Help replacing OpenVPN with Wireguard on Asus RT-AX88U

Chewie420

Regular Contributor
Hello I just realized that with OpenVPN I was getting limited speeds. I only had 160 mbps service until today I upgraded to 500 mbps.

If I use my VPN I only get 200 mbps and if I disconnect I am getting 500 mbps.

I am using Torguard as my VPN provided and wanted to install wireguard but wasn't sure how to get started. I have amtm installed but when I run from ssh command line I get an error message.

Following this tutorial - https://www.snbforums.com/threads/experimental-wireguard-for-hnd-platform-4-1-x-kernels.46164/

I can't seem to figure out how to find the path of the file I saved to USB Drive connected to router.

Using Asus RT-AX88U with Merlin 386.3.2

Also wondering why Merlin doesn't have wireguard as an option since it seems like a much faster service.
 
Last edited:

Chewie420

Regular Contributor
I have the file copied to a USB drive connected to my router and I connected using ssh. Just not sure how to browse to the file I have on USB. Ii did it before but can't figure it now for the life of me.
 
Last edited:

RMerlin

Asuswrt-Merlin dev
Also wondering why Merlin doesn't have wireguard as an option since it seems like a much faster service.
Because priorities. I don't have time to work on it, and nobody stepped forward to develop it.

Well Asus did, but it's still in beta on their end.
 

Martineau

Part of the Furniture
Hello I just realized that with OpenVPN I was getting limited speeds. I only had 160 mbps service until today I upgraded to 500 mbps.

If I use my VPN I only get 200 mbps and if I disconnect I am getting 500 mbps.

I am using Torguard as my VPN provided and wanted to install wireguard but wasn't sure how to get started.
Using Asus RT-AX88U with Merlin 386.3.2
As you are running Merlin v386.3.2, in lieu of a GUI WireGuard implementation, you could try this script
 
Last edited:

Chewie420

Regular Contributor
Because priorities. I don't have time to work on it, and nobody stepped forward to develop it.

Well Asus did, but it's still in beta on their end.

I am sorry I wish I had the skill set to help or I certainly would. What if I started a Go Fund Me for you? How much time or funds would be needed to implement WireGuard into Merlin. I can't help develop the tool but I could help make it worth your time or allow you to hire someone who can help.

Seeing my connection frop rom 500+ mbps to under 200 mbps when connected really shows me how outdated OpenVPN is. I heard it is only a single threaded application and that is why it is slow.
 
Last edited:

Chewie420

Regular Contributor
As you are running Merlin v386.3.2, in lieu of a GUI WireGuard implementation, you could try this script
Thanks so much do you know if this one works with VPN director I want to make sure that only certain subnets use my VPN connection.

Also once it is installed and I close the ssh session how to I get back to the options? Sorry I wasn't able to figure it out.
I have it installed by not sure how to import the config I downloaded from torguard.
 
Last edited:

Martineau

Part of the Furniture
Thanks so much do you know if this one works with VPN director I want to make sure that only certain subnets use my VPN connection.
No it doesn't work with the GUI VPN director, you need to set the subnets using the wireguard_manger peer command

e.g. see the peer command help / examples
Code:
e  = Exit Script [?]

E:Option ==> peer help

    peer help                                                               - This text
    peer                                                                    - Show ALL Peers in database
    peer peer_name                                                          - Show Peer in database or for details e.g peer wg21 config
    peer peer_name {cmd {options} }                                         - Action the command against the Peer
    peer peer_name del                                                      - Delete the Peer from the database and all of its files *.conf, *.key
    peer peer_name ip=xxx.xxx.xxx.xxx                                       - Change the Peer VPN Pool IP
    peer category                                                           - Show Peer categories in database
    peer peer_name category [category_name {del | add peer_name[...]} ]     - Create a new category with 3 Peers e.g. peer category GroupA add wg17 wg99 wg11
    peer new [peer_name [options]]                                          - Create new server Peer e.g. peer new wg27 ip=10.50.99.1/24 port=12345
    peer peer_name [del|add] ipset {ipset_name[...]}                        - Selectively Route IPSets e.g. peer wg13 add ipset NetFlix Hulu
    peer peer_name {rule [del {id_num} |add [wan] rule_def]}                - Manage Policy rules e.g. peer wg13 rule add 172.16.1.0/24 comment All LAN
                                                                                     peer wg13 rule add wan 52.97.133.162 comment smtp.office365.com
                                                                                     peer wg13 rule add wan 172.16.1.100 9.9.9.9 comment Quad9 DNS
    peer serv_peer_name {passthru client_peer {[add|del] [device|IP/CIDR]}} - Manage passthu' rules for inbound 'server' peer devices/IPs/CIDR outbound via 'client' peer tunnel
                                                                                     peer wg21 passthru add wg11 SGS8
                                                                                     peer wg21 passthru add wg15 all
                                                                                     peer wg21 passthru add wg12 10.100.100.0/27

Also once it is installed and I close the shh session how to I get back to the options? Sorry I wasn't able to figure it out.
Use SSH command
Code:
wgm
 

Chewie420

Regular Contributor
No it doesn't work with the GUI VPN director, you need to set the subnets using the wireguard_manger peer command

e.g. see the peer command help / examples
Code:
e  = Exit Script [?]

E:Option ==> peer help

    peer help                                                               - This text
    peer                                                                    - Show ALL Peers in database
    peer peer_name                                                          - Show Peer in database or for details e.g peer wg21 config
    peer peer_name {cmd {options} }                                         - Action the command against the Peer
    peer peer_name del                                                      - Delete the Peer from the database and all of its files *.conf, *.key
    peer peer_name ip=xxx.xxx.xxx.xxx                                       - Change the Peer VPN Pool IP
    peer category                                                           - Show Peer categories in database
    peer peer_name category [category_name {del | add peer_name[...]} ]     - Create a new category with 3 Peers e.g. peer category GroupA add wg17 wg99 wg11
    peer new [peer_name [options]]                                          - Create new server Peer e.g. peer new wg27 ip=10.50.99.1/24 port=12345
    peer peer_name [del|add] ipset {ipset_name[...]}                        - Selectively Route IPSets e.g. peer wg13 add ipset NetFlix Hulu
    peer peer_name {rule [del {id_num} |add [wan] rule_def]}                - Manage Policy rules e.g. peer wg13 rule add 172.16.1.0/24 comment All LAN
                                                                                     peer wg13 rule add wan 52.97.133.162 comment smtp.office365.com
                                                                                     peer wg13 rule add wan 172.16.1.100 9.9.9.9 comment Quad9 DNS
    peer serv_peer_name {passthru client_peer {[add|del] [device|IP/CIDR]}} - Manage passthu' rules for inbound 'server' peer devices/IPs/CIDR outbound via 'client' peer tunnel
                                                                                     peer wg21 passthru add wg11 SGS8
                                                                                     peer wg21 passthru add wg15 all
                                                                                     peer wg21 passthru add wg12 10.100.100.0/27


Use SSH command
Code:
wgm
Thanks so much for the help I am affraid this might be too complex for me. I will keep looking into it but I still am trying to import the cert that I have downloaded from Torguard and have an USB drive attached to router. lol
 

Martineau

Part of the Furniture
Thanks so much for the help I am affraid this might be too complex for me. I will keep looking into it but I still am trying to import the cert that I have downloaded from Torguard and have an USB drive attached to router. lol
If you have downloaded the WireGuard .conf file created by Torguard then you need to use the wireguard_manager import command

Code:
E:Option ==> import ?

     Available Peer Configs for import:

Torguard.conf
Code:
import Torguard.conf

If the Torguard .config isn't in '/opt/etc/wireguard.d/' then either copy it there or specify the full pathname for the import command
Code:
import /pathname_to_directory/Torguard.conf
and the script should create the Torguard 'client' Peer to allow you to start it
Code:
e  = Exit Script [?]

E:Option ==> start wg11
 

Chewie420

Regular Contributor
If you have downloaded the WireGuard .conf file created by Torguard then you need to use the wireguard_manager import command

Code:
E:Option ==> import ?

     Available Peer Configs for import:

Torguard.conf
Code:
import Torguard.conf

If the Torguard .config isn't in '/opt/etc/wireguard.d/' then either copy it there or specify the full pathname for the import command
Code:
import /pathname_to_directory/Torguard.conf
and the script should create the Torguard 'client' Peer to allow you to start it
Code:
e  = Exit Script [?]

E:Option ==> start wg11
Ok config has been successfully imported. tried starting but got an error. Oh not thought I had it.

ERR: bdmf_attrelem_add_as_num#4276: system: status:No resources. attribute:ipv4_host_address_table index:0 value:171049217
 

Martineau

Part of the Furniture
Ok config has been successfully imported. tried starting but got an error. Oh not thought I had it.

ERR: bdmf_attrelem_add_as_num#4276: system: status:No resources. attribute:ipv4_host_address_table index:0 value:171049217
As usual, you could always try a reboot, then retry starting the Torguard 'client' Peer.

Otherwise if it still fails, issue
Code:
e  = Exit Script [?]

E:Option ==> ?
Code:
e  = Exit Script [?]

E:Option ==> diag
and you can obfuscate sensitive info such as your WAN IP (if it is shown) and any Private Key info BEFORE either posting here or PMing me.

FYI It might be prudent to move this/further discussions to the appropriate RMerlin Addons thread

 
Last edited:

Chewie420

Regular Contributor
Ok getting closer I can't thank you enough. So I have rebooted and the server started.

wireguard-server1: Initialisation complete.

I have disconnected my OpenVPN in GUI but when I go to what is my IP.com it still shows my ISP IP.
 

Chewie420

Regular Contributor
Ok I now have the server and client started but still showing my ISP IP when I got to whatismyip.com

E:Option ==> diag

WireGuard VPN Peer Status
interface: wg21
public key: rD...
private key: (hidden)
listening port: 51820

interface: wg11
public key: SM....
private key: (hidden)
listening port: 51820

peer: R.
endpoint: 192.252.213.114:1443
allowed ips: 0.0.0.0/0
persistent keepalive: every 25 seconds

WireGuard VPN Peers

Peers (Auto=P - Policy, Auto=X - External i.e. Cell/Mobile)
Server Auto Subnet Port Annotate
wg21 Y 10.50.1.1/24 51820 # RT-AX88U Server #1

Client Auto IP Endpoint DNS MTU Annotate
wg11 N 10.13.53.185/24 192.252.213.114:1443 9.9.9.9.9 1412 # TorGuard WireGuard Config


DEBUG: Routing info MTU etc.

33: wg21: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
link/none
inet 10.50.1.1/24 scope global wg21
valid_lft forever preferred_lft forever
35: wg11: <POINTOPOINT,NOARP> mtu 1420 qdisc noop state DOWN group default qlen 1000
link/none
inet 10.13.53.185/24 scope global wg11
valid_lft forever preferred_lft forever

DEBUG: Routing Table main

10.50.1.0/24 dev wg21 proto kernel scope link src 10.50.1.1

DEBUG: RPDB rules

0: from all lookup local
9810: from all fwmark 0xd2 lookup 210
10010: from 192.168.5.103 lookup main
10011: from 192.168.5.109 lookup main
10012: from 192.168.56.0/24 lookup main
10210: from 192.168.24.0/24 lookup ovpnc1
10211: from 192.168.224.0/24 lookup ovpnc1
10212: from 192.168.50.0/24 lookup ovpnc1
10213: from 192.168.55.0/24 lookup ovpnc1
10214: from 192.168.5.0/24 lookup ovpnc1
10215: from 192.168.24.0/24 lookup ovpnc1
10216: from 192.168.224.0/24 lookup ovpnc1
10217: from 192.168.50.0/24 lookup ovpnc1
10218: from 192.168.55.0/24 lookup ovpnc1
32766: from all lookup main
32767: from all lookup default

DEBUG: Routing Table 121 (wg11) # TorGuard WireGuard Config

192.168.5.0/24 dev br0 proto kernel scope link src 192.168.5.1

DEBUG: Netstat

Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
10.50.1.0 0.0.0.0 255.255.255.0 U 0 0 0 wg21

DEBUG: UDP sockets.

udp 0 0 0.0.0.0:51820 0.0.0.0:* -
udp 0 0 :::51820 :::* -

DEBUG: Firewall rules


DEBUG: -t filter

Chain FORWARD (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT all -- * wg21 0.0.0.0/0 0.0.0.0/0 /* WireGuard 'server' */
2 0 0 ACCEPT all -- wg21 * 0.0.0.0/0 0.0.0.0/0 /* WireGuard 'server' */

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT all -- wg21 * 0.0.0.0/0 0.0.0.0/0 /* WireGuard 'server' */
2 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:51820 /* WireGuard 'server' */

Chain OUTPUT (policy ACCEPT 88940 packets, 25M bytes)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT all -- * wg21 0.0.0.0/0 0.0.0.0/0 /* WireGuard 'server' */

DEBUG: -t nat

Chain PREROUTING (policy ACCEPT 5432 packets, 951K bytes)
num pkts bytes target prot opt in out source destination
1 334 23749 WGDNS1 udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 /* WireGuard 'client1 DNS' */
2 0 0 WGDNS1 tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 /* WireGuard 'client1 DNS' */
3 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:51820 /* WireGuard 'server' */

Chain POSTROUTING (policy ACCEPT 1204 packets, 91965 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 MASQUERADE all -- * wg11 192.168.5.0/24 0.0.0.0/0 /* WireGuard 'client' */

Chain WGDNS1 (2 references)
num pkts bytes target prot opt in out source destination
1 90 6134 DNAT all -- * * 192.168.5.0/24 0.0.0.0/0 /* WireGuard 'client1 DNS' */ to:1.1.1.1

DEBUG: -t mangle

Chain FORWARD (policy ACCEPT 8169 packets, 1132K bytes)
num pkts bytes target prot opt in out source destination
1 0 0 MARK all -- * wg11 0.0.0.0/0 0.0.0.0/0 /* WireGuard 'client' */ MARK xset 0x1/0x7
2 0 0 TCPMSS tcp -- wg11 * 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x06/0x02 /* WireGuard 'client' */ TCPMSS clamp to PMTU
3 0 0 TCPMSS tcp -- * wg11 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x06/0x02 /* WireGuard 'client' */ TCPMSS clamp to PMTU
4 0 0 MARK all -- * wg21 0.0.0.0/0 0.0.0.0/0 /* WireGuard 'server' */ MARK xset 0x1/0x7
5 0 0 TCPMSS tcp -- wg21 * 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x06/0x02 /* WireGuard 'server' */ TCPMSS clamp to PMTU
6 0 0 TCPMSS tcp -- * wg21 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x06/0x02 /* WireGuard 'server' */ TCPMSS clamp to PMTU

Chain PREROUTING (policy ACCEPT 22812 packets, 3591K bytes)
num pkts bytes target prot opt in out source destination
1 0 0 MARK all -- wg11 * 0.0.0.0/0 0.0.0.0/0 /* WireGuard 'client' */ MARK xset 0x1/0x7
2 0 0 MARK all -- wg21 * 0.0.0.0/0 0.0.0.0/0 /* WireGuard 'server' */ MARK xset 0x1/0x7


Use command 'diag sql [ table_name ]' to see the SQL data (might be many lines!)

Valid SQL Database tables: clients fwmark passthru servers traffic
devices ipset policy session

e.g. diag sql traffic will show the traffic stats SQL table


WireGuard ACTIVE Peer Status: Clients 1, Servers 1
 

Chewie420

Regular Contributor
Router RT-AX88U Firmware (v3.0.0.4.384.18_0)

[✔] Entware Architecture arch=aarch64


v4.12 WireGuard Session Manager (Change Log: https://github.com/MartineauUK/wireguard/commits/main/wg_manager.sh)
MD5=c9a6b7d4cb671b32e971dcae99b57c8d /jffs/addons/wireguard/wg_manager.sh



[✔] WireGuard Module LOADED Tue Dec 14 08:48:18 EST 2021

MD5=38054ddf88fb9b455646fb68d94e13ef wireguard-kernel_1.0.20210606-k51_1_aarch64-3.10.ipk
MD5=3c3fef331578bcd20714a148b96257f8 wireguard-tools_1.0.20210914-1_aarch64-3.10.ipk

[✔] DNSmasq is listening on ALL WireGuard interfaces 'wg*'

[✔] firewall-start is monitoring WireGuard Firewall rules

[✖] WAN KILL-Switch is DISABLED (use 'vx' command for info)
[✖] UDP monitor is DISABLED

[ℹ ] Reverse Path Filtering DISABLED

[ℹ ] Speedtest quick link https://fast.com/en/gb/

[✔] Statistics gathering is ENABLED

WireGuard ACTIVE Peer Status: Clients 1, Servers 1
 

Martineau

Part of the Furniture
Ok I now have the server and client started but still showing my ISP IP when I got to whatismyip.com

E:Option ==> diag

WireGuard VPN Peer Status
interface: wg21
public key: rD...
private key: (hidden)
listening port: 51820

interface: wg11
public key: SM....
private key: (hidden)
listening port: 51820

peer: R.
endpoint: 192.252.213.114:1443
allowed ips: 0.0.0.0/0
persistent keepalive: every 25 seconds

WireGuard VPN Peers

Peers (Auto=P - Policy, Auto=X - External i.e. Cell/Mobile)
Server Auto Subnet Port Annotate
wg21 Y 10.50.1.1/24 51820 # RT-AX88U Server #1

Client Auto IP Endpoint DNS MTU Annotate
wg11 N 10.13.53.185/24 192.252.213.114:1443 9.9.9.9.9 1412 # TorGuard WireGuard Config


DEBUG: Routing info MTU etc.

33: wg21: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
link/none
inet 10.50.1.1/24 scope global wg21
valid_lft forever preferred_lft forever
35: wg11: <POINTOPOINT,NOARP> mtu 1420 qdisc noop state DOWN group default qlen 1000
link/none
inet 10.13.53.185/24 scope global wg11
valid_lft forever preferred_lft forever

DEBUG: Routing Table main

10.50.1.0/24 dev wg21 proto kernel scope link src 10.50.1.1

DEBUG: RPDB rules

0: from all lookup local
9810: from all fwmark 0xd2 lookup 210
10010: from 192.168.5.103 lookup main
10011: from 192.168.5.109 lookup main
10012: from 192.168.56.0/24 lookup main
10210: from 192.168.24.0/24 lookup ovpnc1
10211: from 192.168.224.0/24 lookup ovpnc1
10212: from 192.168.50.0/24 lookup ovpnc1
10213: from 192.168.55.0/24 lookup ovpnc1
10214: from 192.168.5.0/24 lookup ovpnc1
10215: from 192.168.24.0/24 lookup ovpnc1
10216: from 192.168.224.0/24 lookup ovpnc1
10217: from 192.168.50.0/24 lookup ovpnc1
10218: from 192.168.55.0/24 lookup ovpnc1
32766: from all lookup main
32767: from all lookup default

DEBUG: Routing Table 121 (wg11) # TorGuard WireGuard Config

192.168.5.0/24 dev br0 proto kernel scope link src 192.168.5.1

DEBUG: Netstat

Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
10.50.1.0 0.0.0.0 255.255.255.0 U 0 0 0 wg21

DEBUG: UDP sockets.

udp 0 0 0.0.0.0:51820 0.0.0.0:* -
udp 0 0 :::51820 :::* -

DEBUG: Firewall rules


DEBUG: -t filter

Chain FORWARD (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT all -- * wg21 0.0.0.0/0 0.0.0.0/0 /* WireGuard 'server' */
2 0 0 ACCEPT all -- wg21 * 0.0.0.0/0 0.0.0.0/0 /* WireGuard 'server' */

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT all -- wg21 * 0.0.0.0/0 0.0.0.0/0 /* WireGuard 'server' */
2 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:51820 /* WireGuard 'server' */

Chain OUTPUT (policy ACCEPT 88940 packets, 25M bytes)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT all -- * wg21 0.0.0.0/0 0.0.0.0/0 /* WireGuard 'server' */

DEBUG: -t nat

Chain PREROUTING (policy ACCEPT 5432 packets, 951K bytes)
num pkts bytes target prot opt in out source destination
1 334 23749 WGDNS1 udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 /* WireGuard 'client1 DNS' */
2 0 0 WGDNS1 tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 /* WireGuard 'client1 DNS' */
3 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:51820 /* WireGuard 'server' */

Chain POSTROUTING (policy ACCEPT 1204 packets, 91965 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 MASQUERADE all -- * wg11 192.168.5.0/24 0.0.0.0/0 /* WireGuard 'client' */

Chain WGDNS1 (2 references)
num pkts bytes target prot opt in out source destination
1 90 6134 DNAT all -- * * 192.168.5.0/24 0.0.0.0/0 /* WireGuard 'client1 DNS' */ to:1.1.1.1

DEBUG: -t mangle

Chain FORWARD (policy ACCEPT 8169 packets, 1132K bytes)
num pkts bytes target prot opt in out source destination
1 0 0 MARK all -- * wg11 0.0.0.0/0 0.0.0.0/0 /* WireGuard 'client' */ MARK xset 0x1/0x7
2 0 0 TCPMSS tcp -- wg11 * 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x06/0x02 /* WireGuard 'client' */ TCPMSS clamp to PMTU
3 0 0 TCPMSS tcp -- * wg11 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x06/0x02 /* WireGuard 'client' */ TCPMSS clamp to PMTU
4 0 0 MARK all -- * wg21 0.0.0.0/0 0.0.0.0/0 /* WireGuard 'server' */ MARK xset 0x1/0x7
5 0 0 TCPMSS tcp -- wg21 * 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x06/0x02 /* WireGuard 'server' */ TCPMSS clamp to PMTU
6 0 0 TCPMSS tcp -- * wg21 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x06/0x02 /* WireGuard 'server' */ TCPMSS clamp to PMTU

Chain PREROUTING (policy ACCEPT 22812 packets, 3591K bytes)
num pkts bytes target prot opt in out source destination
1 0 0 MARK all -- wg11 * 0.0.0.0/0 0.0.0.0/0 /* WireGuard 'client' */ MARK xset 0x1/0x7
2 0 0 MARK all -- wg21 * 0.0.0.0/0 0.0.0.0/0 /* WireGuard 'server' */ MARK xset 0x1/0x7


Use command 'diag sql [ table_name ]' to see the SQL data (might be many lines!)

Valid SQL Database tables: clients fwmark passthru servers traffic
devices ipset policy session

e.g. diag sql traffic will show the traffic stats SQL table


WireGuard ACTIVE Peer Status: Clients 1, Servers 1
DO NOT POST IN THIS FORUM

PLEASE MOVE YOUR ISSUES TO THE APPROPRIATE ASUSWRT-MERLIN wireguard_manager ADDONS THREAD

 
Last edited:

RMerlin

Asuswrt-Merlin dev
What if I started a Go Fund Me for you?
It`s not a matter of money, it's a matter of spare time. I am the sole developer on this project, my time is already used elsewhere.

Beside, people just need to be patient. Asus has already developed an implementation, but it's still in beta.
Seeing my connection frop rom 500+ mbps to under 200 mbps when connected really shows me how outdated OpenVPN is. I heard it is only a single threaded application and that is why it is slow.
The main reason why it`s slower than Wireguard is because it's a userspace implementation, while Wireguard is in kernel space. OpenVPN is also far more flexible than Wireguard.

However, OpenVPN is compatible with NAT acceleration, while Wireguard is not. That means if you use Wireguard on an Asus router, your router will no longer be able to reach 500 Mbps outside of the tunnel. The Wireguard throughput will be closer to 250-300 Mbps, and the non-VPN traffic will be closer to 400 Mbps.
 

Chewie420

Regular Contributor
It`s not a matter of money, it's a matter of spare time. I am the sole developer on this project, my time is already used elsewhere.

Beside, people just need to be patient. Asus has already developed an implementation, but it's still in beta.

The main reason why it`s slower than Wireguard is because it's a userspace implementation, while Wireguard is in kernel space. OpenVPN is also far more flexible than Wireguard.

However, OpenVPN is compatible with NAT acceleration, while Wireguard is not. That means if you use Wireguard on an Asus router, your router will no longer be able to reach 500 Mbps outside of the tunnel. The Wireguard throughput will be closer to 250-300 Mbps, and the non-VPN traffic will be closer to 400 Mbps.
Thanks so much for the info and your time for all you do on the project. You know a lot more than I do so I am sure you know what is best for Merlin and what should be implemented.

Most of my devices I want to connect to my torguard VPN and the ones I don't I am ok with 400 Mbps and not 500.
It would be nice to go from 185 Mbps to 300 if possible for my devices but I will work on the options that are currently available to me.

Thanks again for you time and replying!
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top