What's new

[Dev] Asuswrt-Merlin 388.1 development

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Status
Not open for further replies.
Wireguard Client works Beautifully on 388.1_alpha1-g0ca7941c3e It's just missing a KillSwitch. Tested on ProtonVPN.
Only issue is that the client doesn't auto start on router reboot.
There will be no need for a killswitch feature. When the network goes down, it goes down. The disconnected wireguard tunnel remains open until traffic returns. Clients will have no connection in the down time.
 
There will be no need for a killswitch feature. When the network goes down, it goes down. The disconnected wireguard tunnel remains open until traffic returns. Clients will have no connection in the down time.
If the VPN provider goes down will routed clients revert to wan connection and start leaking ip?
 
Lat night my Wireguard connection messed up on its own. I noticed a DNS error when trying to load a webpage. After investigation all the clients running through the tunnel lost DNS resolution. I rebooted the router and again still no DNS, I was using Torgaurd's ad block DNS. I switched to using the router IP as DNS and function was restored, not fond of the DNS leak though. I put in a ticket into Torguard support. Hopefully some light can be cast on this issue. Has anyone else had any issues similar?

UPDATE: Torguard made a setting change on their end to stop this from happening again. ;)
 
Last edited:
Wireguard Client works Beautifully on 388.1_alpha1-g0ca7941c3e It's just missing a KillSwitch. Tested on ProtonVPN.
Only issue is that the client doesn't auto start on router reboot.
RMerlin addressed the Wireguard killswitch subject much earlier in this thread. See post #108.
https://www.snbforums.com/threads/dev-asuswrt-merlin-388-1-development.81087/page-6#post-794669
No killswitch for Wireguard, and no VPN Fusion in my firmware.

In fact, a killswitch isn't really possible with Wireguard, because Wireguard isn't a typical client that connects/disconnects. It's a network interface that communicates with another peer, with no way of knowing for sure if that other peer is gone. That's why after you "disconnect" a client, the peer still shows up in the Wireguard output.
 
Lat night my Wireguard connection messed up on its own. I noticed a DNS error when trying to load a webpage. After investigation all the clients running through the tunnel lost DNS resolution. I rebooted the router and again still no DNS, I was using Torgaurd's ad block DNS. I switched to using the router IP as DNS and function was restored, not fond of the DNS leak though. I put in a ticket into Torguard support. Hopefully some light can be cast on this issue. Has anyone else had any issues similar?

UPDATE: Torguard made a setting change on their end to stop this from happening again. ;)

Further research into this suggests that it could be a router client issue. Torguard got back to me after restarting the service at their end. They advised to try again. I did and immediately DNS failed. I rebooted the router and DNS was restored. This indicates a router problem if I'm not mistaken, because disabling the client and re-enabling did nothing to resolve the issue. What and where the problem is I have no clue. Any ideas @RMerlin ?

UPDATE: I setup a Wireguard client on my phone, used the same Torguard configuration file. It works flawlessly. No DNS problems.
 
Last edited:
I'm using 388.1 alpha on my RT-AX88Us (connected by site-to-site openVPN). It's working reliably :) and maybe I should leave 'well enough alone'. But I'm curious to see whether I could use wireguard instead of openVPN.

Could I use 388.1 alpha with wireguard manager and/or use the new ASUS interface for wireguard?

Perhaps 386.7_2 is better for wireguard manager?

Its great to have these options and support... I appreciate all the effort from RMerlin, and the wireguard guys.
 
Could I use 388.1 alpha with wireguard manager
I dont see any reason why Wireguard Manager wouldnt work with 388 firmware altough I have not tried nor heard any reports.

If your site-2-site is between 2 ASUS hnd routers the setup is quite straight forward in wgm:
https://github.com/ZebMcKayhan/WireguardManager#site-2-site

The upside of using wgm for site-2-site (lan-2-lan) is that you could keep flow-cache enabled as there is no nat going on in this configuration.
 
Last edited:
No, it just means what I wrote: I don't have any info to share at this time. Specifically because Asus themselves haven't decided yet, so they don't have anything to share with me either.

Understood that ASUS hasn't made any decisions, but still kind of a big deal if ASUS is considering not transitioning some AC routers to 388. Will you continue 386 updates?
 
New here; love the WireGuard integration. Have been playing around with it on gt-ax11000 for a few days now. The only bug I see, and I can't seem to find a reason for this but looks like it could be a bug...

Filtering ips with VPN Director, X.X.X.X/24 overrides any other ips in the list connected to a different WireGuard server.

VPN DIRECTOR
Description______Local IP_______Interface
All______________X.X.X.X/24_____WCG1
MacBook Pro____X.X.X.X________WCG2

Here MacBook pro seems to connect to WCG1 and not WCG2 as configured.

Thought id post it here. I get double the speed I usually get with OpenVPN, with SurfShark and TorGuard on WireGuard. Thanks for the amazing work as always.
 
Last edited:
New here; love the WireGuard integration. Have been playing around with it on gt-ax11000 for a few days now. The only bug I see, and I can't seem to find a reason for this but looks like it could be a bug...

Filtering ips with VPN Director, X.X.X.X/24 overrides any other ips in the list connected to a different WireGuard server.

VPN DIRECTOR
Description______Local IP_______Interface
All______________X.X.X.X/24_____WCG1
MacBook Pro____X.X.X.X________WCG2

Here MacBook pro seems to connect to WCG1 and not WCG2 as configured.

Thought id post it here. I get double the speed I usually get with OpenVPN, with SurfShark and TorGuard on WireGuard. Thanks for the amazing work as always.
If I remember correctly, VPN Director prioritizes rules from top to bottom. If your first rule specifies a /24 netmask, that trumps all other rules. Try reversing order of your rules in VPN Director.
 
If I remember correctly, VPN Director prioritizes rules from top to bottom. If your first rule specifies a /24 netmask, that trumps all other rules. Try reversing order of your rules in VPN Director.
I don't think it works like that, or at least this version does not; if you rename X.X.X.X/24' Description to "All" the column moves to the top automatically.

Also if this was the case, you should then be able to manually rearrange the columns, which you have never been able to do, at least since I have used the software.
 
I don't think it works like that, or at least this version does not; if you rename X.X.X.X/24' Description to "All" the column moves to the top automatically.

Also if this was the case, you should then be able to manually rearrange the columns, which you have never been able to do, at least since I have used the software.
From the wiki:

"Rules are applied in the following order:
  • Rules with a WAN destination
  • Rules with an OpenVPN 1 destination
  • Rules with an OpenVPN 2 destination
  • ...
  • Rules with an OpenVPN 5 destination
Also note that any routes configured on the Dual WAN page will have a higher priority than all of these."

I was slightly off, but it appears that you may need to swap your clients.
 
Last edited:
From the wiki:

"Rules are applied in the following order:
  • Rules with a WAN destination
  • Rules with an OpenVPN 1 destination
  • Rules with an OpenVPN 2 destination
  • ...
  • Rules with an OpenVPN 5 destination
Also note that any routes configured on the Dual WAN page will have a higher priority than all of these."

I was slightly off, but it appears that you may need to swap your clients.
Its been a while since doing these chances; thank you for the reminder! "All" clients need to be connected to the highest host number. :)
 
I dont see any reason why Wireguard Manager wouldnt work with 388 firmware altough I have not tried nor heard any reports.

If your site-2-site is between 2 ASUS hnd routers the setup is quite straight forward in wgm:
https://github.com/ZebMcKayhan/WireguardManager#site-2-site

The upside of using wgm for site-2-site (lan-2-lan) is that you could keep flow-cache enabled as there is no nat going on in this configuration.
Okay, I'll give it a go. Yes (2 x RT-AX88U), I have read your guide and it gives very clear instruction. Thanks for your advice
 
I got the confirmation that AC models will not be moved to 388 - only AX models will be.
 
I got the confirmation that AC models will not be moved to 388 - only AX models will be.
That's unfortunate: it almost seems like Asus is creating one more (somewhat artificial) reason to promote upgrades to newer equipment.

Oh well, hopefully they will continue to provide at least periodic security updates for at least another couple of years for the AC models..
 
Status
Not open for further replies.

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top