Wireguard Wireguard Client Help

[sammyano]

Cached browser page perhaps. Try to clear cache or use private (incognito) tab to make sure you are not seeing old data.
For your phone it is expected then. If not desired, change it's ip.

Also, i forgot to mention that when using the below and the VPN IP reflects immediately without clearing cache -
E:Option ==> peer wg11 rule add wan 192.168.1.105 comment Amazon_Fire
E:Option ==> peer wg11 rule add wan 192.168.1.181 comment Galaxy_Phone
E:Option ==> peer wg11 rule add vpn 192.168.1.1/24 comment Other Clients

 

[sammyano]

Also, i forgot to mention that when using the below and the VPN IP reflects immediately without clearing cache -
E:Option ==> peer wg11 rule add wan 192.168.1.105 comment Amazon_Fire
E:Option ==> peer wg11 rule add wan 192.168.1.181 comment Galaxy_Phone
E:Option ==> peer wg11 rule add vpn 192.168.1.1/24 comment Other Clients

Also dnsleak.com does not show my VPN Ip, rather is shows my WAN DNS which cloudflare

 

[ZebMcKayhan]

E:Option ==> peer wg11 rule add vpn 192.168.1.1/24 comment Other Clients

This is what is making the difference. 192.168.1.1/24 = 192.168.1.0 - 192.168.1.255

And we use 4 rules to cover
192.168.1.128/25 = 192.168.1.128 - 192.168.1.255
192.168.1.64/26 = 192.168.1.64 - 192.168.1.127
192.168.1.32/27 = 192.168.1.32 - 192.168.1.63
192.168.1.16/28 = 192.168.1.16 - 192.168.1.31

Well, I'm stumped. The kernel does not make routing errors, but I can't see any issues.

 

[sammyano]

This is what is making the difference. 192.168.1.1/24 = 192.168.1.0 - 192.168.1.255

And we use 4 rules to cover
192.168.1.128/25 = 192.168.1.128 - 192.168.1.255
192.168.1.64/26 = 192.168.1.64 - 192.168.1.127
192.168.1.32/27 = 192.168.1.32 - 192.168.1.63
192.168.1.16/28 = 192.168.1.16 - 192.168.1.31

Well, I'm stumped. The kernel does not make routing errors, but I can't see any issues.

So there's no suggestion on what to change?

 

[ZebMcKayhan]

So there's no suggestion on what to change?

Well, you could always try to add rules to ip manually. Try, directly at the prompt, not in wgm/amtm, one by one:

ip rule add from 192.168.1.64/26 lookup 121 prio 9912
ip rule add from 192.168.1.32/27 lookup 121 prio 9913
ip rule add from 192.168.1.16/28 lookup 121 prio 9914
ip rule add from 192.168.1.128/25 lookup 121 prio 9915

These won't ever be removed, so to remove them manually after you tested:

ip rule del prio 9912
ip rule del prio 9913
ip rule del prio 9914
ip rule del prio 9915

 

[sammyano]

Well, you could always try to add rules to ip manually. Try, directly at the prompt, not in wgm/amtm, one by one:

ip rule add from 192.168.1.64/26 lookup 121 prio 9912
ip rule add from 192.168.1.32/27 lookup 121 prio 9913
ip rule add from 192.168.1.16/28 lookup 121 prio 9914
ip rule add from 192.168.1.128/25 lookup 121 prio 9915

These won't ever be removed, so to remove them manually after you tested:

ip rule del prio 9912
ip rule del prio 9913
ip rule del prio 9914
ip rule del prio 9915

 

[sammyano]

Got same result no change

 

[sammyano]

Well, you could always try to add rules to ip manually. Try, directly at the prompt, not in wgm/amtm, one by one:

ip rule add from 192.168.1.64/26 lookup 121 prio 9912
ip rule add from 192.168.1.32/27 lookup 121 prio 9913
ip rule add from 192.168.1.16/28 lookup 121 prio 9914
ip rule add from 192.168.1.128/25 lookup 121 prio 9915

These won't ever be removed, so to remove them manually after you tested:

ip rule del prio 9912
ip rule del prio 9913
ip rule del prio 9914
ip rule del prio 9915

RTNETLINK answers: No such file or directory, when try to delete

 

[ZebMcKayhan]

Got same result no change

What do you get from:

ip route get 172.217.21.174 from 192.168.1.182 iif br0

RTNETLINK answers: No such file or directory, when try to delete

Are your added rules still there?

ip rule

 

[sammyano]

What do you get from:

ip route get 172.217.21.174 from 192.168.1.182 iif br0

Are your added rules still there?

ip rule

0: from all lookup local


9810: from all fwmark 0xd2 lookup 210
9911: from 192.168.1.64/26 lookup 121
9911: from 192.168.1.32/27 lookup 121
9911: from 192.168.1.16/28 lookup 121
9911: from 192.168.1.128/25 lookup 121
32766: from all lookup main
32767: from all lookup default

 

[sammyano]

What do you get from:

ip route get 172.217.21.174 from 192.168.1.182 iif br0

Are your added rules still there?

ip rule

ip route get 172.217.21.174 from 192.168.1.182 iif br0

172.217.21.174 from 192.168.1.182 via xxxxxxx.1 dev eth0

 

[ZebMcKayhan]

RTNETLINK answers: Invalid cross-device link

Aha, so there is an issue somewhere... I've never seen this before. I'll look into it tomorrow

 

[sammyano]

Aha, so there is an issue somewhere... I've never seen this before. I'll look into it tomorrow

Disregard the invalid error, it was typo from me
172.217.21.174 from 192.168.1.182 via xxxxxxx.1 dev eth0

 

[sammyano]

@Zeb, all good now. After removing wg and imported, i plugged out my router for a while, cleared cache on mac and phone and restarted and everything is back as it was before, that's device with IP < 16 going through WAN and every-other through VPN. I am grateful for your support, but would just ask, please, if you can help me sort out Diversion with wg. I have it installed but still getting hit by ads on websites, even though the ad countered is showing blocked ads.

 

[ZebMcKayhan]

@Zeb, all good now. After removing wg and imported, i plugged out my router for a while, cleared cache on mac and phone and restarted and everything is back as it was before, that's device with IP < 16 going through WAN and every-other through VPN. I am grateful for your support, but would just ask, please, if you can help me sort out Diversion with wg. I have it installed but still getting hit by ads on websites, even though the ad countered is showing blocked ads.

ok, Great! This have really got me stumped! not sure what happened there, I have never saw "ip" fail in such sense. perhaps routing cache or something... my next suggestion was to reboot the router which would probably have solved it as well.

regarding diversion: https://github.com/ZebMcKayhan/Wire...e#why-is-diversion-not-working-for-wg-clients

 

[sammyano]

ok, Great! This have really got me stumped! not sure what happened there, I have never saw "ip" fail in such sense. perhaps routing cache or something... my next suggestion was to reboot the router which would probably have solved it as well.

regarding diversion: https://github.com/ZebMcKayhan/Wire...e#why-is-diversion-not-working-for-wg-clients

Thanks Zeb, am at home today and notice the wg is really slow, is/are any settings that could make it abit better?

 

[ZebMcKayhan]

Thanks Zeb, am at home today and notice the wg is really slow, is/are any settings that could make it abit better?

I dont think that the issue is with your router, probably with your VPN supplier. you can try to use wgm to restart wg11 and see if you get a different endpoint ip and hopefully get to a server that are less crowded. When I had an AC86U router just as you, I continuously got 240Mbit/s over Wireguard on my 250Mbit/s service.

if you are unhappy with the speeds you get, try to get some free test config from a different supplier, just to compare.

 

[sammyano]

O

Ok, thanks am not even getting up to 10mb on a 500mb fibre connection.

 

[ZebMcKayhan]

O

That's horrible speeds! I've heard of some ISPs doing Deep Packet Inspection (DPI) which supposedly impacts WG speeds quite badly but this is all second hand information.
If you monitor processor usage in the gui when running the speed test I bet you hardly see any difference. Your router will max out at 450Mbit/s over Wireguard mainly due to the fact that WG is incompatible with NAT acceleration, so core 1 will peak out doing software NAT at about 450Mbit/s. If it wasnt for that incompatibility this hardware would be able to run even higher wg throughput.

See if you can switch server from your vpn supplier or try to evaluate another vpn supplier.

 

[sammyano]

That's horrible speeds! I've heard of some ISPs doing Deep Packet Inspection (DPI) which supposedly impacts WG speeds quite badly but this is all second hand information.
If you monitor processor usage in the gui when running the speed test I bet you hardly see any difference. Your router will max out at 450Mbit/s over Wireguard mainly due to the fact that WG is incompatible with NAT acceleration, so core 1 will peak out doing software NAT at about 450Mbit/s. If it wasnt for that incompatibility this hardware would be able to run even higher wg throughput.

See if you can switch server from your vpn supplier or try to evaluate another vpn supplier.

@Zeb, thanks alot for your support. I can server and the speed improve more than i expected and am sure it will even be better when i do switch to AX86 pro that has WG support from the GUI-

Download Mbps
321.40
Upload Mbps
48.81