Wireguard Session Manager - Discussion thread (CLOSED/EXPIRED Oct 2021 use http://www.snbforums.com/threads/session-manager-discussion-2nd-thread.75129/)

[here1310]

@Martineau:

Ideas:

I'm not the Linux freak / more Windows and more the thinker than the doer ...

Ideas: Optimize WG-Install-script / firewall:
Query: create IP Server1 / Server2 (user input required)
Query: (9) create client IP address not assigned automatically (user input required)
Query the client usage:
(1) INet over Router no LAN
(2) INet over Router with LAN
(3) no INet / only LAN access (site networking / routing to other sites)
Query location IP: (like openvpn-config: "route 192.168.88.0 255.255.255.0" / should be editable afterwards)

In principle, I orient myself to the possibilities of OVPN ...

 

[heysoundude]

I have a very basic setup. My router (192.168.1.1.) connects via PPPoE to the internet. My clients (1 phone, 1 PC and 1 iPad) are connected to the router.

Edit:
How can I set MTU?

The GUI: Advanced Settings - WAN - Account Settings is where to set MTU and MRU. 1492 is the number, most likely.
Memory key: " In 1492, Columbus sailed the ocean blue. 1492 is my MTU"

 

[Torson]

I did not reboot the router anytime.
The .conf is working fine when I import it in Wireguard on PC...
I don't understand why it's not working on my AC86U...

Edit:
Maybe I get some fundamentals wrong. Do I need a "server" running on my router? I don't need encryption "behind" my router.
I wish, that my router establishes the WARP tunnel, so all my traffic from the clients connected to the router is routed through WARP.
I have a very basic setup. My router (192.168.1.1.) connects via PPPoE to the internet. My clients (1 phone, 1 PC and 1 iPad) are connected to the router.

Edit:
How can I set MTU?

The good news is that your configuration is valid.
You do not need a server, encryption etc.
The MTU is interface specific. The server and client scripts set it to 1420. In the Warp config file you have MTU=1280.
Run the following command:

ifconfig wg11 mtu 1280

. You can check the change with:

ifconfig wg11

.
It probably will not make any difference.

However, I would start with a router reboot.

The other test you can do is to set the wg11 line in WireguardVPN.conf to P (policy) instead of Y. Then you need to define the policy below: 'rp11 <your_pc_name>192.168.1.x>>VPN'. That will start the vpn client on the router, but only your PC will be on it.
If that works, you can try 'rp11 <Router>192.168.1.1>>WAN<LAN>192.168.1.0/24>>VPN'.

 

[here1310]

@Martineau: V3.05- I noticed that only the last client created can establish a connection, see screenshot ....

 

[Ubimo]

The other test you can do is to set the wg11 line in WireguardVPN.conf to P (policy) instead of Y. Then you need to define the policy below: 'rp11 <your_pc_name>192.168.1.x>>VPN'. That will start the vpn client on the router, but only your PC will be on it.
If that works, you can try 'rp11 <Router>192.168.1.1>>WAN<LAN>192.168.1.0/24>>VPN'.

You are a genius, that finally WORKED! Thanks a lot for your help!
I think, I'm now using WARP, but https://1.1.1.1/help still says otherwise.
https://cloudflare.com/cdn-cgi/trace says: warp= on

Edit:
Still having problems, some websites load, some won't.
For example, facebook.com is loading, reddit.com, github.com or speedtest.net won't load.
I remember this behavior, when I was testing the very early Cloudflare Windows WARP beta client..

Edit1:
This is my WireguardVPN.conf

Spoiler: WireguardVPN.conf

# NOTE: Auto=Y Command 'wg_manager.sh start' will auto-start this Peer
# Auto=P Command 'wg_manager.sh start' will auto-start this Peer using it's Selective Routing RPDB Policy rules if defined e.g 'rp11'
#
#
# VPN Auto Local Peer IP Remote Peer Socket DNS Annotation Comment
wg11 P 172.16.0.2/32 engage.cloudflareclient.com:2408 1.1.1.1 #Cloudflare Warp
wg12 N xxx.xxx.xxx.xxx/32 209.58.188.180:51820 193.138.218.74 # Mullvad China, Hong Kong
wg13 N xxx.xxx.xxx.xxx/32 103.231.88.18:51820 193.138.218.74 # Mullvad Oz, Melbourne
wg14 N xxx.xxx.xxx.xxx/32 193.32.126.66:51820 193.138.218.74 # Mullvad France, Paris
wg15 N #

# For each 'server' Peer you need to allocate a unique VPN subnet
# VPN Subnet
wg21 N 10.50.1.1/24 # RT-AC86U Local Host Peer 1
wg22 N 10.50.2.1/24 # RT-AC86U Local Host Peer 2

# The following default 'wg0' interface retained for backward compatibility!
wg0 N xxx.xxx.xxx.xxx/32 86.106.143.93:51820 193.138.218.74 # Mullvad USA, New York

# RPDB Selection Routing rules same format as 'nvram get vpn_clientX_clientlist'
# < Desciption > Source IP/CIDR > [Target IP/CIDR] > WAN_or_VPN[...]
rp11 <Tom-PC>192.168.1.139>>VPN
rp12
rp13
rp14
rp15

# Custom 'client' Peer interfaces - simply to annotate
SGS8 N 1.2.3.4 xxx.xxx.xxx.xxx dns.xxx.xxx.xxx # A comment here
wg0-client5 N 4.3.2.1 # Mullvad UK, London

# Categories
NoNe=

# WAN KILL-Switch
#KILLSWITCH

# Optionally define the 'server' Peer 'clients' so they can be identified by name in the enhanced WireGuard Peer status report
# (These entries are automatically added below when the 'create' command is used)
# Public Key DHCP IP Annotation Comment
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx= 10.50.1.11/32 # A Cell phone for 'server' 1

Edit2:
Some strange syslog entries

Spoiler: syslog

Mar 25 20:59:22 kernel: ^[[0;33;41m[ERROR mcast] bcm_mcast_blog_process,789: blog allocation failure^[[0m
Mar 25 20:59:22 kernel: ^[[0;33;41m[ERROR mcast] bcm_mcast_blog_process,789: blog allocation failure^[[0m
Mar 25 20:59:37 kernel: ^[[0;33;41m[ERROR mcast] bcm_mcast_blog_process,789: blog allocation failure^[[0m
Mar 25 20:59:37 kernel: ^[[0;33;41m[ERROR mcast] bcm_mcast_blog_process,789: blog allocation failure^[[0m
Mar 25 20:59:57 (wg_manager): 25145 v3.05 Requesting WireGuard VPN Peer stop (wg11)
Mar 25 20:59:57 (wg_manager): 25145 v3.05 Requesting termination of WireGuard VPN 'client' Peer ('wg11')
Mar 25 20:59:57 lldpd[1030]: removal request for address of 172.16.0.2%59, but no knowledge of it
Mar 25 20:59:57 wireguard-client1: Removing Wireguard 'client' Peer rule 9910 from routing policy
Mar 25 20:59:57 wireguard-client1: Removing Wireguard 'client' Peer rule 9911 from routing policy
Mar 25 20:59:57 wireguard-client1: Wireguard VPN 'client' Peer (wg11) to engage.cloudflareclient.com:2408 (#Cloudflare Warp) Terminated
Mar 25 20:59:57 (wg_manager): 25145 Clients ^[[97m0^[[95m, Servers ^[[97m0
Mar 25 21:00:01 Skynet: [#] 47418 IPs (+0) -- 1641 Ranges Banned (+0) || 5 Inbound -- 0 Outbound Connections Blocked! [save] [1s]
Mar 25 21:00:02 kernel: ^[[0;33;41m[ERROR mcast] bcm_mcast_blog_process,789: blog allocation failure^[[0m
Mar 25 21:00:02 kernel: ^[[0;33;41m[ERROR mcast] bcm_mcast_blog_process,789: blog allocation failure^[[0m
Mar 25 21:00:20 kernel: ^[[0;33;41m[ERROR mcast] bcm_mcast_blog_process,789: blog allocation failure^[[0m
Mar 25 21:00:20 kernel: ^[[0;33;41m[ERROR mcast] bcm_mcast_blog_process,789: blog allocation failure^[[0m
Mar 25 21:00:34 kernel: ^[[0;33;41m[ERROR mcast] bcm_mcast_blog_process,789: blog allocation failure^[[0m
Mar 25 21:00:34 kernel: ^[[0;33;41m[ERROR mcast] bcm_mcast_blog_process,789: blog allocation failure^[[0m
Mar 25 21:01:01 kernel: ^[[0;33;41m[ERROR mcast] bcm_mcast_blog_process,789: blog allocation failure^[[0m
Mar 25 21:01:01 kernel: ^[[0;33;41m[ERROR mcast] bcm_mcast_blog_process,789: blog allocation failure^[[0m
Mar 25 21:01:22 kernel: ^[[0;33;41m[ERROR mcast] bcm_mcast_blog_process,789: blog allocation failure^[[0m
Mar 25 21:01:22 kernel: ^[[0;33;41m[ERROR mcast] bcm_mcast_blog_process,789: blog allocation failure^[[0m

Edit3:
Output of diag

Spoiler: diag

E:Option ==> diag

WireGuard VPN Peer Status

interface: wg11 #Cloudflare Warp
public key: FxlmaVpXdlaoP6E+oXB8yalxy/6c5d6CuAsRmUUAanM=
private key: (hidden)
listening port: 43713

peer: bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=
endpoint: 162.159.192.1:2408
allowed ips: 0.0.0.0/0
latest handshake: 39 seconds ago
transfer: 28.42 MiB received, 1.45 MiB sent
persistent keepalive: every 25 seconds

DEBUG: Routing Table main


DEBUG: Routing Table 121 (wg11) #Cloudflare Warp

0.0.0.0/1 dev wg11 scope link
128.0.0.0/1 dev wg11 scope link
192.168.1.0/24 dev br0 proto kernel scope link src 192.168.1.1

DEBUG: RPDB rules

0: from all lookup local
9911: from 192.168.1.139 lookup 121
32766: from all lookup main
32767: from all lookup default

DEBUG: Routing info MTU etc.

27: wg11: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
link/none
inet 172.16.0.2/32 scope global wg11
valid_lft forever preferred_lft forever

DEBUG: UDP sockets.

udp 0 0 0.0.0.0:43713 0.0.0.0:* -
udp 0 0 :::43713 :::* -

DEBUG: Firewall rules

Chain FORWARD (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT all -- br2 wg11 0.0.0.0/0 0.0.0.0/0 /* WireGuard Guest_VLAN */
2 0 0 ACCEPT all -- br1 wg11 0.0.0.0/0 0.0.0.0/0 /* WireGuard Guest_VLAN */

Chain POSTROUTING (policy ACCEPT 184 packets, 14260 bytes)
num pkts bytes target prot opt in out source destination
1 141 8560 MASQUERADE all -- * wg11 192.168.0.0/16 0.0.0.0/0 /* WireGuard 'client' */
2 0 0 MASQUERADE all -- * wg1+ 10.50.1.0/24 0.0.0.0/0 /* WireGuard 'server' */

Chain POSTROUTING (policy ACCEPT 952 packets, 117K bytes)
num pkts bytes target prot opt in out source destination

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 440 packets, 67293 bytes)
num pkts bytes target prot opt in out source destination


WireGuard ACTIVE Peer Status: Clients 1, Servers 0

Edit4:
Is this output normal in syslog?

Spoiler: syslog

Mar 25 21:13:30 (wg_manager.sh): 4253 Clients ^[[97m1^[[95m, Servers ^[[97m0

Edit5:
I also cannot reach my LTU Pro at 172.16.xxx.x

 

[Martineau]

wg_manager Beta v4.01 is available

As usual I suggest you backup your current config

i.e. Backup

'/opt/etc/wireguard.d'
'/jffs/addons/wireguard/WireguardVPN.conf' (although is also backed up during the migration)

Use the following three commands to upgrade

e  = Exit Script [?]

E:Option ==> uf


    Forced Update

    Downloading scripts
    wg_manager.sh downloaded successfully Github 'dev/development' branch
    wg_client downloaded successfully Github 'dev/development' branch
    wg_server downloaded successfully Github 'dev/development' branch

repeat a second time and this time an extra script is downloaded.

e  = Exit Script [?]

E:Option ==> uf


    Forced Update

    Downloading scripts
    wg_manager.sh downloaded successfully Github 'dev/development' branch
    wg_client downloaded successfully Github 'dev/development' branch
    wg_server downloaded successfully Github 'dev/development' branch
    UDP_Updater.sh downloaded successfully Github 'dev/development' branch

Now start the migration of your 'WireguardVPN.conf' into the database

initdb migrate

It will list a count of the number of Peers found in 'WireguardVPN.conf' and the number of physical '/wireguard.d/*.conf' files.

Reply 'y' to proceed.

...hopefully you will see the entries being migrated.

At the end of the process, 'WireguardVPN.conf' will have been renamed 'WireguardVPN.conf_migrated' and replaced with a virgin v4.0 file.
(If you have defined custom categories, then you need to manually cut'n'paste them from the backup 'WireguardVPN.conf_migrated' - sorry)


You should now be able to use the peer command to see your database entries

peer help

peer

peer wg21

peer wg21 config

peer xxxx del

If the Peer tables appear incomplete, you can rename 'WireguardVPN.conf_migrated' back to 'WireguardVPN.conf',edit/fine tune the 'broken' entries then rerun the migration or use the peer command to edit/update the fields as required.


You will need to manually import any Road-Warrior devices, so list them using

import ?

then

import iPHONE Nokia631 etc.

NOTE: If you want to import from a custom directory simply use

import dir /path/to/your/backup/dir

then supply just the device names without needing to type the full pathname.


Finally if you perform a status '3 - List' you should see the new status layout, but the session duration timestamp for the Peer will be incorrect until you restart the Peer.


Hopefully not too painful! ;-)

Spoiler: New IPSet feature

e  = Exit Script [?]

E:Option ==> peer wg13


    Peers (Auto=P - Policy, Auto=X - External i.e. Cell/Mobile)

Client  Auto  IP               Endpoint             DNS             Public  Annotate                                   
wg13    P     10.67.146.14/32  103.231.88.18:51820  193.138.218.74          eKxLdD40ozIv7rGo8t3VjglrCelxDY3YD4BTEdRJSl0=  # Mullvad Oz, Melbourne

Peer  RPDB Selective Routing rules
wg13  <Dummy VPN 3>172.16.1.3>>VPN<Plex>172.16.1.123>1.1.1.1>VPN<Router>172.16.1.1>>WAN<All LAN>172.16.1.0/24>>VPN

IPSet    Enable  Peer  FWMark  DST/SRC
NetFlix  Y       wg13  0x4000  dst
Hulu     Y       wg13  0x4000  dst

e  = Exit Script [?]

E:Option ==> peer wg13 del ipset Hulu


    [✔] Ipset 'Hulu' Selective Routing deleted wg13

    Peers (Auto=P - Policy, Auto=X - External i.e. Cell/Mobile)

Client  Auto  IP               Endpoint             DNS             Public  Annotate                                   
wg13    P     10.67.146.14/32  103.231.88.18:51820  193.138.218.74          eKxLdD40ozIv7rGo8t3VjglrCelxDY3YD4BTEdRJSl0=  # Mullvad Oz, Melbourne

Peer  RPDB Selective Routing rules
wg13  <Dummy VPN 3>172.16.1.3>>VPN<Plex>172.16.1.123>1.1.1.1>VPN<Router>172.16.1.1>>WAN<All LAN>172.16.1.0/24>>VPN

IPSet    Enable  Peer  FWMark  DST/SRC
NetFlix  Y       wg13  0x4000  dst

e  = Exit Script [?]

E:Option ==> ipset

    Table:ipset Summary

Total  IPSet
1      NetFlix

Total  IPSet    Peer
1      NetFlix  wg13

FWMark  Interface
0x1000  wg11
0x2000  wg12
0x4000  wg13
0x7000  wg14
0x3000  wg15
0x8000  wan

e  = Exit Script [?]

E:Option ==> peer wg13 upd ipset fwmark 12345

    [✔] Updated FWMARK for wg13

FWMark  Interface
0x1000  wg11
0x2000  wg12
12345   wg13
0x7000  wg14
0x3000  wg15
0x8000  wan

[/CODE]

 

[Martineau]

@Martineau: V3.05- I noticed that only the last client created can establish a connection, see screenshot ....

Strange indeed.

Developing the v4.0 UDP Peer monitor, it can only reliably track one Road-Warror 'device' Peer per 'server', so I never noticed the issue.

I know that I broke the Road-Warrior IP allocation in v4.0, i.e. duplicate device addresses could be assigned including the '.1' address assigned to the 'server' Peer..

Do you know when it stopped working?...v2.0 or which 3.0 version?

 

[Ubimo]

I cannot install Wireguard Manager:

When I execute:

curl --retry 3 "https://raw.githubusercontent.com/MartineauUK/wireguard/main/wg_manager.sh" --create-dirs -o "/jffs/addons/wireguard/wg_manager.sh" && chmod 755 "/jffs/addons/wireguard/wg_manager.sh" && /jffs/addons/wireguard/wg_manager.sh install

This shows up:

Spoiler: installer

+======================================================================+
| Welcome to the WireGuard Manager/Installer script (Asuswrt-Merlin) |
| |
| Version v4.02 by Martineau |
| |
| Requirements: USB drive with Entware installed |
| |
| 1 = Install WireGuard |
| o1. Enable nat-start protection for Firewall rules |
| o2. Enable DNS |
| |
| |
+======================================================================+

WireGuard ACTIVE Peer Status: Clients 0, Servers 0



1 = Begin WireGuard Installation Process

e = Exit Script [?]

E:Option ==> 1

Installing WireGuard Manager - Router RT-AC86U (v386.2) arch=aarch64

Downloading scripts
wg_client downloaded successfully
wg_server downloaded successfully


'UDP_Updater.sh' download FAILED with curl error 404



admin@RT-AC86U-9AD0:/tmp/home/root#

 

[Torson]

Strange indeed.

Do you know when it stopped working?...v2.0 or which 3.0 version?

In 3.05 I remember seeing the same screen.

 

[Ubimo]

@Martineau
Fresh install now seems to work with 4.02
But I'm missing wg11.conf in opt/etc/wireguard.d

Also, WireguardVPN.conf seems a bit "empty"

Spoiler: WireguardVPN.conf

# WireGuard Session Manager v4.01

# Categories
None=

# WAN KILL-Switch
KILLSWITCH

# Statistics Gathering
STATS

Peer management also returns errors:

Spoiler: peer management

E:Option ==> 8

Peers (Auto=P - Policy, Auto=X - External i.e. Cell/Mobile)
Error: no such table: servers

Error: no such table: clients

Error: no such table: devices

 

[Martineau]

@Martineau
Fresh install now seems to work with 4.02
But I'm missing wg11.conf in opt/etc/wireguard.d

Also, WireguardVPN.conf seems a bit "empty"

Spoiler: WireguardVPN.conf

# WireGuard Session Manager v4.01

# Categories
None=

# WAN KILL-Switch
KILLSWITCH

# Statistics Gathering
STATS

Peer management also returns errors:

Spoiler: peer management

E:Option ==> 8

Peers (Auto=P - Policy, Auto=X - External i.e. Cell/Mobile)
Error: no such table: servers

Error: no such table: clients

Error: no such table: devices

Apologies, I'm having a nightmare with Github, the 'main' branch install says a script doesn't exist, but I can open it - weird.

Make a backup of 'wg11.conf'.

Uninstall v4.0, and re-install....which is temporarily forced to the 'dev' branch.

Restore 'wg11.conf' into '/opt/etc/wireguard.d/ then perform

e  = Exit Script [?]

E:Option ==> import wg11

Check the contents of 'wg11.conf' (The importcommand was originally designed for Road-Warrior 'device' Peers.)

 

[Ubimo]

Make a backup of 'wg11.conf'.

Thank you for your work!
Unfortunately, I don't have a copy of wg11.conf.
I want to start fresh.

 

[Martineau]

Thank you for your work!
Unfortunately, I don't have a copy of wg11.conf.
I want to start fresh.

v4.0 no longer creates the sample (useless) 'wg11' Peer, as this would normally be supplied by your WireGuard provider.

So a clean install is best anyway!

 

[Ubimo]

Ok, now I've created a wg11.conf in opt/etc/ and imported it.
How do I set it to start? (formerly Y in WireguardVPN.conf) then "4"
Only wg21 is starting.
I see it is set to X

Spoiler: peer management

E:Option ==> 8

Peers (Auto=P - Policy, Auto=X - External i.e. Cell/Mobile)
Server Auto Subnet Port Annotate
wg21 Y 10.50.1.1/24 51820 # RT-AC86U Server #1


Device Auto IP DNS Allowed IP Annotate
wg11 X fd01:5ca1:ab1e:864d:95c9:3904:15ef:2ab6/128 1.1.1.1 0.0.0.0/0 #Address = 172.16.0.2/32

WireGuard ACTIVE Peer Status: Clients 0, Servers 0

Where can I set wg21 to X and wg11 to Y?

Edit:
I see a WireGuard.db, but I'm too anxious to edit this file.

Edit2:
I cannot start wg11, see

E:Option ==> 4 wg11

        Requesting WireGuard VPN Peer start (wg11)

        wireguard-client1: Initialising Wireguard VPN 'client' Peer (wg11) in Policy Mode to  (# Unidentified)
RTNETLINK answers: Operation not supported
        wireguard-client1: Initialisation complete.


        WireGuard ACTIVE Peer Status: Clients 0, Servers 0

My

Spoiler: wg11.conf

[Interface]
PrivateKey = xxxx
#Address = 172.16.0.2/32
#Address = fd01:5ca1:ab1e:864d:95c9:3904:15ef:2ab6/128
#DNS = 1.1.1.1
#MTU = 1280
[Peer]
PublicKey = bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=
AllowedIPs = 0.0.0.0/0
#AllowedIPs = ::/0
Endpoint = engage.cloudflareclient.com:2408

 

[Martineau]

Ok, now I've created a wg11.conf in opt/etc/ and imported it.
How do I set it to start? (formerly Y in WireguardVPN.conf) then "4"
Only wg21 is starting.
I see it is set to X

Spoiler: peer management

E:Option ==> 8

Peers (Auto=P - Policy, Auto=X - External i.e. Cell/Mobile)
Server Auto Subnet Port Annotate
wg21 Y 10.50.1.1/24 51820 # RT-AC86U Server #1


Device Auto IP DNS Allowed IP Annotate
wg11 X fd01:5ca1:ab1e:864d:95c9:3904:15ef:2ab6/128 1.1.1.1 0.0.0.0/0 #Address = 172.16.0.2/32

WireGuard ACTIVE Peer Status: Clients 0, Servers 0

Where can I set wg21 to X and wg11 to Y?

Edit:
I see a WireGuard.db, but I'm too anxious to edit this file.

Edit2:
I cannot start wg11, see

E:Option ==> 4 wg11

        Requesting WireGuard VPN Peer start (wg11)

        wireguard-client1: Initialising Wireguard VPN 'client' Peer (wg11) in Policy Mode to  (# Unidentified)
RTNETLINK answers: Operation not supported
        wireguard-client1: Initialisation complete.


        WireGuard ACTIVE Peer Status: Clients 0, Servers 0

My

Spoiler: wg11.conf

[Interface]
PrivateKey = xxxx
#Address = 172.16.0.2/32
#Address = fd01:5ca1:ab1e:864d:95c9:3904:15ef:2ab6/128
#DNS = 1.1.1.1
#MTU = 1280
[Peer]
PublicKey = bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=
AllowedIPs = 0.0.0.0/0
#AllowedIPs = ::/0
Endpoint = engage.cloudflareclient.com:2408

If you know SQL, then you can manually change the contents of the database using sqlite3

So in my example, 'wg11' will not auto-start @boot

e  = Exit Script [?]

E:Option ==> peer wg11

    Peers (Auto=P - Policy, Auto=X - External i.e. Cell/Mobile)

Client  Auto  IP               Endpoint             DNS             Public                                        Annotate                              
wg11    N     10.67.146.14/32  86.106.143.93:51820  193.138.218.74  ru9aQRx+BkK5pWvNkdFlkR8VMPSQcE/NBPGkIGEf0XU=  BKxLdx40ozIv7r/o8t3VjglrCelxDY3YD4B+EdRJSl0=  # Mullvad USA, New York

The Auto flag for wg* interfaces may be either 'Y' | 'N' | 'P', ('X' is reserved for Road-Warrior devices)

To set 'wg11' to auto-start @boot

e  = Exit Script [?]

E:Option ==> peer wg11 auto=y

    [✔] Updated AUTO=Y:

The error 'RTNETLINK answers: Operation not supported' - is because you have multiple 'Address statements' in 'wg11.conf' during the import
(I don't filter IPv6, assuming you may wish to use IPv6.)

So retrieve the patched script

e  = Exit Script [?]

E:Option ==> uf dev

then update the database with the IPv4 address

e  = Exit Script [?]

E:Option ==> peer wg11 ip=172.16.0.2/32

but you can use3 List and or diag firewall to see if there are missing firewall rules etc.

 

[Ubimo]

I started a fresh install again, then entered "uf dev".

auto=y does not work, see below output of "8" peer management.

Spoiler: output

E:Option ==> peer wg11 auto=y

[✔] Updated AUTO=Y:


WireGuard ACTIVE Peer Status: Clients 0, Servers 0



1 = Update Wireguard modules 7 = Display QR code for a Peer {device} e.g. iPhone
2 = Remove WireGuard/wg_manager 8 = Peer management [ "list" | "category" | "new" ] | [ {Peer | category} [ del | show | add [{"auto="[y|n|p]}] ]
9 = Create Key-pair for Peer {Device} e.g. Nokia6310i (creates Nokia6310i.conf etc.)
3 = List ACTIVE Peers Summary [Peer...] [full] 10 = IPSet management [ "list" ] | [ "upd" { ipset [ "fwmark" {fwmark} ] | [ "enable" {"y"|"n"}] | [ "dstsrc"] ] } ]
4 = Start [ [Peer [nopolicy]...] | category ] e.g. start clients
5 = Stop [ [Peer... ] | category ] e.g. stop clients
6 = Restart [ [Peer... ] | category ] e.g. restart servers

? = About Configuration
v = View ('/jffs/addons/wireguard/WireguardVPN.conf')

e = Exit Script [?]

E:Option ==> 8

Peers (Auto=P - Policy, Auto=X - External i.e. Cell/Mobile)
Server Auto Subnet Port Annotate
wg21 N 10.50.1.1/24 51820 # RT-AC86U Server #1


Device Auto IP DNS Allowed IP Annotate
wg11 X 172.16.0.2/32 1.1.1.1 0.0.0.0/0 # N/A

WireGuard ACTIVE Peer Status: Clients 0, Servers 0

This is my wg11.conf.
Is this a legit/correct wg11.conf?

Spoiler: wg11.conf

[Interface]
PrivateKey = hidden
Address = 172.16.0.2/32
DNS = 1.1.1.1

[Peer]
PublicKey = bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=
AllowedIPs = 0.0.0.0/0
Endpoint = engage.cloudflareclient.com:2408

Starting wg11 does not work, I think, I'm too stupid, to understand how this works *sad*

Spoiler: output

E:Option ==> 4 wg11

Requesting WireGuard VPN Peer start (wg11)

wireguard-client1: Initialising Wireguard VPN 'client' Peer (wg11) in Policy Mode to (# Unidentified)
Line unrecognized: `Address=172.16.0.2/32'
Configuration parsing error
RTNETLINK answers: Operation not supported
need at least a destination address
wireguard-client1: Initialisation complete.


WireGuard ACTIVE Peer Status: Clients 0, Servers 0

 

[Martineau]

I started a fresh install again, then entered "uf dev".

auto=y does not work, see below output of "8" peer management.

Spoiler: output

E:Option ==> peer wg11 auto=y

[✔] Updated AUTO=Y:


WireGuard ACTIVE Peer Status: Clients 0, Servers 0



1 = Update Wireguard modules 7 = Display QR code for a Peer {device} e.g. iPhone
2 = Remove WireGuard/wg_manager 8 = Peer management [ "list" | "category" | "new" ] | [ {Peer | category} [ del | show | add [{"auto="[y|n|p]}] ]
9 = Create Key-pair for Peer {Device} e.g. Nokia6310i (creates Nokia6310i.conf etc.)
3 = List ACTIVE Peers Summary [Peer...] [full] 10 = IPSet management [ "list" ] | [ "upd" { ipset [ "fwmark" {fwmark} ] | [ "enable" {"y"|"n"}] | [ "dstsrc"] ] } ]
4 = Start [ [Peer [nopolicy]...] | category ] e.g. start clients
5 = Stop [ [Peer... ] | category ] e.g. stop clients
6 = Restart [ [Peer... ] | category ] e.g. restart servers

? = About Configuration
v = View ('/jffs/addons/wireguard/WireguardVPN.conf')

e = Exit Script [?]

E:Option ==> 8

Peers (Auto=P - Policy, Auto=X - External i.e. Cell/Mobile)
Server Auto Subnet Port Annotate
wg21 N 10.50.1.1/24 51820 # RT-AC86U Server #1


Device Auto IP DNS Allowed IP Annotate
wg11 X 172.16.0.2/32 1.1.1.1 0.0.0.0/0 # N/A

WireGuard ACTIVE Peer Status: Clients 0, Servers 0

This is my wg11.conf.
Is this a legit/correct wg11.conf?

Spoiler: wg11.conf

[Interface]
PrivateKey = hidden
Address = 172.16.0.2/32
DNS = 1.1.1.1

[Peer]
PublicKey = bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=
AllowedIPs = 0.0.0.0/0
Endpoint = engage.cloudflareclient.com:2408

Starting wg11 does not work, I think, I'm too stupid, to understand how this works *sad*

More likely your issues are because I'm too stupid to write scripts.

I cloned your 'wg11.conf' as 'ubimo.conf' and simply added a comment as the first line:

# Cloudflare Warp
[Interface]
PrivateKey = hidden
Address = 172.16.0.2/32

[Peer]
PublicKey = bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=
AllowedIPs = 0.0.0.0/0
Endpoint = engage.cloudflareclient.com:2408

Then I imported the config, and requested the import function to auto allocate the next available wg* 'client' Peer rather than keep the name provided by your WireGuard ISP e.g. 'ubimo'

e  = Exit Script [?]

E:Option ==> import ubimo name=

    [✔] Peer ubimo import as wg15 success


wg15    Y     172.16.0.2/32    engage.cloudflareclient.com:2408                  # Cloudflare Warp

Clearly I cannot start the new imported 'wg15' Peer as the private key is the text string 'hidden'

e  = Exit Script [?]

E:Option ==> start wg15

    Requesting WireGuard VPN Peer start (wg15)

    wireguard-client5: Initialising Wireguard VPN 'client' Peer (wg15) to engage.cloudflareclient.com:2408 (# Cloudflare Warp)
Key is not the correct length or format: `hidden'
Configuration parsing error
need at least a destination address

To debug why you can't change the auto flag from 'Y' to 'N'

e  = Exit Script [?]

E:Option ==> debug

e  = Exit Script [?]

E:Debug mode enabledOption ==> peer wg12 auto=n

          [✔] Updated AUTO=N:

then post the debug output

 

[Ubimo]

Thank you for your efforts!

I always start from a fresh install.
I did the same as you, but wg11 won't start:

Spoiler: output

E:Option ==> import ubimo name=

[✔] Peer ubimo import as wg11 success

Peers (Auto=P - Policy, Auto=X - External i.e. Cell/Mobile)
Server Auto Subnet Port Annotate
wg21 Y 10.50.1.1/24 51820 # RT-AC86U Server #1


Device Auto IP DNS Allowed IP Annotate
ubimo X 172.16.0.2/32 1.1.1.1 0.0.0.0/0 # Cloudflare Warp

WireGuard ACTIVE Peer Status: Clients 0, Servers 0



1 = Update Wireguard modules 7 = Display QR code for a Peer {device} e.g. iPhone
2 = Remove WireGuard/wg_manager 8 = Peer management [ "list" | "category" | "new" ] | [ {Peer | category} [ del | show | add [{"auto="[y|n|p]}] ]
9 = Create Key-pair for Peer {Device} e.g. Nokia6310i (creates Nokia6310i.conf etc.)
3 = List ACTIVE Peers Summary [Peer...] [full] 10 = IPSet management [ "list" ] | [ "upd" { ipset [ "fwmark" {fwmark} ] | [ "enable" {"y"|"n"}] | [ "dstsrc"] ] } ]
4 = Start [ [Peer [nopolicy]...] | category ] e.g. start clients
5 = Stop [ [Peer... ] | category ] e.g. stop clients
6 = Restart [ [Peer... ] | category ] e.g. restart servers

? = About Configuration
v = View ('/jffs/addons/wireguard/WireguardVPN.conf')

e = Exit Script [?]

E:Option ==> start wg11

Requesting WireGuard VPN Peer start (wg11)

wireguard-client1: Initialising Wireguard VPN 'client' Peer (wg11) in Policy Mode to (# Unidentified)
Line unrecognized: `Address=172.16.0.2/32'
Configuration parsing error
RTNETLINK answers: Operation not supported
need at least a destination address
wireguard-client1: Initialisation complete.


WireGuard ACTIVE Peer Status: Clients 0, Servers 0

Output of debug (why I can't set wg11 to auto=y)

Spoiler: output

E:Option ==> debug

WireGuard ACTIVE Peer Status: Clients 0, Servers 0



1 = Update Wireguard modules 7 = Display QR code for a Peer {device} e.g. iPhone
2 = Remove WireGuard/wg_manager 8 = Peer management [ "list" | "category" | "new" ] | [ {Peer | category} [ del | show | add [{"auto="[y|n|p]}] ]
9 = Create Key-pair for Peer {Device} e.g. Nokia6310i (creates Nokia6310i.conf etc.)
3 = List ACTIVE Peers Summary [Peer...] [full] 10 = IPSet management [ "list" ] | [ "upd" { ipset [ "fwmark" {fwmark} ] | [ "enable" {"y"|"n"}] | [ "dstsrc"] ] } ]
4 = Start [ [Peer [nopolicy]...] | category ] e.g. start clients
5 = Stop [ [Peer... ] | category ] e.g. stop clients
6 = Restart [ [Peer... ] | category ] e.g. restart servers

? = About Configuration
v = View ('/jffs/addons/wireguard/WireguardVPN.conf')

e = Exit Script [?]

Eebug mode enabledOption ==> peer wg11 auto=y
+ printf %s peer wg11 auto=y+ sed s/^[ \t]*//;s/[ \t]*$//

+ menu1=peer wg11 auto=y
+ Validate_User_Choice peer wg11 auto=y
+ local menu1=peer wg11 auto=y
+ [ Y == Y ]
+ echo peer wg11 auto=y
+ awk {$1="peer"}1
+ menu1=peer wg11 auto=y
+ echo peer wg11 auto=y
+ menu1=peer wg11 auto=y
+ Process_User_Choice peer wg11 auto=y
+ local menu1=peer wg11 auto=y
+ Manage_Peer peer wg11 auto=y
+ local ACTION=peer
+ shift
+ WG_INTERFACE=wg11
+ shift
+ local CMD=auto=y
+ [ wg11 == new ]
+ [ wg11 == newC ]
+ [ wg11 == help ]
+ [ -z auto=y ]
+ echo auto=y+ grep -iw ipset

+ [ -n ]
+ [ auto=y == help ]
+ local FN=/jffs/addons/wireguard/WireguardVPN.confXXX
+ [ wg11 == new ]
+ [ wg11 == newC ]
+ [ wg11 == add ]
+ [ wg11 != category ]
+ [ auto=y == import ]
+ [ auto=y == delX ]
+ [ auto=y == new ]
+ [ auto=y == add ]
+ [ -f /opt/etc/wireguard.d/wg11.conf ]
+ echo auto=y
+ awk -F = {print $2}
+ local AUTO=y
+ echo y
+ grep ^[yYnNpP]$
+ [ y ]
+ echo y
+ tr a-z A-Z
+ FLAG=Y
+ [ wg1 == wg2 ]
+ TABLE=clients
+ sqlite3 /opt/etc/wireguard.d/WireGuard.db UPDATE clients SET auto='Y' WHERE peer='wg11';
+ echo -e \e[92m\n\t[✔] Updated AUTO=Y:\n\e[0m

[✔] Updated AUTO=Y:

+ [ Y == P ]
+ set +x

WireGuard ACTIVE Peer Status: Clients 0, Servers 0



1 = Update Wireguard modules 7 = Display QR code for a Peer {device} e.g. iPhone
2 = Remove WireGuard/wg_manager 8 = Peer management [ "list" | "category" | "new" ] | [ {Peer | category} [ del | show | add [{"auto="[y|n|p]}] ]
9 = Create Key-pair for Peer {Device} e.g. Nokia6310i (creates Nokia6310i.conf etc.)
3 = List ACTIVE Peers Summary [Peer...] [full] 10 = IPSet management [ "list" ] | [ "upd" { ipset [ "fwmark" {fwmark} ] | [ "enable" {"y"|"n"}] | [ "dstsrc"] ] } ]
4 = Start [ [Peer [nopolicy]...] | category ] e.g. start clients
5 = Stop [ [Peer... ] | category ] e.g. stop clients
6 = Restart [ [Peer... ] | category ] e.g. restart servers

? = About Configuration
v = View ('/jffs/addons/wireguard/WireguardVPN.conf')

e = Exit Script [?]

Eebug mode enabledOption ==> 8
+ printf %s 8
+ sed s/^[ \t]*//;s/[ \t]*$//
+ menu1=8
+ Validate_User_Choice 8
+ local menu1=8
+ [ Y == Y ]
+ echo 8
+ awk {$1="peer"}1
+ menu1=peer
+ echo peer
+ menu1=peer
+ Process_User_Choice peer
+ local menu1=peer
+ Manage_Peer peer
+ local ACTION=peer
+ shift
+ WG_INTERFACE=
+ shift
+ local CMD=
+ [ == new ]
+ [ == newC ]
+ [ == help ]
+ [ -z ]
+ CMD=list
+ echo
+ grep -iw ipset
+ [ -n ]
+ [ != category ]
+ Show_Peer_Config_Entry
+ local WG_INTERFACE=
+ echo -e \e[97m\n\tPeers (Auto=P - Policy, Auto=X - External i.e. Cell/Mobile)\e[96m

Peers (Auto=P - Policy, Auto=X - External i.e. Cell/Mobile)
+ COLUMN_TXT=Server,Auto,Subnet,Port,Annotate
+ sqlite3 /opt/etc/wireguard.d/WireGuard.db SELECT peer,auto,subnet,port,tag from servers;
+ column -t -s | --table-columns Server,Auto,Subnet,Port,Annotate
Server Auto Subnet Port Annotate
wg21 Y 10.50.1.1/24 51820 # RT-AC86U Server #1
+ echo -e

+ COLUMN_TXT=Client,Auto,IP,Endpoint,DNS,Annotate
+ sqlite3 /opt/etc/wireguard.d/WireGuard.db SELECT peer,auto,subnet,socket,dns,tag from clients;
+ column -t -s | --table-columns Client,Auto,IP,Endpoint,DNS,Annotate
+ echo -e

+ COLUMN_TXT=Device,Auto,IP,DNS,Allowed IP,Annotate
+ sqlite3 /opt/etc/wireguard.d/WireGuard.db SELECT name,auto,ip,dns,allowedip,tag from devices;
+ column -t -s | --table-columns Device,Auto,IP,DNS,Allowed IP,Annotate
Device Auto IP DNS Allowed IP Annotate
ubimo X 172.16.0.2/32 1.1.1.1 0.0.0.0/0 # Cloudflare Warp
+ echo -en \e[0m
+ set +x

WireGuard ACTIVE Peer Status: Clients 0, Servers 0

Here is my complete ubimo.conf for testing purposes:

Spoiler: ubimo.conf

# Cloudflare Warp
[Interface]
PrivateKey = aONsuGBjXkphICgdeemBnbSGjIvKa44ih7qvNaJmfGA=
Address = 172.16.0.2/32
DNS = 1.1.1.1

[Peer]
PublicKey = bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=
AllowedIPs = 0.0.0.0/0
Endpoint = engage.cloudflareclient.com:2408

 

[Martineau]

Thank you for your efforts!

I always start from a fresh install.
I did the same as you, but wg11 won't start:

Spoiler: output

E:Option ==> import ubimo name=

[✔] Peer ubimo import as wg11 success

Peers (Auto=P - Policy, Auto=X - External i.e. Cell/Mobile)
Server Auto Subnet Port Annotate
wg21 Y 10.50.1.1/24 51820 # RT-AC86U Server #1


Device Auto IP DNS Allowed IP Annotate
ubimo X 172.16.0.2/32 1.1.1.1 0.0.0.0/0 # Cloudflare Warp

WireGuard ACTIVE Peer Status: Clients 0, Servers 0



1 = Update Wireguard modules 7 = Display QR code for a Peer {device} e.g. iPhone
2 = Remove WireGuard/wg_manager 8 = Peer management [ "list" | "category" | "new" ] | [ {Peer | category} [ del | show | add [{"auto="[y|n|p]}] ]
9 = Create Key-pair for Peer {Device} e.g. Nokia6310i (creates Nokia6310i.conf etc.)
3 = List ACTIVE Peers Summary [Peer...] [full] 10 = IPSet management [ "list" ] | [ "upd" { ipset [ "fwmark" {fwmark} ] | [ "enable" {"y"|"n"}] | [ "dstsrc"] ] } ]
4 = Start [ [Peer [nopolicy]...] | category ] e.g. start clients
5 = Stop [ [Peer... ] | category ] e.g. stop clients
6 = Restart [ [Peer... ] | category ] e.g. restart servers

? = About Configuration
v = View ('/jffs/addons/wireguard/WireguardVPN.conf')

e = Exit Script [?]

E:Option ==> start wg11

Requesting WireGuard VPN Peer start (wg11)

wireguard-client1: Initialising Wireguard VPN 'client' Peer (wg11) in Policy Mode to (# Unidentified)
Line unrecognized: `Address=172.16.0.2/32'
Configuration parsing error
RTNETLINK answers: Operation not supported
need at least a destination address
wireguard-client1: Initialisation complete.


WireGuard ACTIVE Peer Status: Clients 0, Servers 0

Output of debug (why I can't set wg11 to auto=y)

Spoiler: output

E:Option ==> debug

WireGuard ACTIVE Peer Status: Clients 0, Servers 0



1 = Update Wireguard modules 7 = Display QR code for a Peer {device} e.g. iPhone
2 = Remove WireGuard/wg_manager 8 = Peer management [ "list" | "category" | "new" ] | [ {Peer | category} [ del | show | add [{"auto="[y|n|p]}] ]
9 = Create Key-pair for Peer {Device} e.g. Nokia6310i (creates Nokia6310i.conf etc.)
3 = List ACTIVE Peers Summary [Peer...] [full] 10 = IPSet management [ "list" ] | [ "upd" { ipset [ "fwmark" {fwmark} ] | [ "enable" {"y"|"n"}] | [ "dstsrc"] ] } ]
4 = Start [ [Peer [nopolicy]...] | category ] e.g. start clients
5 = Stop [ [Peer... ] | category ] e.g. stop clients
6 = Restart [ [Peer... ] | category ] e.g. restart servers

? = About Configuration
v = View ('/jffs/addons/wireguard/WireguardVPN.conf')

e = Exit Script [?]

Eebug mode enabledOption ==> peer wg11 auto=y
+ printf %s peer wg11 auto=y+ sed s/^[ \t]*//;s/[ \t]*$//

+ menu1=peer wg11 auto=y
+ Validate_User_Choice peer wg11 auto=y
+ local menu1=peer wg11 auto=y
+ [ Y == Y ]
+ echo peer wg11 auto=y
+ awk {$1="peer"}1
+ menu1=peer wg11 auto=y
+ echo peer wg11 auto=y
+ menu1=peer wg11 auto=y
+ Process_User_Choice peer wg11 auto=y
+ local menu1=peer wg11 auto=y
+ Manage_Peer peer wg11 auto=y
+ local ACTION=peer
+ shift
+ WG_INTERFACE=wg11
+ shift
+ local CMD=auto=y
+ [ wg11 == new ]
+ [ wg11 == newC ]
+ [ wg11 == help ]
+ [ -z auto=y ]
+ echo auto=y+ grep -iw ipset

+ [ -n ]
+ [ auto=y == help ]
+ local FN=/jffs/addons/wireguard/WireguardVPN.confXXX
+ [ wg11 == new ]
+ [ wg11 == newC ]
+ [ wg11 == add ]
+ [ wg11 != category ]
+ [ auto=y == import ]
+ [ auto=y == delX ]
+ [ auto=y == new ]
+ [ auto=y == add ]
+ [ -f /opt/etc/wireguard.d/wg11.conf ]
+ echo auto=y
+ awk -F = {print $2}
+ local AUTO=y
+ echo y
+ grep ^[yYnNpP]$
+ [ y ]
+ echo y
+ tr a-z A-Z
+ FLAG=Y
+ [ wg1 == wg2 ]
+ TABLE=clients
+ sqlite3 /opt/etc/wireguard.d/WireGuard.db UPDATE clients SET auto='Y' WHERE peer='wg11';
+ echo -e \e[92m\n\t[✔] Updated AUTO=Y:\n\e[0m

[✔] Updated AUTO=Y:

+ [ Y == P ]
+ set +x

WireGuard ACTIVE Peer Status: Clients 0, Servers 0



1 = Update Wireguard modules 7 = Display QR code for a Peer {device} e.g. iPhone
2 = Remove WireGuard/wg_manager 8 = Peer management [ "list" | "category" | "new" ] | [ {Peer | category} [ del | show | add [{"auto="[y|n|p]}] ]
9 = Create Key-pair for Peer {Device} e.g. Nokia6310i (creates Nokia6310i.conf etc.)
3 = List ACTIVE Peers Summary [Peer...] [full] 10 = IPSet management [ "list" ] | [ "upd" { ipset [ "fwmark" {fwmark} ] | [ "enable" {"y"|"n"}] | [ "dstsrc"] ] } ]
4 = Start [ [Peer [nopolicy]...] | category ] e.g. start clients
5 = Stop [ [Peer... ] | category ] e.g. stop clients
6 = Restart [ [Peer... ] | category ] e.g. restart servers

? = About Configuration
v = View ('/jffs/addons/wireguard/WireguardVPN.conf')

e = Exit Script [?]

Eebug mode enabledOption ==> 8
+ printf %s 8
+ sed s/^[ \t]*//;s/[ \t]*$//
+ menu1=8
+ Validate_User_Choice 8
+ local menu1=8
+ [ Y == Y ]
+ echo 8
+ awk {$1="peer"}1
+ menu1=peer
+ echo peer
+ menu1=peer
+ Process_User_Choice peer
+ local menu1=peer
+ Manage_Peer peer
+ local ACTION=peer
+ shift
+ WG_INTERFACE=
+ shift
+ local CMD=
+ [ == new ]
+ [ == newC ]
+ [ == help ]
+ [ -z ]
+ CMD=list
+ echo
+ grep -iw ipset
+ [ -n ]
+ [ != category ]
+ Show_Peer_Config_Entry
+ local WG_INTERFACE=
+ echo -e \e[97m\n\tPeers (Auto=P - Policy, Auto=X - External i.e. Cell/Mobile)\e[96m

Peers (Auto=P - Policy, Auto=X - External i.e. Cell/Mobile)
+ COLUMN_TXT=Server,Auto,Subnet,Port,Annotate
+ sqlite3 /opt/etc/wireguard.d/WireGuard.db SELECT peer,auto,subnet,port,tag from servers;
+ column -t -s | --table-columns Server,Auto,Subnet,Port,Annotate
Server Auto Subnet Port Annotate
wg21 Y 10.50.1.1/24 51820 # RT-AC86U Server #1
+ echo -e

+ COLUMN_TXT=Client,Auto,IP,Endpoint,DNS,Annotate
+ sqlite3 /opt/etc/wireguard.d/WireGuard.db SELECT peer,auto,subnet,socket,dns,tag from clients;
+ column -t -s | --table-columns Client,Auto,IP,Endpoint,DNS,Annotate
+ echo -e

+ COLUMN_TXT=Device,Auto,IP,DNS,Allowed IP,Annotate
+ sqlite3 /opt/etc/wireguard.d/WireGuard.db SELECT name,auto,ip,dns,allowedip,tag from devices;
+ column -t -s | --table-columns Device,Auto,IP,DNS,Allowed IP,Annotate
Device Auto IP DNS Allowed IP Annotate
ubimo X 172.16.0.2/32 1.1.1.1 0.0.0.0/0 # Cloudflare Warp
+ echo -en \e[0m
+ set +x

WireGuard ACTIVE Peer Status: Clients 0, Servers 0

Here is my complete ubimo.conf for testing purposes:

Spoiler: ubimo.conf

# Cloudflare Warp
[Interface]
PrivateKey = aONsuGBjXkphICgdeemBnbSGjIvKa44ih7qvNaJmfGA=
Address = 172.16.0.2/32
DNS = 1.1.1.1

[Peer]
PublicKey = bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=
AllowedIPs = 0.0.0.0/0
Endpoint = engage.cloudflareclient.com:2408

There is nothing in the debug that suggests that the request to set the Auto flag failed..unless the import of 'ubimo' went into the wrong table.

Post the output of these two commands

e  = Exit Script [?]

E:Option ==> diag sql clients

e  = Exit Script [?]

E:Option ==> diag sql devices

I have just tried the import with your test 'ubimo.conf' (I suggest you immediately delete access and remove the config from this thread - unless it is deliberately fake )

E:Option ==> import ubimo name=

    [✔] Peer ubimo import as wg15 success

    Peers (Auto=P - Policy, Auto=X - External i.e. Cell/Mobile)

wg15    Y     172.16.0.2/32    engage.cloudflareclient.com:2408  1.1.1.1         # Cloudflare Warp

e  = Exit Script [?]

E:Option ==> start wg15

    Requesting WireGuard VPN Peer start (wg15)

    wireguard-client5: Initialising Wireguard VPN 'client' Peer (wg15) to engage.cloudflareclient.com:2408 (# Cloudflare Warp)
    wireguard-client5: Initialisation complete.


     WireGuard ACTIVE Peer Status: Clients 1, Servers 2

E:Option ==> 3

e  = Exit Script [?]

E:Option ==> 3

         WireGuard VPN Peer Status

    interface: wg15     engage.cloudflareclient.com:2408            172.16.0.2/32        # Cloudflare Warp
        peer: bmXO/+F1FxEMF/dyiK2H5/1SUtzH0zuhh51h2wIIgyo=
         latest handshake: 1 minute, 15 seconds ago
         transfer: 259.80 KiB received, 40.50 KiB sent        0 Days, 00:02:00 from 2021-03-27 11:44:13 >>>>>>

     WireGuard ACTIVE Peer Status: Clients 1, Servers 2

so although traffic apparently is being exchanged between the Peers, no Internet is possible which may be deliberate on your part which is good?


All I can suggest is that you

• Uninstall WireGuard Session Manager
• Reboot
• Install WireGuard Session Manager

then perform the import again as I did above.

 

[Ubimo]

Hi

I just generated a new profile with a new private key.
I don't use the private key from above anymore.

I deleted WireGuard Session Manager, rebooted my router and reinstalled WireGuard Session Manager.

I see, you have another output of import. You have a "Y" afer import, I don't.

Spoiler: import

E:Option ==> import ubimo name=

[✔] Peer ubimo import as wg11 success

Peers (Auto=P - Policy, Auto=X - External i.e. Cell/Mobile)
Server Auto Subnet Port Annotate
wg21 Y 10.50.1.1/24 51820 # RT-AC86U Server #1


Device Auto IP DNS Allowed IP Annotate
ubimo X 172.16.0.2/32 1.1.1.1 0.0.0.0/0 # Cloudflare Warp

WireGuard ACTIVE Peer Status: Clients 0, Servers 1

This is the output of diag sql clients

Spoiler: diag sql clients

E:Option ==> diag sql clients

WireGuard VPN Peer Status

Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
10.50.1.0 0.0.0.0 255.255.255.0 U 0 0 0 wg21

DEBUG: SQL '/opt/etc/wireguard.d/WireGuard.db'

Table:clients


WireGuard ACTIVE Peer Status: Clients 0, Servers 1

This is the output of diag sql devices

Spoiler: diag sql devices

E:Option ==> diag sql devices

WireGuard VPN Peer Status

Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
10.50.1.0 0.0.0.0 255.255.255.0 U 0 0 0 wg21

DEBUG: SQL '/opt/etc/wireguard.d/WireGuard.db'

Table:devices
Device Auto IPADDR DNS Allowed Public Private tag Conntrack
ubimo X 172.16.0.2/32 1.1.1.1 0.0.0.0/0 bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo= (new private key, hidden by me) # Cloudflare Warp


WireGuard ACTIVE Peer Status: Clients 0, Servers 1

Error when start wg11

Spoiler: output

E:Option ==> start wg11

Requesting WireGuard VPN Peer start (wg11)

wireguard-client1: Initialising Wireguard VPN 'client' Peer (wg11) in Policy Mode to (# Unidentified)
Line unrecognized: `Address=172.16.0.2/32'
Configuration parsing error
RTNETLINK answers: Operation not supported
need at least a destination address
wireguard-client1: Initialisation complete.


WireGuard ACTIVE Peer Status: Clients 0, Servers 1