed. in the meantime, you can get DDNS going for yourself
It looks like the install failed due to some compatibility issues with wireguard-kernel and wireguard-tools.
Try removing the install (option 2), then run:
Code:
opkg remove wireguard-kernel wireguard-toolsThe lack of a DDNS should not be an issue. The script checks for the existence of the DDNS and if not defined it will use the WAN IP.
Re-install from the 'main' branch.
I have Diversion and Skynet working - I use the router's internal IP as DNS for the client peer configuration.
Unfortunately, this didn't work:
Code:
ASUSWRT-Merlin RT-AC86U 386.2_beta1 Wed Mar 10 16:45:39 UTC 2021
admin@RT-AC86U-9AD0:/tmp/home/root# opkg remove wireguard-kernel wireguard-tools
No packages removed.
admin@RT-AC86U-9AD0:/tmp/home/root# curl --retry 3 "https://raw.githubusercontent.com/MartineauUK/wireguard/main/wg_manager.sh" --create-dirs -o "/jffs/addons/wireguard/wg_manager.sh" && chmod 755 "/jffs/addons/wireguard/wg_manager.sh" &
& /jffs/addons/wireguard/wg_manager.sh install
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 107k 100 107k 0 0 266k 0 --:--:-- --:--:-- --:--:-- 296k
+======================================================================+
| Welcome to the WireGuard Manager/Installer script (Asuswrt-Merlin) |
| |
| Version v3.04 by Martineau |
| |
| Requirements: USB drive with Entware installed |
| |
| 1 = Install WireGuard |
| o1. Enable nat-start protection for Firewall rules |
| o2. Enable DNS |
| |
| |
+======================================================================+
WireGuard ACTIVE Peer Status: Clients 0, Servers 0
1 = Begin WireGuard Installation Process
e = Exit Script [?]
E:Option ==> 1
Installing WireGuard Manager - Router RT-AC86U (v386.2)
Downloading scripts
wg_client downloaded successfully
wg_server downloaded successfully
Package column (2.36-2) installed in root is up to date.
Downloading Wireguard Kernel module for RT-AC86U (v386.2)
Downloading WireGuard Kernel module 'wireguard-kernel_1.0.20210219-k27_aarch64-3.10.ipk' for RT-AC86U (v386.2)...
###################################################################################################################################################################################################################################### 100.0%###################################################################################################################################################################################################################################### 100.0%
Downloading WireGuard User space Tool 'wireguard-tools_1.0.20210223-1_aarch64-3.10.ipk' for RT-AC86U (v386.2)
###################################################################################################################################################################################################################################### 100.0%###################################################################################################################################################################################################################################### 100.0%
Loading WireGuard Kernel module and Userspace Tool for RT-AC86U (v386.2)
Unknown package 'wireguard-kernel'.
Collected errors:
* pkg_hash_fetch_best_installation_candidate: Packages for wireguard-kernel found, but incompatible with the architectures configured
* opkg_install_cmd: Cannot install package wireguard-kernel.
Unknown package 'wireguard-tools'.
Collected errors:
* pkg_hash_fetch_best_installation_candidate: Packages for wireguard-tools found, but incompatible with the architectures configured
* opkg_install_cmd: Cannot install package wireguard-tools.
Creating WireGuard configuration file '/jffs/addons/wireguard/WireguardVPN.conf'
Creating WireGuard 'Client' and 'Server' Peer templates 'wg11.conf' and wg21.conf'
Creating WireGuard Private/Public key-pairs for RT-AC86U (v386.2)
***ERROR: WireGuard install FAILED!
nat-start updated to protect WireGuard firewall rules
Added 'wg*' interfaces to DNSMasq
Done.
Creating 'wg_manager' alias for 'wg_manager.sh'
Adding Peer Auto-start @BOOT
Installing QR rendering module
Package qrencode (4.1.1-1) installed in root is up to date.
/jffs/addons/wireguard/wg_manager.sh: line 2470: wg: not found
Creating Wireguard Private/Public key pair for device 'iPhone'
/jffs/addons/wireguard/wg_manager.sh: line 2470: wg: not found
/jffs/addons/wireguard/wg_manager.sh: line 2470: wg: not found
Device 'iPhone' Public key=
cat: can't open '/opt/etc/wireguard.d/wg21_public.key': No such file or directory
Using Public key for 'server' Peer 'wg21'
Warning: No DDNS is configured!
Press y to use the current WAN IP or enter DDNS name or press [Enter] to SKIP.Check /opt/etc/entware-release. The wireguard module requires Entware-aarch64.
Martineau
Part of the Furniture
Err,....it's an ALPHA development branch, so all sort of junk is there., so NO, there is no formal change log.
However, under
wg_manager Alpha v4.0 the text config file '/WireguardVPN.conf' has been reduced to
Code:
# WireGuard Session Manager v4.01
# Categories
None=
# WAN KILL-Switch
KILLSWITCH=N
# Statistics Gathering
STATS=Y"migrate command used during the install to assist in converting from v3.0 and also import command if needed.To create a new 'server' Peer you use the same
peer command as used in v3.0
Code:
peer new [ip=xxx.xxx.xxx.1/24] [port=nnnnn] [auto={y|n}]]e.g. a custom 'server' Peer...
Code:
[CODE]e = Exit Script [?]
E:Option ==> peer new wg27 ip=1.2.3.4 port=54321
*** Ensure Upstream router Port Foward entry for port:54321 ***
Press y to Create 'server' Peer (wg27) 1.2.3.4:54321 or press [Enter] to SKIP.
y
Creating WireGuard Private/Public key-pair for 'server' Peer wg27 on RT-AC86U (v386.2)
Press y to Start 'server' Peer (wg27) or press [Enter] to SKIP.
y
Requesting WireGuard VPN Peer start (wg27)
wireguard-server7: Initialising Wireguard VPN 'Server' Peer (wg27) on 10.88.8.1:54321 (# RT-AC86U Server 7)
wireguard-server7: Initialisation complete.
interface: wg13 103.231.88.18:51820 10.67.146.14/32,fc00:bbbb:bbbb:bb01::4:920d/128 "Mullvad France, Paris"
peer: D2ltFd7TbpYNq9PejAeGwlaJ2bEFLqOSYywdY9N5xCY=
latest handshake: 1 minute, 19 seconds ago
transfer: 4.80 KiB received, 265.20 KiB sent 0 Days, 00:23:32 from 2021-03-20 20:47:52 >>>>>>
interface: wg21 Port:51820 10.50.1.1/24 VPN Tunnel Network # RT-AC86U Server #1
peer: Sum4Y+e4l/8EpJUcVu9Y7s8D6biTiID3TllTVF9Mskc= 10.50.1.1/32 # SGS8 "Device"
latest handshake: 17 minutes, 3 seconds ago
transfer: 720 B received, 1.17 KiB sent 0 Days, 00:23:32 from 2021-03-20 20:47:53
peer: J0cEI4UoXVsK920nMViQGUky3Y/gbG9iFI2bG0JW2gk= 10.50.1.2/32 # iPhone "Device"
interface: wg22 Port:11502 10.50.2.1/24 VPN Tunnel Network # RT-AC86U Server 2
interface: wg27 Port:54321 1.2.3.0/24 VPN Tunnel Network # RT-AC86U Server 7
WireGuard ACTIVE Peer Status: Clients 1, Servers 3v4.0 has been rewritten to potentially allow monitoring of the connections
e.g. session duration and traffic per Peer
I have also decided to move the firewall rules into their own chain..
e.g.
Code:
Chain FORWARD (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT all -- eth0 * 0.0.0.0/0 224.0.0.0/4
2 200 31302 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
3 1182 105K WireGuard all -- * * 0.0.0.0/0 0.0.0.0/0 /* WireGuard */
4 0 0 other2wan all -- !br0 eth0 0.0.0.0/0 0.0.0.0/0
5 0 0 ACCEPT all -- br0 br0 0.0.0.0/0 0.0.0.0/0NOTE: It is an ALPHA so things may not work or may/will change before the formal Beta.
Last edited:
This in this file:
Code:
release=entware
arch=arm
cpu=cortex-a9
cpu_subtype=unknown
float=soft
gcc=8.4.0
gcc_flags=-O2 -pipe -mtune=cortex-a9 -fno-caller-saves -mfloat-abi=soft
libc=glibc
libc_version=2.23How do I install Entware on the USB drive?
Edit:
I managed to install Entware-aarch64 on my USB drive.
Last edited:
Hello Monsieur @Martineau
Thank you very much for this useful script, it works fine but I have 2 problems.
If you have 2 dns in your client configuration, the qr code import failed on wireguard Android client => so I delete the second dns ip and voila it works with qr scan import.
My second problem, after a router reboot my client still connects but nothing works, no internet, no access to local computers in my lan ...
Wireguard server is up and runnning, even if I stop it and restart it, nothing works and I can't find any log to help ..?
I have Diversion lite and Skynet running on amtm Asuswrt-Merlin 384.17
It seems like my wireguard server configuration can't survive a reboot?
Thank you very much for this useful script, it works fine but I have 2 problems.
If you have 2 dns in your client configuration, the qr code import failed on wireguard Android client => so I delete the second dns ip and voila it works with qr scan import.
My second problem, after a router reboot my client still connects but nothing works, no internet, no access to local computers in my lan ...
Wireguard server is up and runnning, even if I stop it and restart it, nothing works and I can't find any log to help ..?
I have Diversion lite and Skynet running on amtm Asuswrt-Merlin 384.17
It seems like my wireguard server configuration can't survive a reboot?
Last edited:
I managed to install wireguard manager. I want to use Cloudflare WARP (not WARP+) on my router.
I edited wg11.conf to this:
I also replaced the private key in the file wg11_private.key, the same with the public key in the file wg11_public.key (same keys as in wg11.conf)
Do I also need to edit WireguardVPN.conf besides "Y" at wg11? The rest of the wg11 line is cosmetic, correct?
I think, I do not need a server, so I put "N" at wg21.
I can ping 1.1.1.1 when wireguard vpn client wg11 is active, but I cannot resolve names.
At least I see some traffic: transfer: 17.20 KiB received, 48.46 KiB sent
To obtain the keys, I ran https://github.com/ViRb3/wgcf on my PC.
192.168.1.1. is my router
DNS Filter is set to "Router"
Under WAN, I've set 1.1.1.1 and 1.0.0.1 with DoT.
This is my WireguardVPN.conf
My S50wireguard
Please help, what did I do/set wrong?
I edited wg11.conf to this:
Code:
[Interface]
#DNS = 1.1.1.1
#Address = 172.16.0.2/32
PrivateKey = xxx
[Peer]
PublicKey = xxx
AllowedIPs = 0.0.0.0/0
Endpoint = engage.cloudflareclient.com:2408
PersistentKeepalive = 25Do I also need to edit WireguardVPN.conf besides "Y" at wg11? The rest of the wg11 line is cosmetic, correct?
I think, I do not need a server, so I put "N" at wg21.
I can ping 1.1.1.1 when wireguard vpn client wg11 is active, but I cannot resolve names.
At least I see some traffic: transfer: 17.20 KiB received, 48.46 KiB sent
To obtain the keys, I ran https://github.com/ViRb3/wgcf on my PC.
192.168.1.1. is my router
DNS Filter is set to "Router"
Under WAN, I've set 1.1.1.1 and 1.0.0.1 with DoT.
This is my WireguardVPN.conf
Code:
# NOTE: Auto=Y Command 'wg_manager.sh start' will auto-start this Peer
# Auto=P Command 'wg_manager.sh start' will auto-start this Peer using it's Selective Routing RPDB Policy rules if defined e.g 'rp11'
#
#
# VPN Auto Local Peer IP Remote Peer Socket DNS Annotation Comment
wg11 Y 172.16.0.2/32 engage.cloudflareclient.com:2408 1.1.1.1 # ****THIS IS NOT A REAL PEER** Edit 'wg11.conf' with real DATA!
wg12 N xxx.xxx.xxx.xxx/32 209.58.188.180:51820 193.138.218.74 # Mullvad China, Hong Kong
wg13 N xxx.xxx.xxx.xxx/32 103.231.88.18:51820 193.138.218.74 # Mullvad Oz, Melbourne
wg14 N xxx.xxx.xxx.xxx/32 193.32.126.66:51820 193.138.218.74 # Mullvad France, Paris
wg15 N #
# For each 'server' Peer you need to allocate a unique VPN subnet
# VPN Subnet
wg21 N 10.50.1.1/24 # RT-AC86U Local Host Peer 1
wg22 N 10.50.2.1/24 # RT-AC86U Local Host Peer 2
# The following default 'wg0' interface retained for backward compatibility!
wg0 N xxx.xxx.xxx.xxx/32 86.106.143.93:51820 193.138.218.74 # Mullvad USA, New York
# RPDB Selection Routing rules same format as 'nvram get vpn_clientX_clientlist'
# < Desciption > Source IP/CIDR > [Target IP/CIDR] > WAN_or_VPN[...]
rp11 <>
rp12
rp13 <Dummy VPN 3>172.16.1.3>>VPN<Plex>172.16.1.123>1.1.1.1>VPN<Router>172.16.1.1>>WAN<All LAN>172.16.1.0/24>>VPN
rp14
rp15 <Router>192.168.1.0/24>>VPN<LAN>192.168.1.1>>WAN
# Custom 'client' Peer interfaces - simply to annotate
SGS8 N 1.2.3.4 xxx.xxx.xxx.xxx dns.xxx.xxx.xxx # A comment here
wg0-client5 N 4.3.2.1 # Mullvad UK, London
# Categories
NoNe=
# WAN KILL-Switch
#KILLSWITCH
# Optionally define the 'server' Peer 'clients' so they can be identified by name in the enhanced WireGuard Peer status report
# (These entries are automatically added below when the 'create' command is used)
# Public Key DHCP IP Annotation Comment
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx= 10.50.1.11/32 # A Cell phone for 'server' 1My S50wireguard
#!/bin/sh
PATH=/opt/sbin:/opt/bin:/opt/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
Mode=client #server or client
#server
export Subnet= #e.g.)10.50.50.1/24
export wgport=
#client
export LocalIP=192.168.1.1 #e.g.)10.50.50.2
Route=default #default or policy
export wgdns=1.1.1.1
export Nipset=wgvpn
case $1 in
start)
logger "Starting WireGuard service."
if [ "$Mode" == "server" ] ; then
/opt/etc/wireguard/wg-server
elif [ "$Mode" == "client" ] && [ "$Route" != "policy" ] ; then
/opt/etc/wireguard/wg-up
else
/opt/etc/wireguard/wg-policy
fi
;;
stop)
logger "Stopping WireGuard service."
/opt/etc/wireguard/wg-down
;;
restart)
logger "Restarting WireGuard service."
/opt/etc/wireguard/wg-down
sleep 2
if [ "$Mode" == "server" ] ; then
/opt/etc/wireguard/wg-server
elif [ "$Mode" == "client" ] && [ "$Route" != "policy" ] ; then
/opt/etc/wireguard/wg-up
else
/opt/etc/wireguard/wg-policy
fi
;;
*)
echo "Usage: $0 {start|stop|restart}"
;;
esac
PATH=/opt/sbin:/opt/bin:/opt/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
Mode=client #server or client
#server
export Subnet= #e.g.)10.50.50.1/24
export wgport=
#client
export LocalIP=192.168.1.1 #e.g.)10.50.50.2
Route=default #default or policy
export wgdns=1.1.1.1
export Nipset=wgvpn
case $1 in
start)
logger "Starting WireGuard service."
if [ "$Mode" == "server" ] ; then
/opt/etc/wireguard/wg-server
elif [ "$Mode" == "client" ] && [ "$Route" != "policy" ] ; then
/opt/etc/wireguard/wg-up
else
/opt/etc/wireguard/wg-policy
fi
;;
stop)
logger "Stopping WireGuard service."
/opt/etc/wireguard/wg-down
;;
restart)
logger "Restarting WireGuard service."
/opt/etc/wireguard/wg-down
sleep 2
if [ "$Mode" == "server" ] ; then
/opt/etc/wireguard/wg-server
elif [ "$Mode" == "client" ] && [ "$Route" != "policy" ] ; then
/opt/etc/wireguard/wg-up
else
/opt/etc/wireguard/wg-policy
fi
;;
*)
echo "Usage: $0 {start|stop|restart}"
;;
esac
Please help, what did I do/set wrong?
Last edited:
Martineau
Part of the Furniture
Thanks for the feeback.
wg_manager Beta Hotfix v3.05 available and Hotfix v1.13
Update wg_manager.sh · MartineauUK/wireguard@b07368b
Hot Fix When creating the Road-Warrior 'device' Peer, only use the first DNS in the list. - Thanks SNB Forum member @Sh0cker54
EDIT:
Update wg_server · MartineauUK/wireguard@317a690
Hotfix If you have 'client' Peers say 'wg11' to auto start @boot, then as it creates its rules it loads the 'xt_comment' module, subsequently used by the 'server' Pe...
Assuming your 'server' Peer in listening on port 51820, run the following, then try to connect
Code:
conntrack -E --event-mask UPDATE -p udp -o timestamp | grep 51820
Last edited:
Similar threads
Similar threads
Similar threads
-
New Addon - ChatAI - have a chat session with Googles Gemini AI Bot- Started by JGrana
- Replies: 2
-
Solved How do I remove WG Manager from amtm without resetting amtm?
- Started by DJones
- Replies: 2
-
VPNMON VPNMON-R3 - Early, early alpha discussion, progress & screenshots- Started by Viktor Jaep
- Replies: 17
Latest threads
-
Does the Synology RT6600AX block a particular adult site?
- Started by road hazard
- Replies: 1
-
-
-
High Latency Issues on WiFi? GT-BE98 Pro
- Started by hadesflames
- Replies: 2
-
Support SNBForums w/ Amazon
If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!
Sign Up For SNBForums Daily Digest
Get an update of what's new every day delivered to your mailbox. Sign up here!
Staff online
-
RMerlinAsuswrt-Merlin dev