Menu
What's new
By:
Filters Better Search

Changing WireGuard Interface Address From wgclient.postconf Script?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

H

HarryMuscle

Senior Member
I use TorGuard as my VPN provider and unfortunately they only remember WireGuard client keys on their servers for a limited period of time so if you're like me and don't use your connecting constantly you have to use their API to re-register the keys. No problem with scripting that via the wgclient.postconf script though.

The issue I'm running into, however, is that the response of that API call returns the IP address that I'm supposed to use for the WireGuard interface. Unfortunately, when the wgclient.postconf script gets called the WireGuard interface hasn't been created yet so I can't change its address.

Doing this from the wgclient-start script won't work either cause the API call that gives me the interface address to use needs to be done before the connection is established. Basically I get the info in wgclient.postconf but I need to apply it in wgclient-start or somehow after the interface is created. I could probably write a temporary file to communicate between the two scripts but I'm not liking that idea, seems too hackish and wastes writes to the flash memory

So I'm wondering if anyone has any idea on how to change the WireGuard interface address from the wgclient.postconf script.

Thanks,
Harry
 
HarryMuscle said:
I use TorGuard as my VPN provider and unfortunately they only remember WireGuard client keys on their servers for a limited period of time so if you're like me and don't use your connecting constantly you have to use their API to re-register the keys. No problem with scripting that via the wgclient.postconf script though.

The issue I'm running into, however, is that the response of that API call returns the IP address that I'm supposed to use for the WireGuard interface. Unfortunately, when the wgclient.postconf script gets called the WireGuard interface hasn't been created yet so I can't change its address.

Doing this from the wgclient-start script won't work either cause the API call that gives me the interface address to use needs to be done before the connection is established. Basically I get the info in wgclient.postconf but I need to apply it in wgclient-start or somehow after the interface is created. I could probably write a temporary file to communicate between the two scripts but I'm not liking that idea, seems too hackish and wastes writes to the flash memory

So I'm wondering if anyone has any idea on how to change the WireGuard interface address from the wgclient.postconf script.

Thanks,
Harry
Click to expand...
You should be able to change everything in the postconf file. The config about to be used is retrieved in $1. Like
Code: 
#!/bin/sh 
CONFIG=$1 
source /usr/sbin/helper.sh 
pc_replace "Address=<your nvram address>" "Address=<your new address>" $CONFIG

Before doing this you could start by dumping the file to see how it looks:
Code: 
cat $1 > /tmp/wgc1.conf
 
Call your API in the postconf script, get the IP address and then use the pc_replace utility merlin created to change the IP address in the config file.

See the bottom of

github.com

Custom config files

Third party firmware for Asus routers (newer codebase) - RMerl/asuswrt-merlin.ng
github.com github.com

Or, from the startup script, get your IP address from the API and use the wg set command to change the IP address of the interface.
 
HA! The Zeb beat me to it
 
HarryMuscle said:
I use TorGuard as my VPN provider and unfortunately they only remember WireGuard client keys on their servers for a limited period of time so if you're like me and don't use your connecting constantly you have to use their API to re-register the keys. No problem with scripting that via the wgclient.postconf script though.

The issue I'm running into, however, is that the response of that API call returns the IP address that I'm supposed to use for the WireGuard interface. Unfortunately, when the wgclient.postconf script gets called the WireGuard interface hasn't been created yet so I can't change its address.

Doing this from the wgclient-start script won't work either cause the API call that gives me the interface address to use needs to be done before the connection is established. Basically I get the info in wgclient.postconf but I need to apply it in wgclient-start or somehow after the interface is created. I could probably write a temporary file to communicate between the two scripts but I'm not liking that idea, seems too hackish and wastes writes to the flash memory

So I'm wondering if anyone has any idea on how to change the WireGuard interface address from the wgclient.postconf script.

Thanks,
Harry
Click to expand...
Thinking about this one more time. The interface ip address is actually nothing wireguard concernes itself with. The interface is created using "ip" and then told to be type: wireguard. So, your right. It wont be a part of config file sent to wg from fw. Usually programs scrape and removes this (Address, DNS, etc) information from the config file otherwise wg doesnt start.
But it will play lots of parts when fw sets up firewall and such so just changing the interface address after its up may be a bad idea.

But the postconf script is called really early and later, when fw setup the interface it reads the address from nvram. So you should be able to change the nvram variable in the postconf script and fw will use your new value when setting everything up. Like:
Code: 
nvram set wgc1_addr aaa.bbb.ccc.ddd/xx
nvram commit

It may work
 
Last edited:
You must log in or register to reply here.

Similar threads

H
Does wgclient-start Script Run Before Or After WireGuard Client Is Started?
Replies
6
Views
698
HarryMuscle
H
A
Restart WireGuard client when fails
Replies
5
Views
356
ZebMcKayhan
Z
M
deSEC DDNS update script
Replies
0
Views
138
Markfree
M
D
GT-AX6000 - 3004_388.6_0 - Wireguard client - No Access to Servers local LAN
Replies
5
Views
590
Drihha
D
L
Unbound + Wireguard: is this combination possible at all?
Replies
6
Views
666
louisschneider
L
Similar threads
Thread starter Title Forum Replies Date
B Solved Client list in Network Map is empty and changing the System Log verbosity in the web GUI does nothing Asuswrt-Merlin 7
R Glitch with changing WAN DNS settings on first login Asuswrt-Merlin 0
C OpenVPN Issues after changing ISP Asuswrt-Merlin 15
H Correct Script To Use For Changing Routes? Asuswrt-Merlin 1
T Wireguard VPN Disable IPV6 Asuswrt-Merlin 0
S Guide Wireguard-portforwarding Asuswrt-Merlin 12
D Solved Samba, LACP & WireGuard. Question. Asuswrt-Merlin 5
P Question on Wireguard tunnel configuration. Asuswrt-Merlin 8
TheLyppardMan A question about WireGuard security Asuswrt-Merlin 25
A Restart WireGuard client when fails Asuswrt-Merlin 5

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 873 (members: 26, guests: 847)
Top