Wireguard Session Manager (4th) thread

chongnt

Very Senior Member
I had internet outage yesterday. Upon service restored, I was not able to dial-in remotely and noticed some iptables rules are missing. I have to restart wg server to get it working again. Is this expected?

This is the rules after WAN disconnect/reconnect:
Code:
[email protected]:/jffs/addons/wireguard/Scripts# iptables -vnL FORWARD | grep wg
    0     0 WGM_ACL_F  all  --  wg+    *       0.0.0.0/0            0.0.0.0/0            /* Wireguard ACL */

This is the rules after manually restart wg22:
Code:
[email protected]:/jffs/addons/wireguard/Scripts# iptables -vnL FORWARD | grep wg
    0     0 ACCEPT     all  --  wg22   *       0.0.0.0/0            0.0.0.0/0            /* WireGuard 'server clients' to LAN */
    0     0 WGM_ACL_F  all  --  wg+    *       0.0.0.0/0            0.0.0.0/0            /* Wireguard ACL */
    0     0 ACCEPT     all  --  br0    wg22    0.0.0.0/0            0.0.0.0/0            /* LAN to WireGuard 'server clients' */
    0     0 ACCEPT     all  --  wg22   *       0.0.0.0/0            0.0.0.0/0            /* WireGuard 'server' */
 

Martineau

Part of the Furniture
I had internet outage yesterday. Upon service restored, I was not able to dial-in remotely and noticed some iptables rules are missing. I have to restart wg server to get it working again. Is this expected?

This is the rules after WAN disconnect/reconnect:
Code:
[email protected]:/jffs/addons/wireguard/Scripts# iptables -vnL FORWARD | grep wg
    0     0 WGM_ACL_F  all  --  wg+    *       0.0.0.0/0            0.0.0.0/0            /* Wireguard ACL */

This is the rules after manually restart wg22:
Code:
[email protected]:/jffs/addons/wireguard/Scripts# iptables -vnL FORWARD | grep wg
    0     0 ACCEPT     all  --  wg22   *       0.0.0.0/0            0.0.0.0/0            /* WireGuard 'server clients' to LAN */
    0     0 WGM_ACL_F  all  --  wg+    *       0.0.0.0/0            0.0.0.0/0            /* Wireguard ACL */
    0     0 ACCEPT     all  --  br0    wg22    0.0.0.0/0            0.0.0.0/0            /* LAN to WireGuard 'server clients' */
    0     0 ACCEPT     all  --  wg22   *       0.0.0.0/0            0.0.0.0/0            /* WireGuard 'server' */
As a quick'n'dirty test...

Pulling WAN cable...
Code:
Nov  8 13:20:16 RT-AX86U kernel: eth0 (Int switch port: 3) (Logical Port: 3) (phyId: c) Link DOWN.
Nov  8 13:20:16 RT-AX86U kernel: ===> Activate Deep Green Mode
Nov  8 13:20:16 RT-AX86U kernel: bcmswlpbk0 (Ext switch port: 8) (Logical Port: 8) Virtual link DOWN
Nov  8 13:20:22 RT-AX86U WAN_Connection: WAN(0) link down.

then reinserting.... to see the effects on my wg21 server
Code:
Nov  8 13:21:57 RT-AX86U WAN_Connection: WAN(0) link up.

Nov  8 13:21:57 RT-AX86U rc_service: wanduck 1435:notify_rc restart_wan_if 0
Nov  8 13:21:57 RT-AX86U custom_script: Running /jffs/scripts/service-event (args: restart wan_if)
Nov  8 13:21:57 RT-AX86U custom_script: Running /jffs/scripts/wan-event (args: 0 stopping)
Nov  8 13:21:57 RT-AX86U ovpn-server1[2933]: event_wait : Interrupted system call (code=4)
Nov  8 13:21:57 RT-AX86U ovpn-server1[2933]: Closing TUN/TAP interface
Nov  8 13:21:57 RT-AX86U ovpn-server1[2933]: /usr/sbin/ip addr del dev tun21 10.8.0.1/24
Nov  8 13:21:57 RT-AX86U ovpn-server1[2933]: ovpn-down 1 server tun21 1500 1621 10.8.0.1 255.255.255.0 init
Nov  8 13:21:57 RT-AX86U ovpn-server1[2933]: PLUGIN_CLOSE: /usr/lib/openvpn-plugin-auth-pam.so
Nov  8 13:21:57 RT-AX86U ovpn-server1[2933]: PLUGIN AUTH-PAM: Error signaling background process to exit: Connection refused (errno=111)
Nov  8 13:21:57 RT-AX86U ovpn-server1[2933]: SIGTERM[hard,] received, process exiting
Nov  8 13:21:57 RT-AX86U custom_script: Running /jffs/scripts/wan-event (args: 0 disconnected)
Nov  8 13:21:57 RT-AX86U dnsmasq[3121]: read /etc/ hosts - 6 addresses
Nov  8 13:21:57 RT-AX86U custom_script: Running /jffs/scripts/wan-event (args: 0 stopped)
Nov  8 13:21:57 RT-AX86U dnsmasq[3121]: using nameserver 192.168.0.1#53 for domain Home
Nov  8 13:21:57 RT-AX86U dnsmasq[3121]: using nameserver 192.168.0.1#53
Nov  8 13:21:57 RT-AX86U dnsmasq[3121]: using only locally-known addresses for domain Testing.lan
Nov  8 13:21:57 RT-AX86U custom_script: Running /jffs/scripts/wan-event (args: 0 stopped)
Nov  8 13:21:57 RT-AX86U custom_script: Running /jffs/scripts/wan-event (args: 0 init)
Nov  8 13:21:57 RT-AX86U custom_script: Running /jffs/scripts/wan-event (args: 0 connecting)
Nov  8 13:21:57 RT-AX86U custom_script: Running /jffs/scripts/service-event-end (args: restart wan_if)
Nov  8 13:21:57 RT-AX86U custom_script: Running /jffs/scripts/wan-event (args: 0 disconnected)
Nov  8 13:21:57 RT-AX86U dnsmasq[3121]: read /etc/ hosts - 6 addresses
Nov  8 13:21:57 RT-AX86U dnsmasq[3121]: using only locally-known addresses for domain Testing.lan
Nov  8 13:21:57 RT-AX86U custom_script: Running /jffs/scripts/wan-event (args: 0 stopped)
Nov  8 13:22:01 RT-AX86U custom_script: Running /jffs/scripts/wan-event (args: 0 connected)
Nov  8 13:22:01 RT-AX86U custom_script: Running /jffs/scripts/firewall-start (args: eth0)
Nov  8 13:22:01 RT-AX86U dnsmasq[3121]: read /etc/ hosts - 6 addresses
Nov  8 13:22:01 RT-AX86U dnsmasq[3121]: using nameserver 192.168.0.1#53 for domain Home
Nov  8 13:22:01 RT-AX86U dnsmasq[3121]: using nameserver 192.168.0.1#53
Nov  8 13:22:01 RT-AX86U dnsmasq[3121]: using only locally-known addresses for domain Testing.lan
Nov  8 13:22:01 RT-AX86U (wg_firewall): 4410 Checking if WireGuard® VPN Peer KILL-Switch is required.....
Nov  8 13:22:01 RT-AX86U (wg_firewall): 4410 Restarting WireGuard® to reinstate RPDB/firewall rules
Nov  8 13:22:01 RT-AX86U wan: finish adding multi routes
Nov  8 13:22:01 RT-AX86U vpndirector: Routing ALL to WG1 from 192.168.55.0/24 to any through wgc1
Nov  8 13:22:01 RT-AX86U (wg_manager.sh): 4440 v4.19b4 Requesting WireGuard® VPN Peer stop (wg21)
Nov  8 13:22:01 RT-AX86U dnsmasq[3121]: read /etc/ hosts - 6 addresses
Nov  8 13:22:01 RT-AX86U dnsmasq[3121]: using nameserver 192.168.0.1#53 for domain Home
Nov  8 13:22:01 RT-AX86U dnsmasq[3121]: using nameserver 192.168.0.1#53
Nov  8 13:22:01 RT-AX86U dnsmasq[3121]: using only locally-known addresses for domain Testing.lan
Nov  8 13:22:01 RT-AX86U (wg_manager.sh): 4440 v4.19b4 Requesting termination of WireGuard® VPN 'server' Peer ('wg21')
Nov  8 13:22:01 RT-AX86U WireGuard: Stopping client 1.
Nov  8 13:22:01 RT-AX86U vpndirector: Routing ALL to WG1 from 192.168.55.0/24 to any through wgc1
Nov  8 13:22:01 RT-AX86U wireguard: Forcing 192.168.55.0/24 to use DNS server 1.1.1.1 for WGC1
Nov  8 13:22:01 RT-AX86U dnsmasq[3121]: read /etc/ hosts - 6 addresses
Nov  8 13:22:01 RT-AX86U dnsmasq[3121]: using nameserver 192.168.0.1#53 for domain Home
Nov  8 13:22:01 RT-AX86U dnsmasq[3121]: using nameserver 192.168.0.1#53
Nov  8 13:22:01 RT-AX86U dnsmasq[3121]: using only locally-known addresses for domain Testing.lan
Nov  8 13:22:01 RT-AX86U WireGuard: Starting client 1.
Nov  8 13:22:01 RT-AX86U miniupnpd[2882]: shutting down MiniUPnPd
Nov  8 13:22:01 RT-AX86U wg_manager-serverwg21: WireGuard® VPN 'server' Peer (wg21) on 10.50.1.1:51820 Terminated

Nov  8 13:22:02 RT-AX86U (wg_manager.sh): 4440 Broadcom Packet Flow Cache learning via BLOG (Flow Cache) ENABLED

Nov  8 13:22:02 RT-AX86U (wg_manager.sh): 5013 v4.19b4 Requesting WireGuard® VPN Peer start (wg21)
Nov  8 13:22:02 RT-AX86U (wg_manager.sh): 5013 v4.19b4 Initialising Wireguard® VPN 'server' Peer (wg21)
Nov  8 13:22:02 RT-AX86U wg_manager-serverwg21: Initialising WireGuard® VPN 'Server' Peer (wg21) on 10.50.1.1:51820

Nov  8 13:22:02 RT-AX86U WAN_Connection: WAN was restored.
and my server wg21 was automatically bounced/restarted when the WAN was restored.

So although I have added a few minor cosmetic wg_manager v4.19b4 tweaks for Firmware v388.1Beta, providing your server (wg22) has auto=y then the server should be restarted by script '/jffs/addons/wireguard/wg_firewall to fully reinstate the necessary firewall rules.
 
Last edited:

chongnt

Very Senior Member
As a quick'n'dirty test...

and my server wg21 was automatically bounced/restarted when the WAN was restored.

So although I have added a few minor cosmetic wg_manager v4.19b4 tweaks for Firmware v388.1Beta, providing your server (wg22) has auto=y then the server should be restarted by script '/jffs/addons/wireguard/wg_firewall to fully reinstate the necessary firewall rules.
Thanks @Martineau for testing it out.
I retest again too, here is what I observed:
1. Once WAN is down, the rules are still intact.
Code:
Every 1s: clear; date;  iptables -vnL FORWARD | grep wg                                                                                                     2022-11-08 22:55:00
Tue Nov  8 22:55:00 MYT 2022
    0     0 ACCEPT     all  --  wg22   *       0.0.0.0/0            0.0.0.0/0            /* WireGuard 'server clients' to LAN */
    0     0 ACCEPT     all  --  wg21   *       0.0.0.0/0            0.0.0.0/0            /* WireGuard 'server clients' to LAN */
    0     0 WGM_ACL_F  all  --  wg+    *       0.0.0.0/0            0.0.0.0/0            /* Wireguard ACL */
    0     0 ACCEPT     all  --  br0    wg22    0.0.0.0/0            0.0.0.0/0            /* LAN to WireGuard 'server clients' */
    0     0 ACCEPT     all  --  wg22   *       0.0.0.0/0            0.0.0.0/0            /* WireGuard 'server' */
    0     0 ACCEPT     all  --  br0    wg21    0.0.0.0/0            0.0.0.0/0            /* LAN to WireGuard 'server clients' */
    0     0 ACCEPT     all  --  wg21   *       0.0.0.0/0            0.0.0.0/0            /* WireGuard 'server' */

2. When WAN is started again, the rules are cleared.
Code:
Nov  8 22:55:00 RT-AC86U-DBA8 custom_script: Running /jffs/scripts/wan-event (args: 0 connected)
Nov  8 22:55:00 RT-AC86U-DBA8 custom_script: Running /jffs/scripts/wan-start (args: 0)
Nov  8 22:55:00 RT-AC86U-DBA8 wan-event: Started [0 connected]
Nov  8 22:55:00 RT-AC86U-DBA8 wan-start: Started [0]
Nov  8 22:55:00 RT-AC86U-DBA8 (wan-event): 534126 Script not defined for wan-event: wan0-connected
Nov  8 22:55:00 RT-AC86U-DBA8 wan-start: Completed [0]
Nov  8 22:55:00 RT-AC86U-DBA8 wan-event: Completed [0 connected]
Nov  8 22:55:00 RT-AC86U-DBA8 custom_script: Running /jffs/scripts/nat-start
Nov  8 22:55:00 RT-AC86U-DBA8 nat-start: Started []
Nov  8 22:55:00 RT-AC86U-DBA8 custom_script: Running /jffs/scripts/firewall-start (args: ppp0)
Nov  8 22:55:00 RT-AC86U-DBA8 firewall-start: Started [ppp0]

Code:
Every 1s: clear; date;  iptables -vnL FORWARD | grep wg                                                                                                     2022-11-08 22:55:01
Tue Nov  8 22:55:01 MYT 2022
Every 1s: clear; date;  iptables -vnL FORWARD | grep wg                                                                                                     2022-11-08 22:55:02
Tue Nov  8 22:55:02 MYT 2022
Every 1s: clear; date;  iptables -vnL FORWARD | grep wg                                                                                                     2022-11-08 22:55:03
Tue Nov  8 22:55:03 MYT 2022
Every 1s: clear; date;  iptables -vnL FORWARD | grep wg                                                                                                     2022-11-08 22:55:04
Tue Nov  8 22:55:04 MYT 2022
Every 1s: clear; date;  iptables -vnL FORWARD | grep wg                                                                                                     2022-11-08 22:55:05
Tue Nov  8 22:55:05 MYT 2022
Every 1s: clear; date;  iptables -vnL FORWARD | grep wg                                                                                                     2022-11-08 22:55:06
Tue Nov  8 22:55:06 MYT 2022

3. wg21 started, rules added
Nov 8 22:55:07 RT-AC86U-DBA8 wg21-up.sh: Executing Event:wgvpn-server wg21 up
Code:
Every 1s: clear; date;  iptables -vnL FORWARD | grep wg                                                                                                     2022-11-08 22:55:07
Tue Nov  8 22:55:07 MYT 2022
    0     0 ACCEPT     all  --  wg21   *       0.0.0.0/0            0.0.0.0/0            /* WireGuard 'server clients' to LAN */
    0     0 WGM_ACL_F  all  --  wg+    *       0.0.0.0/0            0.0.0.0/0            /* Wireguard ACL */
    0     0 ACCEPT     all  --  br0    wg21    0.0.0.0/0            0.0.0.0/0            /* LAN to WireGuard 'server clients' */
    0     0 ACCEPT     all  --  wg21   *       0.0.0.0/0            0.0.0.0/0            /* WireGuard 'server' */

4. wg22 started, rules started
Nov 8 22:55:07 RT-AC86U-DBA8 wg22-up.sh: Executing Event:wgvpn-server wg22 up
Code:
Every 1s: clear; date;  iptables -vnL FORWARD | grep wg                                                                                                     2022-11-08 22:55:08
Tue Nov  8 22:55:08 MYT 2022
    0     0 ACCEPT     all  --  wg22   *       0.0.0.0/0            0.0.0.0/0            /* WireGuard 'server clients' to LAN */
    0     0 ACCEPT     all  --  wg21   *       0.0.0.0/0            0.0.0.0/0            /* WireGuard 'server clients' to LAN */
    0     0 WGM_ACL_F  all  --  wg+    *       0.0.0.0/0            0.0.0.0/0            /* Wireguard ACL */
    0     0 ACCEPT     all  --  br0    wg22    0.0.0.0/0            0.0.0.0/0            /* LAN to WireGuard 'server clients' */
    0     0 ACCEPT     all  --  wg22   *       0.0.0.0/0            0.0.0.0/0            /* WireGuard 'server' */
    0     0 ACCEPT     all  --  br0    wg21    0.0.0.0/0            0.0.0.0/0            /* LAN to WireGuard 'server clients' */
    0     0 ACCEPT     all  --  wg21   *       0.0.0.0/0            0.0.0.0/0            /* WireGuard 'server' */
Everything is good until this point. All rules are restored properly.

However, the next second, all the rules get wiped. A few more seconds later, one rule is added.
Code:
Every 1s: clear; date;  iptables -vnL FORWARD | grep wg                                                                                                     2022-11-08 22:55:09
Tue Nov  8 22:55:09 MYT 2022
Every 1s: clear; date;  iptables -vnL FORWARD | grep wg                                                                                                     2022-11-08 22:55:10
Tue Nov  8 22:55:10 MYT 2022
Every 1s: clear; date;  iptables -vnL FORWARD | grep wg                                                                                                     2022-11-08 22:55:11
Tue Nov  8 22:55:11 MYT 2022
    0     0 WGM_ACL_F  all  --  wg+    *       0.0.0.0/0            0.0.0.0/0            /* Wireguard ACL */
Every 1s: clear; date;  iptables -vnL FORWARD | grep wg                                                                                                     2022-11-08 22:55:12
Tue Nov  8 22:55:12 MYT 2022
    0     0 WGM_ACL_F  all  --  wg+    *       0.0.0.0/0            0.0.0.0/0            /* Wireguard ACL */
Every 1s: clear; date;  iptables -vnL FORWARD | grep wg                                                                                                     2022-11-08 22:55:13
Tue Nov  8 22:55:13 MYT 2022
    0     0 WGM_ACL_F  all  --  wg+    *       0.0.0.0/0            0.0.0.0/0            /* Wireguard ACL */

Something happened around this time that cleared the rules.
Code:
Nov  8 22:55:07 RT-AC86U-DBA8 wg22-up.sh: Executing Event:wgvpn-server wg22 up
Nov  8 22:55:07 RT-AC86U-DBA8 wg_manager-serverwg22: Initialisation complete.
Nov  8 22:55:07 RT-AC86U-DBA8 wgvpn-server: WireGuard VPN Server 2 coming up ...
Nov  8 22:55:08 RT-AC86U-DBA8 (wg_manager.sh): 537778 v4.19b3 Initialising Wireguard® VPN 'client' Peer (wg11)
Nov  8 22:55:08 RT-AC86U-DBA8 wg_manager-clientwg11: Initialising WireGuard® VPN client Peer (wg11) in Policy Mode to x.x.x.x:51820 (# NordLynx xx 'client' (wg11))
Nov  8 22:55:08 RT-AC86U-DBA8 wg_manager-clientwg11: Adding WireGuard 'client' Peer route 192.168.1.251 through VPN 'client' Peer wg11
Nov  8 22:55:08 RT-AC86U-DBA8 wg_manager-clientwg11: Executing Event:wg11-up.sh
Nov  8 22:55:08 RT-AC86U-DBA8 wg11-up.sh: Executing Event:wgvpn-client wg11 up
Nov  8 22:55:08 RT-AC86U-DBA8 wgvpn-client: WireGuard VPN Client 1 coming up ...
Nov  8 22:55:08 RT-AC86U-DBA8 wg_manager-clientwg11: Initialisation complete.
Nov  8 22:55:09 RT-AC86U-DBA8 (wg_manager.sh): 537778 v4.19b3 Initialising Wireguard® VPN 'client' Peer (wg12)
Nov  8 22:55:09 RT-AC86U-DBA8 wg_manager-clientwg12: Initialising WireGuard® VPN client Peer (wg12) in Policy Mode to xx.xxx.xxx.xxx:51820 (# NordLynx xxx 'client' (wg12))
Nov  8 22:55:09 RT-AC86U-DBA8 wg_manager-clientwg12: Adding WireGuard 'client' Peer route 192.168.1.252 through VPN 'client' Peer wg12
Nov  8 22:55:09 RT-AC86U-DBA8 wg_manager-clientwg12: Executing Event:wg12-up.sh
Nov  8 22:55:09 RT-AC86U-DBA8 wg12-up.sh: Executing Event:wgvpn-client wg12 up
Nov  8 22:55:09 RT-AC86U-DBA8 custom_script: Running /jffs/scripts/nat-start
Nov  8 22:55:09 RT-AC86U-DBA8 wgvpn-client: WireGuard VPN Client 2 coming up ...
Nov  8 22:55:09 RT-AC86U-DBA8 nat-start: Started []
Nov  8 22:55:09 RT-AC86U-DBA8 nat-start: Add ip rule 9880 for main routing table
Nov  8 22:55:09 RT-AC86U-DBA8 custom_script: Running /jffs/scripts/firewall-start (args: ppp0)
Nov  8 22:55:09 RT-AC86U-DBA8 firewall-start: [ppp0] already run
Nov  8 22:55:09 RT-AC86U-DBA8 nat-start: Route IPSET beINSports through WAN
Nov  8 22:55:09 RT-AC86U-DBA8 zcip_client: configured 169.254.236.60
Nov  8 22:55:09 RT-AC86U-DBA8 nat-start: Route IPSET Netflix through WAN
Nov  8 22:55:10 RT-AC86U-DBA8 wg_manager-clientwg12: Initialisation complete.
 

chongnt

Very Senior Member
I think I know what happened. I added lock file to prevent firewall-start script re-run during startup. There was no problem during reboot or power cycle.
in this case, firewall-start run twice but the second run was blocked because the first run is not completed and lock file is not deleted at that time. I think the rules will be restored if firewall-start script is run again.
Code:
Nov  8 22:55:00 RT-AC86U-DBA8 custom_script: Running /jffs/scripts/firewall-start (args: ppp0)
Nov  8 22:55:00 RT-AC86U-DBA8 firewall-start: Started [ppp0]
Nov  8 22:55:09 RT-AC86U-DBA8 custom_script: Running /jffs/scripts/firewall-start (args: ppp0)
Nov  8 22:55:09 RT-AC86U-DBA8 firewall-start: [ppp0] already run
Nov  8 22:55:54 RT-AC86U-DBA8 firewall-start: Completed [ppp0]

Update: It works after remove the lock file. I put back the lock and added a 3 sec delay in firewall-start script. It seems to to work well during reboot, power cycle, and WAN disconnect/reconnect scenario.
 
Last edited:

ZebMcKayhan

Very Senior Member
in this case, firewall-start run twice but the second run was blocked because the first run is not completed and lock file is not deleted at that time.
So, was it some script error preventing the completion of firewall-start or just some issue with the lock-file removal part?
 

chongnt

Very Senior Member
So, was it some script error preventing the completion of firewall-start or just some issue with the lock-file removal part?
The issue is I don't know what is calling firewall-start. o_O . The lock file part is working as expected. I simply stop it from duplicate run concurrently.
I think the event sequence and timing is causing this behavior. When I remove the lock-file and simulate WAN disconnect/reconnect, firewall-start script will run twice. I can see wg connection come up, go down then up again. This works but I don't like to see such flap. Now I put back the lock-file and added 3 sec delay in firewall-start. All works fine without flap. Perhaps another alternative is use INITDELAY in WireguardVPN.conf.
 

juanantonio

Regular Contributor
Good night everyone.
I don't know if this is the correct thread to post my problem. In this case, feel free to move it.
Yesterday, I suffered from some type of corruption on my USB drive, which is hosting Entware and Wireguard Manager.
I unplugged it and ran e2fsck on my Debian Linux. After that, I tried to run my Wireguad Client with no luck. The error message I am receiving is as follows:

Code:
E:Option ==> start wg11

        Requesting WireGuard® VPN Peer start (wg11)

sqlite3: error while loading shared libraries: libsqlite3.so.0: wrong ELF class: ELFCLASS32
sqlite3: error while loading shared libraries: libsqlite3.so.0: wrong ELF class: ELFCLASS32
sqlite3: error while loading shared libraries: libsqlite3.so.0: wrong ELF class: ELFCLASS32
sqlite3: error while loading shared libraries: libsqlite3.so.0: wrong ELF class: ELFCLASS32
sqlite3: error while loading shared libraries: libsqlite3.so.0: wrong ELF class: ELFCLASS32
sqlite3: error while loading shared libraries: libsqlite3.so.0: wrong ELF class: ELFCLASS32

        ***ERROR: WireGuard 'client' doesn't have a LOCAL IP Address! - try 'peer wg11 ip=xxx.xxx.xxx.xxx/32'?


        WireGuard® ACTIVE Peer Status: Clients 0, Servers 0

Can someone help me, please? Thanks in advance.

Edit: Solved it myself, installing libsqlite3 and libedit with opkg

Bash:
opkg install libsqlite3
opkg install libedit

Edit: Well, I talked a little bit soon. Now I'm having this error:

Code:
Error: stepping, database disk image is malformed (11)
 
Last edited:

ZebMcKayhan

Very Senior Member
Good night everyone.
I don't know if this is the correct thread to post my problem. In this case, feel free to move it.
Yesterday, I suffered from some type of corruption on my USB drive, which is hosting Entware and Wireguard Manager.
I unplugged it and ran e2fsck on my Debian Linux. After that, I tried to run my Wireguad Client with no luck. The error message I am receiving is as follows:

Code:
E:Option ==> start wg11

        Requesting WireGuard® VPN Peer start (wg11)

sqlite3: error while loading shared libraries: libsqlite3.so.0: wrong ELF class: ELFCLASS32
sqlite3: error while loading shared libraries: libsqlite3.so.0: wrong ELF class: ELFCLASS32
sqlite3: error while loading shared libraries: libsqlite3.so.0: wrong ELF class: ELFCLASS32
sqlite3: error while loading shared libraries: libsqlite3.so.0: wrong ELF class: ELFCLASS32
sqlite3: error while loading shared libraries: libsqlite3.so.0: wrong ELF class: ELFCLASS32
sqlite3: error while loading shared libraries: libsqlite3.so.0: wrong ELF class: ELFCLASS32

        ***ERROR: WireGuard 'client' doesn't have a LOCAL IP Address! - try 'peer wg11 ip=xxx.xxx.xxx.xxx/32'?


        WireGuard® ACTIVE Peer Status: Clients 0, Servers 0

Can someone help me, please? Thanks in advance.
Perhaps time for a new usb drive and a fresh reinstall of everything?

If you would like to try to get this working try to remove and re-install sqlite3:
Code:
opkg remove sqlite3-cli
opkg install sqlite3-cli
But if your drive is damaged who knows what else is broken....
 

archiel

Senior Member
@Martineau @ZebMcKayhan Just upgraded to 388.1beta1. Everything went fine, only observation is that I am now using the default Wireguard Module, not the updated versions - possibly they will need to be updated to work with 388

Before
1668192444233.png

After
[✔] Entware Architecture arch=aarch64


v4.19b3 WireGuard® Session Manager (Change Log: https://github.com/MartineauUK/wireguard/commits/dev/wg_manager.sh)
MD5=6a21afc0337d8593ad8dd197800700d9 /jffs/addons/wireguard/wg_manager.sh

v4.17.9 (wg_client)
v4.17.1 (wg_server)

[✔] WireGuard® Kernel module/User Space Tools included in Firmware (1.0.20210124)


[✔] DNSmasq is listening on ALL WireGuard® interfaces 'wg*'


As I am running dual stack on the router, lan and Wireguard clients I am sticking with WGM as it seems far more configurable than using VPN Director.
 

ZebMcKayhan

Very Senior Member
@Martineau @ZebMcKayhan Just upgraded to 388.1beta1. Everything went fine, only observation is that I am now using the default Wireguard Module, not the updated versions - possibly they will need to be updated to work with 388

Before
View attachment 45376
After
[✔] Entware Architecture arch=aarch64


v4.19b3 WireGuard® Session Manager (Change Log: https://github.com/MartineauUK/wireguard/commits/dev/wg_manager.sh)
MD5=6a21afc0337d8593ad8dd197800700d9 /jffs/addons/wireguard/wg_manager.sh

v4.17.9 (wg_client)
v4.17.1 (wg_server)

[✔] WireGuard® Kernel module/User Space Tools included in Firmware (1.0.20210124)


[✔] DNSmasq is listening on ALL WireGuard® interfaces 'wg*'


As I am running dual stack on the router, lan and Wireguard clients I am sticking with WGM as it seems far more configurable than using VPN Director.
Have you checked vx so that Entware modules are still enabled?

What happens if you run loadmodules???
 
Last edited:

archiel

Senior Member
Have you checked vx so that Entware modules are still enabled?

What happens if you run loadmodules???
Solved - Thank you. Although wireguardVPN.conf had
# For Routers that include WireGuard Kernel/User Space tools, allow overriding with supported 3rd-Party/Entware versions
# Use command 'vx' to edit this setting.
USE_ENTWARE_KERNEL_MODULE
I needed to run
Code:
loadmodules
and after completing
Code:
Requesting WireGuard® VPN Peer stop (wg21 wg12 wg11)
Code:
Initialising WireGuard® module 'wireguard-kernel'
Installing wireguard-kernel (1.0.20220627-RT-AX88U) to root...
Configuring wireguard-kernel.
Initialising WireGuard® module 'wireguard-tools'
Installing wireguard-tools (1.0.20210914-1) to root...
Configuring wireguard-tools.
and now running
? = About Configuration
I can see
Code:
[✔] WireGuard® Module LOADED Sat Nov 12 00:14:51 GMT 2022

MD5=70a85a1bed5f6313add595e2a95423c4 wireguard-kernel_1.0.20220627-RT-AX88U_aarch64-3.10.ipk
MD5=3c3fef331578bcd20714a148b96257f8 wireguard-tools_1.0.20210914-1_aarch64-3.10.ipk

So need to note that after a dirty upgrade
Code:
loadmodules
needs to be re-run.
 

ZebMcKayhan

Very Senior Member
Solved - Thank you. Although wireguardVPN.conf had

I needed to run
Code:
loadmodules
and after completing
Code:
Requesting WireGuard® VPN Peer stop (wg21 wg12 wg11)
Code:
Initialising WireGuard® module 'wireguard-kernel'
Installing wireguard-kernel (1.0.20220627-RT-AX88U) to root...
Configuring wireguard-kernel.
Initialising WireGuard® module 'wireguard-tools'
Installing wireguard-tools (1.0.20210914-1) to root...
Configuring wireguard-tools.
and now running

I can see
Code:
[✔] WireGuard® Module LOADED Sat Nov 12 00:14:51 GMT 2022

MD5=70a85a1bed5f6313add595e2a95423c4 wireguard-kernel_1.0.20220627-RT-AX88U_aarch64-3.10.ipk
MD5=3c3fef331578bcd20714a148b96257f8 wireguard-tools_1.0.20210914-1_aarch64-3.10.ipk

So need to note that after a dirty upgrade
Code:
loadmodules
needs to be re-run.
Great! But after reboot are you back on firmware modules?
 

archiel

Senior Member
Great! But after reboot are you back on firmware modules?
Yes, and still on modules after upgrade this morning to 388 beta2, so it may just be an issue for the version jump (386 to 388).
 

juanantonio

Regular Contributor
Perhaps time for a new usb drive and a fresh reinstall of everything?

If you would like to try to get this working try to remove and re-install sqlite3:
Code:
opkg remove sqlite3-cli
opkg install sqlite3-cli
But if your drive is damaged who knows what else is broken....
Perhaps time for a new usb drive and a fresh reinstall of everything?

If you would like to try to get this working try to remove and re-install sqlite3:
Code:
opkg remove sqlite3-cli
opkg install sqlite3-cli
But if your drive is damaged who knows what else is broken....
Well, I did as @ZebMcKayhan said and replaced my USB stick for a new brand one.
I've spent last few days as expected, without issues, but now I'e encountered a problem.
My goal is to run a Wireguard server with passthru so my clients will be redirected to my VPN provider.
The problem is that server runs fine, I can connect all my clients, but at the moment I connect my client to VPN provider so the passthru have effect, my clients stop connecting to my server.
Can someone help me, please? I have tried many things, with no luck.
Thanks in advance.
 

ZebMcKayhan

Very Senior Member
Well, I did as @ZebMcKayhan said and replaced my USB stick for a new brand one.
I've spent last few days as expected, without issues, but now I'e encountered a problem.
My goal is to run a Wireguard server with passthru so my clients will be redirected to my VPN provider.
The problem is that server runs fine, I can connect all my clients, but at the moment I connect my client to VPN provider so the passthru have effect, my clients stop connecting to my server.
Can someone help me, please? I have tried many things, with no luck.
Thanks in advance.
Wireguard server cannot be used with an internet client set in Auto=Y (Route ALL) mode simply because the Wireguard tunnel would be shifted over your VPN client while you try to connect over WAN:
https://github.com/ZebMcKayhan/WireguardManager#default-or-policy-routing

To resolv, change your client (wg11?) to policy mode, and if wanted, put your entire network as a policy rule to route all clients through vpn. Then both server and client and passthru works:
https://github.com/ZebMcKayhan/WireguardManager#create-rules-in-wgm
i.e.:
Code:
E:Option ==> stop wg11
E:Option ==> peer wg11 rule add vpn 192.168.1.0/24 comment All LAN to VPN
E:Option ==> peer wg11 auto=P
E:Option ==> start wg11
(change your LAN ip if it's not 192.168.1.x)
 

juanantonio

Regular Contributor
Wireguard server cannot be used with an internet client set in Auto=Y (Route ALL) mode simply because the Wireguard tunnel would be shifted over your VPN client while you try to connect over WAN:
https://github.com/ZebMcKayhan/WireguardManager#default-or-policy-routing

To resolv, change your client (wg11?) to policy mode, and if wanted, put your entire network as a policy rule to route all clients through vpn. Then both server and client and passthru works:
https://github.com/ZebMcKayhan/WireguardManager#create-rules-in-wgm
i.e.:
Code:
E:Option ==> stop wg11
E:Option ==> peer wg11 rule add vpn 192.168.1.0/24 comment All LAN to VPN
E:Option ==> peer wg11 auto=P
E:Option ==> start wg11
(change your LAN ip if it's not 192.168.1.x)
It worked!
Thank you once more, @ZebMcKayhan.
 

Novice321

New Around Here
Im having trouble importing the Torguard config file for WireGuard into the client peer Asus router Web interface. When I import the config file the data doesn't upload but I can literally see the data. I tried a hard reboot and reset/reinstall still nothing. I cant add the data manually either.
 

ZebMcKayhan

Very Senior Member
Im having trouble importing the Torguard config file for WireGuard into the client peer Asus router Web interface. When I import the config file the data doesn't upload but I can literally see the data. I tried a hard reboot and reset/reinstall still nothing. I cant add the data manually either.
Try using ssh instead. It may not work but it may give you some clues as to what is going on. for convenience you could copy-paste the info in the config into i.e nano and save it in /opt/etc/wireguard.d/torguard.conf

Then import it in wgm cli:
https://github.com/ZebMcKayhan/WireguardManager/blob/main/README.md#import-client
 
Last edited:

Martineau

Part of the Furniture
Im having trouble importing the Torguard config file for WireGuard into the client peer Asus router Web interface. When I import the config file the data doesn't upload but I can literally see the data. I tried a hard reboot and reset/reinstall still nothing. I cant add the data manually either.
Rightly or wrongly, the GUI import is a two-step process...it will read the chosen config file, and display its content in the GUI for a visual confirmation, then you need to click the the IMPORT button.

If you have already done this, then there is probably an error shown in the Web Browser (F12) console?
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top