What's new

[Experimental] WireGuard for HND platform (4.1.x kernels)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

did you tested personally?
I tested on ac86u but I dont have other devices. (no improvement on ac86u)

Not with OpenVPN, but themiron tested Dropbear with Chacha20 vs AES. On non-accelerated CPUs, Chacha20 gave a clear performance gain over AES.
 
sorry for off topic, I don't want to create a whole new thread.
will be WireGuard client available for RT-AC88U? Or can I use the instructions from the 1st post for AC88? OpenVPN client is very slow.
I wanted to buy AX88 some time ago, but saw a thread regarding 6E routers and devices in the next year, so I don't have any reasons to replace my AC88U.
 
Last edited:
Anyone with a gig connection done some testing with WireGuard on their AC86 or AX88?

Just wondering as I saw a report from someone running PIA with WireGuard on their PC was getting fantastic speeds. Just interested.
Screenshot_2020-05-04 More Wireguard.png
 
no reply, ok.
Wireguard requires Linux kernel ≥ 3.10 (released 5 years ago), but asuswrt-merlin seems to use 2.6.36 (released 8 years ago) - very first comment from here
@RMerlin will the kernel be updated for AC-88U? if we cannot get wireguard OOB - could you give us possibility to install and use it?
 
@adv3 doesn't seem reasonable for the old RT-AC88U to be receiving an updated kernel at this time (almost end of life).

RMerlin has already stated that he won't be enabling wireguard support on his firmware.

HTH. :)
 
no reply, ok.
Wireguard requires Linux kernel ≥ 3.10 (released 5 years ago), but asuswrt-merlin seems to use 2.6.36 (released 8 years ago) - very first comment from here
@RMerlin will the kernel be updated for AC-88U? if we cannot get wireguard OOB - could you give us possibility to install and use it?

No. Broadcom (and other manufacturers as well) never upgrade their SDK kernels.
 
Is it possible to run nordlynx with that tutorial? Thanks

I think Nordlynx is a "wrapper" arround Wireguard that NordVPN offers as a wireguard solution. If that is the case I would say nope! If NordVPN offers support for "normal" wireguard clients I don't see why it should not work. But my man guess goes for option 1 and then nope
 
Last userspace tool ipk (wireguard-tools_1.0.20200513-1_aarch64-3.10.ipk) does not have S50wireguard in conffiles. So, all 'exports' settings are completely gone after package upgrade. A bug?
 
If the S50wireguard file is included in the conffiles, process duplication will occur.
Complete service startup script removal upon package upgrade is not a best option. Maybe it's better to move it's default installation location to /opt/etc/wireguard as sample startup script?
 
Complete service startup script removal upon package upgrade is not a best option. Maybe it's better to move it's default installation location to /opt/etc/wireguard as sample startup script?
changed. And I added one more step.

Code:
opkg install /path/wireguard-tools_1.0.20200513-2_aarch64-3.10.ipk
cp /opt/etc/wireguard/S50wireguard /opt/etc/init.d
 
Thanks. But be warned — update from wireguard-tools_1.0.20200513-1_aarch64-3.10.ipk to 20200513-2 will remove S50wireguard as well 'as obsolete'. :)

Upgrading wireguard-tools on root from 1.0.20200513-1 to 1.0.20200513-2...
Removing obsolete file /opt/etc/init.d/S50wireguard.
 
@adv3 doesn't seem reasonable for the old RT-AC88U to be receiving an updated kernel at this time (almost end of life).

RMerlin has already stated that he won't be enabling wireguard support on his firmware.

HTH. :)

@L&LD already got it, but.. old? really? what’s new then? AX-88U? AX89X (no Merlin FW, btw)? or should I wait for 6E routers due to the fact that ax88 and ax89 will become legacy soon amid such news?
 
Reviewed in December 2015 on this site is old to me. :)

Waiting is also a silly game that never ends. The RT-AX88U is the top RMerlin powered router today. If the hardware and feature set is unusable to you, then you need to look for another product or build it yourself.

There is no guarantee that WiFi 6E routers will have better hardware (overall). History has shown that the opposite will most likely be true. The first to be badged 'WiFi 6E' will be deficient in some area or other. Support for the latest kernel isn't only up to Asus either. They don't just want bleeding-edge features in their firmware, they also want a possibility of stability and backward compatibility too. :)
 
I see you provide newer kernel and user-space tools. Mine are out of date. How do I upgrade safely? Must I opkg remove the old before opkg install the new? I don't want to break my current config.

Wireguard is working excellent on AC86U.
 
Hello all,

Long time reader, I don't think I posted a lot (or even once) here.

But I have to shime in :D

First:
1. Install WireGuard
Thank you very much Odkrys for your scripts. Work awesome on RT-AX88U, with Torguard provider.

I'm going to modify it to run server and client from the same starting script, but also, I'd like to run several clients because I am in a dual wan configuration, and I have several wireguard provider to load balance or fallback on. I see RT-AX88U seems to have enough CPU power to handle at least 2 clients.
I don't know if Martineau still play with this, but I will probably need some guidance for routing rules :)

I see you provide newer kernel and user-space tools. Mine are out of date. How do I upgrade safely? Must I opkg remove the old before opkg install the new? I don't want to break my current config.

Wireguard is working excellent on AC86U.
I would just opkg install the new packages, without removing the older.
You should save files from /opt/etc/wireguard/ in case they are overwritten.

++
 
Going through your instructions...

These below bits ( just under Section 4.5)

-------------------------------------------------------------------------
WireGuard use iptables so when the firewall is restarted, the rules will gone.
Please add this in nat-start script.

nano /jffs/scripts/nat-start
Code:
#!/bin/sh

WVPNROUTE=`ip route show | grep -i -a "dev wg"`
logger -s -t "($(basename $0))" $$ "Checking if WireGuard is UP...."$WVPNROUTE
if [ "$WVPNROUTE" != "" ];then
        logger -s -t "($(basename $0))" $$ "**Warning WireGuard is UP.... restarting WireGuard"
        /opt/etc/init.d/S50wireguard restart
fi


Are these nat-stat configs required for
- WireGuard Client Setup
- or only for WireGuard Server setup
- or both?

Apologies, but could not figure out .... whether these are part of server or client config?
 
I'm stuck. have setup a WG server on Vultr. connecting with a macOS client works fine.
Trying to install on Asus AX88.
When I start Wireguard on the ASUS I get:
Code:
/opt/etc/init.d/S50wireguard: export: line 13: 10.10.15.5: bad variable name
Code:
nano /opt/etc/init.d/S50wireguard

Mode=client   #server or client

#server
export Subnet = 10.10.15.1/32  #e.g.)10.10.15.1/24
export wgport=

#client
export LocalIP= 10.10.15.5   #e.g.)10.10.15.5

Route=default   #default or policy
export wgdns=
export Nipset=wgvpn
Code:
nano /opt/etc/wireguard/wg0.conf

[Interface]
PrivateKey = xxx
Address = 10.10.15.5/32
DNS = 8.8.8.8

[Peer]
PublicKey = xxx
AllowedIPs = 0.0.0.0/0
Endpoint = 80.xx.xx.123:51820
PersistentKeepalive = 25

What's wrong here?

Alsowould someone have a bit more info if i just want to route two IPs through wireguard (192.168.1.12 and .1.34)? Where exactly do I add the ip rules in wg-policy?

Code:
ip rule del prio 11111 2>/dev/null
ip rule del prio 11112 2>/dev/null
ip rule add from 192.168.1.10 lookup 117 prio 11111
ip rule add from 192.168.1.20 lookup 117 prio 11112
 
Last edited:

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top