Asus RT-AX86U with Wireguard VPN.

[juanantonio]

This seems to have been fixed in 388.2. See:

WG Server test with flowcache bypass

I'm not done backporting Asus' flow cache bypass yet (only server part is done, client is more complicated because of having to port from VPNFusion -> VPN Director), but this is the performance the WG server is able to hit now, with the client running on a Windows laptop...

www.snbforums.com

Well, I have read this post you posted and, consequently, enabled Flow Caché on my AX86U, but it throws a lot of kernel error messages in system log.

Are there more things I need to do?
Regards.

 

[Piotrek]

You seem to have a solution already

 

[juanantonio]

You seem to have a solution already

A temporary solution. I asked in the thread you kindly sent me (https://www.snbforums.com/threads/wg-server-test-with-flowcache-bypass.82746/page-5#post-842312), but it has worked only until this evening. I am using Wireguard Session Manager through entware and they told me to update it to last development version.

Now, my system log is flooded again with kernel error messages and I don't know what else I can do. I have already reported that on the other thread.
Regards.

 

[johndoe85]

Why are you routing all your traffic through a VPN?
If you live in a free, democratic country services like NordVPN don't really provide any additional security in a home environment.

Who said we live in a free world? The politicians? The big tech companies? The naive idiots who believe anything?

We are trapped and the snare gets pulled a little bit at a time.

You need to get one of these.
Hat

Get one for the cat too!
Cat hat

 

[Cream]

My VPN supplier is AirVPN https://airvpn.org/. They have servers all around the world and they support wireguard on Asus routers.

Thanks for that! Was looking at SUrfshark as they support Wireguard on DDWRT on Asus but were not sure about merlin.

 

[Tech9]

Was looking at SUrfshark

Now included in stock Asuswrt firmware:

Release - ASUS RT-AX86 Series(RT-AX86U/RT-AX86S) Firmware version 3.0.0.4.388.23285 (15-05-2023)

Firmware version 3.0.0.4.388_23285 - Release Note - New features: - Built-in Surfshark in VPN Fusion allows you to surf the internet anonymously and securely from anywhere by encrypting connections. Please refer to https://asus.click/SurfsharkVPN - iPhone/Android USB auto backup WAN allows you...

www.snbforums.com

 

[doczenith1]

I am using Wireguard Session Manager through entware and they told me to update it to last development version.

Now, my system log is flooded again with kernel error messages and I don't know what else I can do. I have already reported that on the other thread.
Regards.

I could be mistaken but I think you might need to switch from the Entware WireGuard Session Manager to the WireGuard that is now part of the firmware to properly utilize NAT acceleration (flow cache). Obviously get confirmation on this before making any changes though.

 

[juanantonio]

I could be mistaken but I think you might need to switch from the Entware WireGuard Session Manager to the WireGuard that is now part of the firmware to properly utilize NAT acceleration (flow cache). Obviously get confirmation on this before making any changes though.

Maybe you're right, but I was told by @ZebMcKayhan , one of the most great contributors of Session Manager, to update Session Manager to the last version.
However, Session Manager works in this way only for a few hours, then my AX-86U starts giving kernel error messages again.
The thing is that I want IPv6 connectivyty throug Wireguard and now I have it with Session Manager. I don't know if it is possible to redirect my LAN devices through firmware Wireguard, getting also IPv6 addresses to these devices.
Thank you, anyway.

 

[ZebMcKayhan]

Maybe you're right, but I was told by @ZebMcKayhan , one of the most great contributors of Session Manager, to update Session Manager to the last version.
However, Session Manager works in this way only for a few hours, then my AX-86U starts giving kernel error messages again.
The thing is that I want IPv6 connectivyty throug Wireguard and now I have it with Session Manager. I don't know if it is possible to redirect my LAN devices through firmware Wireguard, getting also IPv6 addresses to these devices.
Thank you, anyway.

Wgm includes the same bypass as the firmware in the latest dev release:
https://www.snbforums.com/threads/session-manager-4th-thread.81187/post-830683

However, this ASUS/Broadcom fix is for local/source/lan addresses only, so if you have rules with remoteIP your entire lan will be bypassed, just as with flowcache off.

In wgm its currently not for ipv6 which, if my memory serves, you were using so Im not sure how effective it will be for you.

You could always try to add the entry for ipv6 yourself, I could help with this, but I don't know if Asus included it.

 

[juanantonio]

However, this ASUS/Broadcom fix is for local/source/lan addresses only, so if you have rules with remoteIP your entire lan will be bypassed, just as with flowcache off.

What are you meaning with 'rules with remote IP'? I only have a Wireguard client on Session Manager with one IPSET rule to route my LAN clients to the Internet through that client.

 

[ZebMcKayhan]

What are you meaning with 'rules with remote IP'? I only have a Wireguard client on Session Manager with one IPSET rule to route my LAN clients to the Internet through that client.

Wireguard does not work with Broadcom hw accelleration, period. Not on merlin fw, not on asus fw. The only reason Asus could have fc turned on is that they implemented a fc bypass based on lan addresses in a file. Wireguard will not use hw accelleration but clients set to use wan can.

So, the only benefit would be if you using vpn fusion, vpn director or wgm rules for specific ipv4 lan addresses to vpn then other lan ips could benefit. Wireguard will never benefit.

Edit: if you only have acouple of devices enabled to use Wireguard I could help you figure out if ipv6 is possible to bypass fc which may help you to enable fc. But ipv6 is tricky, some scripting would be needed to figure out which ipv6 your particular device have and track changes and I stink at scripting.

 

[juanantonio]

Wireguard does not work with Broadcom hw accelleration, period. Not on merlin fw, not on asus fw. The only reason Asus could have fc turned on is that they implemented a fc bypass based on lan addresses in a file. Wireguard will not use hw accelleration but clients set to use wan can.

So, the only benefit would be if you using vpn fusion, vpn director or wgm rules for specific ipv4 lan addresses to vpn then other lan ips could benefit. Wireguard will never benefit.

Edit: if you only have acouple of devices enabled to use Wireguard I could help you figure out if ipv6 is possible to bypass fc which may help you to enable fc. But ipv6 is tricky, some scripting would be needed to figure out which ipv6 your particular device have and track changes and I stink at scripting.

I don't think I need bypass for none of my LAN devices.
Thank you, anyway.

 

[Sethr]

Hi, now that my Asus RT-AX86U supports Wireguard VPN I am looking to try it out. From looking around Nord VPN seems a good choice as they support wireguard and they 'say' they have the fastest speeds and the most worldwide servers. I am on a 1gbps download fibre line and am wondering what kind of speeds I would get? And does ther geo location really work, like watching Netflix/ Prime Video in the USA and other countries? Thanks for any feedback!

I contacted Nord just last week. They say Wireguard is NOT supported on routers.
A shame they don't advertise that way.

 

[ZebMcKayhan]

I contacted Nord just last week. They say Wireguard is NOT supported on routers.
A shame they don't advertise that way.

It works on routers, you just need to put in some work to obtain the config file that you can import into your router. Like https://forum.openwrt.org/t/instruction-config-nordvpn-wireguard-nordlynx-on-openwrt/89976