Wireguard Session Manager - Discussion thread (CLOSED/EXPIRED Oct 2021 use http://www.snbforums.com/threads/session-manager-discussion-2nd-thread.75129/)

[Martineau]

Hi

I just generated a new profile with a new private key.
I don't use the private key from above anymore.

I deleted WireGuard Session Manager, rebooted my router and reinstalled WireGuard Session Manager.

I see, you have another output of import. You have a "Y" afer import, I don't.

Spoiler: import

E:Option ==> import ubimo name=

[✔] Peer ubimo import as wg11 success

Peers (Auto=P - Policy, Auto=X - External i.e. Cell/Mobile)
Server Auto Subnet Port Annotate
wg21 Y 10.50.1.1/24 51820 # RT-AC86U Server #1


Device Auto IP DNS Allowed IP Annotate
ubimo X 172.16.0.2/32 1.1.1.1 0.0.0.0/0 # Cloudflare Warp

WireGuard ACTIVE Peer Status: Clients 0, Servers 1

This is the output of diag sql clients

Spoiler: diag sql clients

E:Option ==> diag sql clients

WireGuard VPN Peer Status

Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
10.50.1.0 0.0.0.0 255.255.255.0 U 0 0 0 wg21

DEBUG: SQL '/opt/etc/wireguard.d/WireGuard.db'

Table:clients


WireGuard ACTIVE Peer Status: Clients 0, Servers 1

This is the output of diag sql devices

Spoiler: diag sql devices

E:Option ==> diag sql devices

WireGuard VPN Peer Status

Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
10.50.1.0 0.0.0.0 255.255.255.0 U 0 0 0 wg21

DEBUG: SQL '/opt/etc/wireguard.d/WireGuard.db'

Table:devices
Device Auto IPADDR DNS Allowed Public Private tag Conntrack
ubimo X 172.16.0.2/32 1.1.1.1 0.0.0.0/0 bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo= (new private key, hidden by me) # Cloudflare Warp


WireGuard ACTIVE Peer Status: Clients 0, Servers 1

Error when start wg11

Spoiler: output

E:Option ==> start wg11

Requesting WireGuard VPN Peer start (wg11)

wireguard-client1: Initialising Wireguard VPN 'client' Peer (wg11) in Policy Mode to (# Unidentified)
Line unrecognized: `Address=172.16.0.2/32'
Configuration parsing error
RTNETLINK answers: Operation not supported
need at least a destination address
wireguard-client1: Initialisation complete.


WireGuard ACTIVE Peer Status: Clients 0, Servers 1

OK, so the import has somehow determined that 'ubimo.conf' is a Road-Warrior 'device' Peer rather than a 'client' Peer and incorrectly placed it in the 'devices' SQL table (as indicated by the Auto='X') and fails to create 'wg11.conf' with the correct format so this is why it won't start.

wireguard-client1: Initialising Wireguard VPN 'client' Peer (wg11) in Policy Mode to (# Unidentified)
Line unrecognized: `Address=172.16.0.2/32'
Configuration parsing error

What is the output of

nvram get ddns_hostname_x

 

[Torson]

I just did a new install - actually 2. One from 'main' and one from 'dev'.

The results are consistent - the following script versions are installed regardless of curl source:
wg_client v.1.09
wg_manager.s.g v 4.02
wg_server v 1.13

Is it me?

 

[Martineau]

I just did a new install - actually 2. One from 'main' and one from 'dev'.

The results are consistent - the following script versions are installed regardless of curl source:
wg_client v.1.09
wg_manager.s.g v 4.02
wg_server v 1.13

Is it me?

Yesterday the uf main branch install kept saying 'UDP_Updater.sh' didn't exist, so I recreated it but still no joy.

So I temporarily force any uf main branch retrieval from the uf dev branch, where all four scripts are always downloaded.

 

[Torson]

Yesterday the uf main branch install kept saying 'UDP_Updater.sh' didn't exist, so I recreated it but still no joy.

So I temporarily force any uf main branch retrieval from the uf dev branch, where all four scripts are always downloaded.

From where I sit, when I open the 'wg_client' and 'wg_server' scripts on the uf dev branch they show the old version numbers as I have them above.
Looking at the same files on the uf main branch they have the new version 4.01 which doesn't get downloaded because of the redirection as you mentioned.

 

[Martineau]

From where I sit, when I open the 'wg_client' and 'wg_server' scripts on the uf dev branch they show the old version numbers as I have them above.
Looking at the same files on the uf main branch they have the new version 4.01 which doesn't get downloaded because of the redirection as you mentioned.

Yes I decided it might be a good idea to reset version control and use 4.01 across all scripts, but I should really enforce use of the GitHub Release feature so it wouldn't matter anyway!

 

[Ubimo]

What is the output of

nvram get ddns_hostname_x

Here is the output

Spoiler: output

E:Option ==> import ubimo name=

[✔] Config ubimo import as wg11 success

Peers (Auto=P - Policy, Auto=X - External i.e. Cell/Mobile)
Server Auto Subnet Port Annotate
wg21 Y 10.50.1.1/24 51820 # RT-AC86U Server #1


Device Auto IP DNS Allowed IP Annotate
ubimo X 172.16.0.2/32 1.1.1.1 0.0.0.0/0 # Cloudflare Warp

WireGuard ACTIVE Peer Status: Clients 0, Servers 0



1 = Update Wireguard modules 7 = Display QR code for a Peer {device} e.g. iPhone
2 = Remove WireGuard/wg_manager 8 = Peer management [ "list" | "category" | "new" ] | [ {Peer | category} [ del | show | add [{"auto="[y|n|p]}] ]
9 = Create Key-pair for Peer {Device} e.g. Nokia6310i (creates Nokia6310i.conf etc.)
3 = List ACTIVE Peers Summary [Peer...] [full] 10 = IPSet management [ "list" ] | [ "upd" { ipset [ "fwmark" {fwmark} ] | [ "enable" {"y"|"n"}] | [ "dstsrc"] ] } ]
4 = Start [ [Peer [nopolicy]...] | category ] e.g. start clients
5 = Stop [ [Peer... ] | category ] e.g. stop clients
6 = Restart [ [Peer... ] | category ] e.g. restart servers

? = About Configuration
v = View ('/jffs/addons/wireguard/WireguardVPN.conf')

e = Exit Script [?]

E:Option ==> nvram get ddns_hostname_x

Invalid Option " Invalid Option "nvram get ddns_hostname_x" Please enter a valid option" Please enter a valid option

WireGuard ACTIVE Peer Status: Clients 0, Servers 0



1 = Update Wireguard modules 7 = Display QR code for a Peer {device} e.g. iPhone
2 = Remove WireGuard/wg_manager 8 = Peer management [ "list" | "category" | "new" ] | [ {Peer | category} [ del | show | add [{"auto="[y|n|p]}] ]
9 = Create Key-pair for Peer {Device} e.g. Nokia6310i (creates Nokia6310i.conf etc.)
3 = List ACTIVE Peers Summary [Peer...] [full] 10 = IPSet management [ "list" ] | [ "upd" { ipset [ "fwmark" {fwmark} ] | [ "enable" {"y"|"n"}] | [ "dstsrc"] ] } ]
4 = Start [ [Peer [nopolicy]...] | category ] e.g. start clients
5 = Stop [ [Peer... ] | category ] e.g. stop clients
6 = Restart [ [Peer... ] | category ] e.g. restart servers

? = About Configuration
v = View ('/jffs/addons/wireguard/WireguardVPN.conf')

e = Exit Script [?]

E:Option ==> e

admin@RT-AC86U-9AD0:/tmp/home/root# nvram get ddns_hostname_x
admin@RT-AC86U-9AD0:/tmp/home/root#

 

[Martineau]

Here is the output

Spoiler: output

E:Option ==> import ubimo name=

[✔] Config ubimo import as wg11 success

Peers (Auto=P - Policy, Auto=X - External i.e. Cell/Mobile)
Server Auto Subnet Port Annotate
wg21 Y 10.50.1.1/24 51820 # RT-AC86U Server #1


Device Auto IP DNS Allowed IP Annotate
ubimo X 172.16.0.2/32 1.1.1.1 0.0.0.0/0 # Cloudflare Warp

WireGuard ACTIVE Peer Status: Clients 0, Servers 0



1 = Update Wireguard modules 7 = Display QR code for a Peer {device} e.g. iPhone
2 = Remove WireGuard/wg_manager 8 = Peer management [ "list" | "category" | "new" ] | [ {Peer | category} [ del | show | add [{"auto="[y|n|p]}] ]
9 = Create Key-pair for Peer {Device} e.g. Nokia6310i (creates Nokia6310i.conf etc.)
3 = List ACTIVE Peers Summary [Peer...] [full] 10 = IPSet management [ "list" ] | [ "upd" { ipset [ "fwmark" {fwmark} ] | [ "enable" {"y"|"n"}] | [ "dstsrc"] ] } ]
4 = Start [ [Peer [nopolicy]...] | category ] e.g. start clients
5 = Stop [ [Peer... ] | category ] e.g. stop clients
6 = Restart [ [Peer... ] | category ] e.g. restart servers

? = About Configuration
v = View ('/jffs/addons/wireguard/WireguardVPN.conf')

e = Exit Script [?]

E:Option ==> nvram get ddns_hostname_x

Invalid Option " Invalid Option "nvram get ddns_hostname_x" Please enter a valid option" Please enter a valid option

WireGuard ACTIVE Peer Status: Clients 0, Servers 0



1 = Update Wireguard modules 7 = Display QR code for a Peer {device} e.g. iPhone
2 = Remove WireGuard/wg_manager 8 = Peer management [ "list" | "category" | "new" ] | [ {Peer | category} [ del | show | add [{"auto="[y|n|p]}] ]
9 = Create Key-pair for Peer {Device} e.g. Nokia6310i (creates Nokia6310i.conf etc.)
3 = List ACTIVE Peers Summary [Peer...] [full] 10 = IPSet management [ "list" ] | [ "upd" { ipset [ "fwmark" {fwmark} ] | [ "enable" {"y"|"n"}] | [ "dstsrc"] ] } ]
4 = Start [ [Peer [nopolicy]...] | category ] e.g. start clients
5 = Stop [ [Peer... ] | category ] e.g. stop clients
6 = Restart [ [Peer... ] | category ] e.g. restart servers

? = About Configuration
v = View ('/jffs/addons/wireguard/WireguardVPN.conf')

e = Exit Script [?]

E:Option ==> e

admin@RT-AC86U-9AD0:/tmp/home/root# nvram get ddns_hostname_x
admin@RT-AC86U-9AD0:/tmp/home/root#

Hmm perhaps that nvram variable isn't valid on your router/firmware

OK, if your DDNS is not for Cloudflare, then I have uploaded version v4.03 which allows you to explicitly specify the type of Peer configuration file you are trying to import.

e  = Exit Script [?]

E:Option ==> uf

so rather than let the script determine which type of Peer configuration you are trying to import, specify it manually:

e  = Exit Script [?]

E:Option ==> import ubimo name= type=client

    [✔] Config ubimo import as wg16 (FORCED as 'client') success

 

[Ubimo]

Thanks, the import is working now, but now there is another problem after starting:

Spoiler: output

E:Option ==> 4

Requesting WireGuard VPN Peer start (wg11)

wireguard-client1: Initialising Wireguard VPN 'client' Peer (wg11) in Policy Mode to engage.cloudflareclient.com:2408 (# Cloudflare Warp)
wireguard-client1: Initialisation complete.


WireGuard ACTIVE Peer Status: Clients 0, Servers 0



1 = Update Wireguard modules 7 = Display QR code for a Peer {device} e.g. iPhone
2 = Remove WireGuard/wg_manager 8 = Peer management [ "list" | "category" | "new" ] | [ {Peer | category} [ del | show | add [{"auto="[y|n|p]}] ]
9 = Create Key-pair for Peer {Device} e.g. Nokia6310i (creates Nokia6310i.conf etc.)
3 = List ACTIVE Peers Summary [Peer...] [full] 10 = IPSet management [ "list" ] | [ "upd" { ipset [ "fwmark" {fwmark} ] | [ "enable" {"y"|"n"}] | [ "dstsrc"] ] } ]
4 = Start [ [Peer [nopolicy]...] | category ] e.g. start clients
5 = Stop [ [Peer... ] | category ] e.g. stop clients
6 = Restart [ [Peer... ] | category ] e.g. restart servers

? = About Configuration
v = View ('/jffs/addons/wireguard/WireguardVPN.conf')

e = Exit Script [?]

E:Option ==> 3

WireGuard VPN Peer Status

Error: no such column: subnet
Error: no such column: peer
interface: wg11 engage.cloudflareclient.com:2408
peer: bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=

WireGuard ACTIVE Peer Status: Clients 0, Servers 0
d


1 = Update Wireguard modules 7 = Display QR code for a Peer {device} e.g. iPhone
2 = Remove WireGuard/wg_manager 8 = Peer management [ "list" | "category" | "new" ] | [ {Peer | category} [ del | show | add [{"auto="[y|n|p]}] ]
9 = Create Key-pair for Peer {Device} e.g. Nokia6310i (creates Nokia6310i.conf etc.)
3 = List ACTIVE Peers Summary [Peer...] [full] 10 = IPSet management [ "list" ] | [ "upd" { ipset [ "fwmark" {fwmark} ] | [ "enable" {"y"|"n"}] | [ "dstsrc"] ] } ]
4 = Start [ [Peer [nopolicy]...] | category ] e.g. start clients
5 = Stop [ [Peer... ] | category ] e.g. stop clients
6 = Restart [ [Peer... ] | category ] e.g. restart servers

? = About Configuration
v = View ('/jffs/addons/wireguard/WireguardVPN.conf')

e = Exit Script [?]

E:Option ==> diag

WireGuard VPN Peer Status
interface: wg11
public key: QsI4jJI25mXZMdDh3+fQIaYEVvGv1cn/xkXeql2aFUw=
private key: (hidden)
listening port: 40868

peer: bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=
endpoint: 162.159.192.1:2408
allowed ips: 0.0.0.0/0

DEBUG: Routing Table main


DEBUG: Routing Table 121 (wg11) # Cloudflare Warp

0.0.0.0/1 dev wg11 scope link
128.0.0.0/1 dev wg11 scope link
192.168.1.0/24 dev br0 proto kernel scope link src 192.168.1.1

DEBUG: RPDB rules

0: from all lookup local
32766: from all lookup main
32767: from all lookup default

DEBUG: Routing info MTU etc.

27: wg11: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
link/none
inet 172.16.0.2/32 scope global wg11
valid_lft forever preferred_lft forever

Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface

DEBUG: UDP sockets.

udp 0 0 0.0.0.0:40868 0.0.0.0:* -
udp 0 0 :::40868 :::* -

DEBUG: Firewall rules


DEBUG: -t filter

Chain FORWARD (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT all -- br2 wg11 0.0.0.0/0 0.0.0.0/0 /* WireGuard Guest_VLAN */
2 0 0 ACCEPT all -- br1 wg11 0.0.0.0/0 0.0.0.0/0 /* WireGuard Guest_VLAN */

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 202 packets, 30845 bytes)
num pkts bytes target prot opt in out source destination

DEBUG: -t nat

Chain PREROUTING (policy ACCEPT 94 packets, 13328 bytes)
num pkts bytes target prot opt in out source destination

DEBUG: -t mangle

Chain FORWARD (policy ACCEPT 370 packets, 21050 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 MARK all -- * wg11 0.0.0.0/0 0.0.0.0/0 /* WireGuard 'client' */ MARK xset 0x1/0x7
2 0 0 TCPMSS tcp -- wg11 * 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x06/0x02 /* WireGuard 'client' */ TCPMSS clamp to PMTU
3 0 0 TCPMSS tcp -- * wg11 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x06/0x02 /* WireGuard 'client' */ TCPMSS clamp to PMTU

Chain PREROUTING (policy ACCEPT 595 packets, 50372 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 MARK all -- wg11 * 0.0.0.0/0 0.0.0.0/0 /* WireGuard 'client' */ MARK xset 0x1/0x7

DEBUG: SQL '/opt/etc/wireguard.d/WireGuard.db'

wg11|Y|172.16.0.2/32|engage.cloudflareclient.com:2408|1.1.1.1|bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=|(private key, hidden by me)|# Cloudflare Warp
0x1000|wg11
0x2000|wg12
0x4000|wg13
0x7000|wg14
0x3000|wg15
0x8000|wan
wg21|Start|1616917792
wg21|End|1616917799
wg11|Start|1616917885
wg11|1616917885|0|0


WireGuard ACTIVE Peer Status: Clients 0, Servers 0

 

[Martineau]

Thanks, the import is working now, but now there is another problem after starting:

Spoiler: output

E:Option ==> 4

Requesting WireGuard VPN Peer start (wg11)

wireguard-client1: Initialising Wireguard VPN 'client' Peer (wg11) in Policy Mode to engage.cloudflareclient.com:2408 (# Cloudflare Warp)
wireguard-client1: Initialisation complete.


WireGuard ACTIVE Peer Status: Clients 0, Servers 0



1 = Update Wireguard modules 7 = Display QR code for a Peer {device} e.g. iPhone
2 = Remove WireGuard/wg_manager 8 = Peer management [ "list" | "category" | "new" ] | [ {Peer | category} [ del | show | add [{"auto="[y|n|p]}] ]
9 = Create Key-pair for Peer {Device} e.g. Nokia6310i (creates Nokia6310i.conf etc.)
3 = List ACTIVE Peers Summary [Peer...] [full] 10 = IPSet management [ "list" ] | [ "upd" { ipset [ "fwmark" {fwmark} ] | [ "enable" {"y"|"n"}] | [ "dstsrc"] ] } ]
4 = Start [ [Peer [nopolicy]...] | category ] e.g. start clients
5 = Stop [ [Peer... ] | category ] e.g. stop clients
6 = Restart [ [Peer... ] | category ] e.g. restart servers

? = About Configuration
v = View ('/jffs/addons/wireguard/WireguardVPN.conf')

e = Exit Script [?]

E:Option ==> 3

WireGuard VPN Peer Status

Error: no such column: subnet
Error: no such column: peer
interface: wg11 engage.cloudflareclient.com:2408
peer: bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=

WireGuard ACTIVE Peer Status: Clients 0, Servers 0
d


1 = Update Wireguard modules 7 = Display QR code for a Peer {device} e.g. iPhone
2 = Remove WireGuard/wg_manager 8 = Peer management [ "list" | "category" | "new" ] | [ {Peer | category} [ del | show | add [{"auto="[y|n|p]}] ]
9 = Create Key-pair for Peer {Device} e.g. Nokia6310i (creates Nokia6310i.conf etc.)
3 = List ACTIVE Peers Summary [Peer...] [full] 10 = IPSet management [ "list" ] | [ "upd" { ipset [ "fwmark" {fwmark} ] | [ "enable" {"y"|"n"}] | [ "dstsrc"] ] } ]
4 = Start [ [Peer [nopolicy]...] | category ] e.g. start clients
5 = Stop [ [Peer... ] | category ] e.g. stop clients
6 = Restart [ [Peer... ] | category ] e.g. restart servers

? = About Configuration
v = View ('/jffs/addons/wireguard/WireguardVPN.conf')

e = Exit Script [?]

E:Option ==> diag

WireGuard VPN Peer Status
interface: wg11
public key: QsI4jJI25mXZMdDh3+fQIaYEVvGv1cn/xkXeql2aFUw=
private key: (hidden)
listening port: 40868

peer: bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=
endpoint: 162.159.192.1:2408
allowed ips: 0.0.0.0/0

DEBUG: Routing Table main


DEBUG: Routing Table 121 (wg11) # Cloudflare Warp

0.0.0.0/1 dev wg11 scope link
128.0.0.0/1 dev wg11 scope link
192.168.1.0/24 dev br0 proto kernel scope link src 192.168.1.1

DEBUG: RPDB rules

0: from all lookup local
32766: from all lookup main
32767: from all lookup default

DEBUG: Routing info MTU etc.

27: wg11: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
link/none
inet 172.16.0.2/32 scope global wg11
valid_lft forever preferred_lft forever

Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface

DEBUG: UDP sockets.

udp 0 0 0.0.0.0:40868 0.0.0.0:* -
udp 0 0 :::40868 :::* -

DEBUG: Firewall rules


DEBUG: -t filter

Chain FORWARD (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT all -- br2 wg11 0.0.0.0/0 0.0.0.0/0 /* WireGuard Guest_VLAN */
2 0 0 ACCEPT all -- br1 wg11 0.0.0.0/0 0.0.0.0/0 /* WireGuard Guest_VLAN */

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 202 packets, 30845 bytes)
num pkts bytes target prot opt in out source destination

DEBUG: -t nat

Chain PREROUTING (policy ACCEPT 94 packets, 13328 bytes)
num pkts bytes target prot opt in out source destination

DEBUG: -t mangle

Chain FORWARD (policy ACCEPT 370 packets, 21050 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 MARK all -- * wg11 0.0.0.0/0 0.0.0.0/0 /* WireGuard 'client' */ MARK xset 0x1/0x7
2 0 0 TCPMSS tcp -- wg11 * 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x06/0x02 /* WireGuard 'client' */ TCPMSS clamp to PMTU
3 0 0 TCPMSS tcp -- * wg11 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x06/0x02 /* WireGuard 'client' */ TCPMSS clamp to PMTU

Chain PREROUTING (policy ACCEPT 595 packets, 50372 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 MARK all -- wg11 * 0.0.0.0/0 0.0.0.0/0 /* WireGuard 'client' */ MARK xset 0x1/0x7

DEBUG: SQL '/opt/etc/wireguard.d/WireGuard.db'

wg11|Y|172.16.0.2/32|engage.cloudflareclient.com:2408|1.1.1.1|bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=|(private key, hidden by me)|# Cloudflare Warp
0x1000|wg11
0x2000|wg12
0x4000|wg13
0x7000|wg14
0x3000|wg15
0x8000|wan
wg21|Start|1616917792
wg21|End|1616917799
wg11|Start|1616917885
wg11|1616917885|0|0


WireGuard ACTIVE Peer Status: Clients 0, Servers 0

Just to make debugging easier, can you please upgrade to wg_manager Beta v4.04. (a few cosmetic tweaks including adding the missing column id text 'Private' when displaying the Peer summary)

e  = Exit Script [?]

E:Option ==> uf

OK, so 'client' Peer wg11 is now actually functioning correctly and ALL internet traffic is via WireGuard?

e  = Exit Script [?]

E:Option ==> wg

However,, the script doesn't show the complete status details of the wg11 connection?

                 WireGuard VPN Peer Status

Error: no such column: subnet
Error: no such column: peer

You will need to provide the debug output

e  = Exit Script [?]

E:Option ==> debug

e  = Exit Script [?]

E:Option ==> 3

EDIT: All your issues seem to point to this scenario i.e. the DDNS you have set up doesn't use your ISP IP

 

[Ubimo]

Thanks for your replies:

wg11 is not functioning correctly, no internet traffic is via WireGuard.

This is the output of debug and 3:

Spoiler: output

E:Option ==> debug

WireGuard ACTIVE Peer Status: Clients 0, Servers 0



1 = Update Wireguard modules 7 = Display QR code for a Peer {device} e.g. iPhone
2 = Remove WireGuard/wg_manager 8 = Peer management [ "list" | "category" | "new" ] | [ {Peer | category} [ del | show | add [{"auto="[y|n|p]}] ]
9 = Create Key-pair for Peer {Device} e.g. Nokia6310i (creates Nokia6310i.conf etc.)
3 = List ACTIVE Peers Summary [Peer...] [full] 10 = IPSet management [ "list" ] | [ "upd" { ipset [ "fwmark" {fwmark} ] | [ "enable" {"y"|"n"}] | [ "dstsrc"] ] } ]
4 = Start [ [Peer [nopolicy]...] | category ] e.g. start clients
5 = Stop [ [Peer... ] | category ] e.g. stop clients
6 = Restart [ [Peer... ] | category ] e.g. restart servers

? = About Configuration
v = View ('/jffs/addons/wireguard/WireguardVPN.conf')

e = Exit Script [?]

Eebug mode enabledOption ==> 3
+ printf %s 3+ sed s/^[ \t]*//;s/[ \t]*$//

+ menu1=3
+ Validate_User_Choice 3
+ local menu1=3
+ [ Y == Y ]
+ echo 3
+ awk {$1="list"}1
+ menu1=list
+ echo list
+ menu1=list
+ Process_User_Choice list
+ local menu1=list
+ echo list
+ awk {print $1}
+ local ACTION=list
+ local ARG=
+ echo list
+ wc -w
+ [ 1 -ge 2 ]
+ which wg
+ [ -n /opt/bin/wg ]
+ echo -e \e[93m\n\t\t WireGuard VPN Peer Status\e[0m

WireGuard VPN Peer Status
+ [ list == diag ]
+ Show_Peer_Status
+ local DETAIL=
+ local WG_INTERFACE=
+ local MINS=0
+ [ 0 -gt 0 ]
+ [ -z ]
+ wg show interfaces
+ WG_INTERFACE=
+ set +x

WireGuard ACTIVE Peer Status: Clients 0, Servers 0



1 = Update Wireguard modules 7 = Display QR code for a Peer {device} e.g. iPhone
2 = Remove WireGuard/wg_manager 8 = Peer management [ "list" | "category" | "new" ] | [ {Peer | category} [ del | show | add [{"auto="[y|n|p]}] ]
9 = Create Key-pair for Peer {Device} e.g. Nokia6310i (creates Nokia6310i.conf etc.)
3 = List ACTIVE Peers Summary [Peer...] [full] 10 = IPSet management [ "list" ] | [ "upd" { ipset [ "fwmark" {fwmark} ] | [ "enable" {"y"|"n"}] | [ "dstsrc"] ] } ]
4 = Start [ [Peer [nopolicy]...] | category ] e.g. start clients
5 = Stop [ [Peer... ] | category ] e.g. stop clients
6 = Restart [ [Peer... ] | category ] e.g. restart servers

? = About Configuration
v = View ('/jffs/addons/wireguard/WireguardVPN.conf')

e = Exit Script [?]

Eebug mode enabledOption ==>

wg11 does not start, see clients 0

Spoiler: output

E:Option ==> 4 wg11

Requesting WireGuard VPN Peer start (wg11)

wireguard-client1: Initialising Wireguard VPN 'client' Peer (wg11) in Policy Mode to engage.cloudflareclient.com:2408 (# Cloudflare Warp)
wireguard-client1: Initialisation complete.


WireGuard ACTIVE Peer Status: Clients 0, Servers 0

Nice drawing, but unfortunately I do not understand...
I did not setup a DDNS, I don't even know what this is?

 

[slidermike]

Nice drawing, but unfortunately I do not understand...

He is saying your DDNS is using your Wireguard (VPN) IP address instead of your WAN IP address.

Most VPN providers do not support this type of configuration.
The VPN providers that do would likely require giving you a static IP address.
Otherwise the VPN provider has no way of knowing where to send traffic that has originated from an external source.

 

[Ubimo]

Can I do something about this?

Edit:
I see DDNS client is off.

 

[Martineau]

Thanks for your replies:

wg11 is not functioning correctly, no internet traffic is via WireGuard.

This is the output of debug and 3:

Spoiler: output

E:Option ==> debug

WireGuard ACTIVE Peer Status: Clients 0, Servers 0



1 = Update Wireguard modules 7 = Display QR code for a Peer {device} e.g. iPhone
2 = Remove WireGuard/wg_manager 8 = Peer management [ "list" | "category" | "new" ] | [ {Peer | category} [ del | show | add [{"auto="[y|n|p]}] ]
9 = Create Key-pair for Peer {Device} e.g. Nokia6310i (creates Nokia6310i.conf etc.)
3 = List ACTIVE Peers Summary [Peer...] [full] 10 = IPSet management [ "list" ] | [ "upd" { ipset [ "fwmark" {fwmark} ] | [ "enable" {"y"|"n"}] | [ "dstsrc"] ] } ]
4 = Start [ [Peer [nopolicy]...] | category ] e.g. start clients
5 = Stop [ [Peer... ] | category ] e.g. stop clients
6 = Restart [ [Peer... ] | category ] e.g. restart servers

? = About Configuration
v = View ('/jffs/addons/wireguard/WireguardVPN.conf')

e = Exit Script [?]

Eebug mode enabledOption ==> 3
+ printf %s 3+ sed s/^[ \t]*//;s/[ \t]*$//

+ menu1=3
+ Validate_User_Choice 3
+ local menu1=3
+ [ Y == Y ]
+ echo 3
+ awk {$1="list"}1
+ menu1=list
+ echo list
+ menu1=list
+ Process_User_Choice list
+ local menu1=list
+ echo list
+ awk {print $1}
+ local ACTION=list
+ local ARG=
+ echo list
+ wc -w
+ [ 1 -ge 2 ]
+ which wg
+ [ -n /opt/bin/wg ]
+ echo -e \e[93m\n\t\t WireGuard VPN Peer Status\e[0m

WireGuard VPN Peer Status
+ [ list == diag ]
+ Show_Peer_Status
+ local DETAIL=
+ local WG_INTERFACE=
+ local MINS=0
+ [ 0 -gt 0 ]
+ [ -z ]
+ wg show interfaces
+ WG_INTERFACE=
+ set +x

WireGuard ACTIVE Peer Status: Clients 0, Servers 0



1 = Update Wireguard modules 7 = Display QR code for a Peer {device} e.g. iPhone
2 = Remove WireGuard/wg_manager 8 = Peer management [ "list" | "category" | "new" ] | [ {Peer | category} [ del | show | add [{"auto="[y|n|p]}] ]
9 = Create Key-pair for Peer {Device} e.g. Nokia6310i (creates Nokia6310i.conf etc.)
3 = List ACTIVE Peers Summary [Peer...] [full] 10 = IPSet management [ "list" ] | [ "upd" { ipset [ "fwmark" {fwmark} ] | [ "enable" {"y"|"n"}] | [ "dstsrc"] ] } ]
4 = Start [ [Peer [nopolicy]...] | category ] e.g. start clients
5 = Stop [ [Peer... ] | category ] e.g. stop clients
6 = Restart [ [Peer... ] | category ] e.g. restart servers

? = About Configuration
v = View ('/jffs/addons/wireguard/WireguardVPN.conf')

e = Exit Script [?]

Eebug mode enabledOption ==>

wg11 does not start, see clients 0

Spoiler: output

E:Option ==> 4 wg11

Requesting WireGuard VPN Peer start (wg11)

wireguard-client1: Initialising Wireguard VPN 'client' Peer (wg11) in Policy Mode to engage.cloudflareclient.com:2408 (# Cloudflare Warp)
wireguard-client1: Initialisation complete.


WireGuard ACTIVE Peer Status: Clients 0, Servers 0

Nice drawing, but unfortunately I do not understand...
I did not setup a DDNS, I don't even know what this is?

Because clients=0 is shown by the script, that is why I asked you in post #149 to issue the wg command (which is what the diag comand does and in your previous debug output it showed that the wg11interface was physically there.

Now clearly either you manually stopped wg1 (or it mysteriously went AWOL) but it rendered the last debug session useless, but I suggest if you are willing, can you re-perform the import with debug enabled throughout.

 

[Ubimo]

Thank you for your patience with me.

I made a fresh install, this is the output of debug and import:

Spoiler: output part 1

E:Option ==> debug

WireGuard ACTIVE Peer Status: Clients 0, Servers 0



1 = Update Wireguard modules 7 = Display QR code for a Peer {device} e.g. iPhone
2 = Remove WireGuard/wg_manager 8 = Peer management [ "list" | "category" | "new" ] | [ {Peer | category} [ del | show | add [{"auto="[y|n|p]}] ]
9 = Create Key-pair for Peer {Device} e.g. Nokia6310i (creates Nokia6310i.conf etc.)
3 = List ACTIVE Peers Summary [Peer...] [full] 10 = IPSet management [ "list" ] | [ "upd" { ipset [ "fwmark" {fwmark} ] | [ "enable" {"y"|"n"}] | [ "dstsrc"] ] } ]
4 = Start [ [Peer [nopolicy]...] | category ] e.g. start clients
5 = Stop [ [Peer... ] | category ] e.g. stop clients
6 = Restart [ [Peer... ] | category ] e.g. restart servers

? = About Configuration
v = View ('/jffs/addons/wireguard/WireguardVPN.conf')

e = Exit Script [?]

Eebug mode enabledOption ==> import warp name= type=client
+ + sed s/^[ \t]*//;s/[ \t]*$//
printf %s import warp name= type=client
+ menu1=import warp name= type=client
+ Validate_User_Choice import warp name= type=client
+ local menu1=import warp name= type=client
+ [ Y == Y ]
+ echo import warp name= type=client
+ menu1=import warp name= type=client
+ Process_User_Choice import warp name= type=client
+ local menu1=import warp name= type=client
+ Import_Peer import warp name= type=client
+ local ACTION=import
+ shift
+ local WG_INTERFACE=warp
+ [ warp == ? ]
+ [ warp == dir ]
+ [ 3 -gt 0 ]
+ echo warp+ grep -F name=

+ [ -n ]
+ [ warp == tag= ]
+ [ warp == comment ]
+ echo+ grep -F type=
warp
+ [ -n ]
+ shift
+ [ 2 -gt 0 ]
+ echo+ grep -F name=
name=
+ [ -n name= ]
+ local RENAME=Y
+ echo name=
+ awk {print $0}
+ sed -n s/^.*name=//p
+ local NEW_NAME=
+ [ -z ]
+ [ -f /opt/etc/wireguard.d/wg11.conf ]
+ local NEW_NAME=wg11
+ break
+ [ name= == tag= ]
+ [ name= == comment ]
+ echo+ grep -F type=
name=
+ [ -n ]
+ shift
+ [ 1 -gt 0 ]
+ + grep -F name=
echo type=client
+ [ -n ]
+ [ type=client == tag= ]
+ [ type=client == comment ]
+ echo type=client
+ grep -F type=
+ [ -n type=client ]
+ echo type=client
+ sed -n s/^.*type=//p
+ awk {print $0}
+ local FORCE_TYPE=client
+ shift
+ [ 0 -gt 0 ]
+ [ warp = comment ]
+ [ -f /opt/etc/wireguard.d/warp.conf ]
+ Server_or_Client warp
+ local WG_INTERFACE=warp
+ local PEER_TYPE=
+ [ -f /opt/etc/wireguard.d/warp.conf ]
+ grep -iE ^Endpoint /opt/etc/wireguard.d/warp.conf
+ [ -n Endpoint = engage.cloudflareclient.com:2408 ]
+ nvram get ddns_hostname_x
+ grep -iF /opt/etc/wireguard.d/warp.conf
+ [ -z # Cloudflare Warp
[Interface]
PrivateKey = ePnDh+pQjs66xQRSXIsxyXexA+80NevCKjmEmO3ue1I=
Address = 172.16.0.2/32
DNS = 1.1.1.1

[Peer]
PublicKey = bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=
AllowedIPs = 0.0.0.0/0
Endpoint = engage.cloudflareclient.com:2408 ]
+ PEER_TYPE=device
+ echo device
+ local MODE=device
+ [ -n client ]
+ MODE=client
+ local FORCE_TYPE_TXT=(\e[91mFORCED as 'client'\e[0m) \e[92m
+ [ client != server ]
+ [ client == client ]
+ local TABLE=clients
+ local AUTO=Y
+ local KEY=peer
+ sqlite3 /opt/etc/wireguard.d/WireGuard.db SELECT peer FROM clients WHERE peer='warp';
+ [ -z ]
+ [ -z ]
+ grep -FB1 [Interface] /opt/etc/wireguard.d/warp.conf
+ grep -vF [Interface]
+ local ANNOTATE=# Cloudflare Warp
+ [ -z # Cloudflare Warp ]
+ local INSERT_COMMENT=N
+ echo # Cloudflare Warp+ sed s/'/''/g

+ local ANNOTATE=# Cloudflare Warp
+ printf %s+ sed s/^[ \t]*//;s/[ \t]*$//
# Cloudflare Warp
+ local ANNOTATE=# Cloudflare Warp
+ [ # != # ]
+ IFS= read -r LINE
+ IFS= read -r LINE
+ IFS= read -r LINE
+ local PRI_KEY=ePnDh+pQjs66xQRSXIsxyXexA+80NevCKjmEmO3ue1I=
+ IFS= read -r LINE
+ local SUBNET=172.16.0.2/32
+ [ client == client ]
+ COMMENT_OUT=Y
+ IFS= read -r LINE
+ local DNS=1.1.1.1
+ [ client == client ]
+ COMMENT_OUT=Y
+ IFS= read -r LINE
+ IFS= read -r LINE
+ IFS= read -r LINE
+ local PUB_KEY=bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=
+ IFS= read -r LINE
+ echo AllowedIPs = 0.0.0.0/0
+ awk {print $3}
+ local ALLOWIP=0.0.0.0/0
+ IFS= read -r LINE
+ local SOCKET=engage.cloudflareclient.com:2408
+ IFS= read -r LINE
+ [ -n ]
+ [ -f /opt/etc/wireguard.d/warp_public.key ]
+ [ -z 1.1.1.1 ]
+ [ -z 172.16.0.2/32 ]
+ nvram get ipv6_service
+ [ disabled == disabled ]
+ echo 172.16.0.2/32
+ tr ,
+ awk {print $1}
+ local SUBNET=172.16.0.2/32
+ echo 172.16.0.2/32+ Is_IPv4_CIDR
+ grep -oE ^([0-9]{1,3}\.){3}[0-9]{1,3}/[0-9]{1,2}$

+ [ -z 172.16.0.2/32 ]
+ [ client = client ]
+ [ Y != Y ]
+ sqlite3 /opt/etc/wireguard.d/WireGuard.db INSERT INTO clients values('wg11','Y','172.16.0.2/32','engage.cloudflareclient.com:2408','1.1.1.1','bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=','ePnDh+pQjs66xQRSXIsxyXexA+80NevCKjmEmO3ue1I=','# Cloudflare Warp');
+ cp /opt/etc/wireguard.d/warp.conf /opt/etc/wireguard.d/warp.conf_imported
+ [ Y == Y ]
+ sed -i s/^DNS/#DNS/ /opt/etc/wireguard.d/warp.conf
+ sed -i s/^Address/#Address/ /opt/etc/wireguard.d/warp.conf
+ [ # Cloudflare Warp != # N/A ]
+ [ N != N ]
+ [ /opt/etc/wireguard.d/ != /opt/etc/wireguard.d/ ]
+ [ Y == Y ]
+ mv /opt/etc/wireguard.d/warp.conf /opt/etc/wireguard.d/wg11.conf
+ local AS_TXT=as \e[95mwg11 \e[0m
+ echo -e \e[92m\n\t[✔] Config \e[95mwarp\e[92m import as \e[95mwg11 \e[0m(\e[91mFORCED as 'client'\e[0m) \e[92msuccess\e[0m

[✔] Config warp import as wg11 (FORCED as 'client') success
+ local COMMENTOUT=
+ local RENAME=
+ local AS_TXT=
+ Manage_Peer
+ local ACTION=
+ shift
+ WG_INTERFACE=
+ shift
+ local CMD=
+ [ == new ]
+ [ == newC ]
+ [ == help ]
+ [ -z ]
+ CMD=list
+ echo
+ grep -iw ipset
+ [ -n ]
+ [ != category ]
+ Show_Peer_Config_Entry
+ local WG_INTERFACE=
+ echo -e \e[97m\n\tPeers (Auto=P - Policy, Auto=X - External i.e. Cell/Mobile)\e[96m

Peers (Auto=P - Policy, Auto=X - External i.e. Cell/Mobile)
+ COLUMN_TXT=Server,Auto,Subnet,Port,Annotate
+ sqlite3 /opt/etc/wireguard.d/WireGuard.db SELECT peer,auto,subnet,port,tag from servers;
+ column -t -s | --table-columns Server,Auto,Subnet,Port,Annotate
Server Auto Subnet Port Annotate
wg21 Y 10.50.1.1/24 51820 # RT-AC86U Server #1
+ echo -e

+ COLUMN_TXT=Client,Auto,IP,Endpoint,DNS,Annotate
+ sqlite3 /opt/etc/wireguard.d/WireGuard.db SELECT peer,auto,subnet,socket,dns,tag from clients;
+ column -t -s | --table-columns Client,Auto,IP,Endpoint,DNS,Annotate
Client Auto IP Endpoint DNS Annotate
wg11 Y 172.16.0.2/32 engage.cloudflareclient.com:2408 1.1.1.1 # Cloudflare Warp
+ echo -e

+ COLUMN_TXT=Device,Auto,IP,DNS,Allowed IP,Annotate
+ sqlite3 /opt/etc/wireguard.d/WireGuard.db SELECT name,auto,ip,dns,allowedip,tag from devices;
+ column -t -s | --table-columns Device,Auto,IP,DNS,Allowed IP,Annotate
+ echo -en \e[0m
+ set +x

WireGuard ACTIVE Peer Status: Clients 0, Servers 0



1 = Update Wireguard modules 7 = Display QR code for a Peer {device} e.g. iPhone
2 = Remove WireGuard/wg_manager 8 = Peer management [ "list" | "category" | "new" ] | [ {Peer | category} [ del | show | add [{"auto="[y|n|p]}] ]
9 = Create Key-pair for Peer {Device} e.g. Nokia6310i (creates Nokia6310i.conf etc.)
3 = List ACTIVE Peers Summary [Peer...] [full] 10 = IPSet management [ "list" ] | [ "upd" { ipset [ "fwmark" {fwmark} ] | [ "enable" {"y"|"n"}] | [ "dstsrc"] ] } ]
4 = Start [ [Peer [nopolicy]...] | category ] e.g. start clients
5 = Stop [ [Peer... ] | category ] e.g. stop clients
6 = Restart [ [Peer... ] | category ] e.g. restart servers

? = About Configuration
v = View ('/jffs/addons/wireguard/WireguardVPN.conf')

e = Exit Script [?]

 

[Ubimo]

And start:

Spoiler: output part 2

Eebug mode enabledOption ==> 4 wg11
+ printf %s 4 wg11
+ sed s/^[ \t]*//;s/[ \t]*$//
+ menu1=4 wg11
+ Validate_User_Choice 4 wg11
+ local menu1=4 wg11
+ [ Y == Y ]
+ echo 4 wg11
+ awk {$1="start"}1
+ menu1=start wg11
+ echo start wg11
+ menu1=start wg11
+ Process_User_Choice start wg11
+ local menu1=start wg11
+ Manage_Wireguard_Sessions start wg11
+ local ACTION=start
+ shift
+ local WG_INTERFACE=wg11
+ shift
+ local CATEGORY=
+ [ -z wg11 ]
+ echo -en \e[96m
+ local PEERS=wg11
+ [ wg != wg ]
+ local INTERFACES= wg11
+ WG_INTERFACE= wg11
+ printf %s+ sed s/^[ \t]*//;s/[ \t]*$//
wg11
+ WG_INTERFACE=wg11
+ echo -e \e[97m\n\tRequesting WireGuard VPN Peer start (\e[95mwg11\e[0m)

Requesting WireGuard VPN Peer start (wg11)
+ echo
+ grep -w nopolicy
+ [ -n ]
+ echo -e

+ LOOKAHEAD=wg11
+ Server_or_Client wg11
+ local WG_INTERFACE=wg11
+ local PEER_TYPE=
+ [ -f /opt/etc/wireguard.d/wg11.conf ]
+ grep -iE ^Endpoint /opt/etc/wireguard.d/wg11.conf
+ [ -n Endpoint = engage.cloudflareclient.com:2408 ]
+ nvram get ddns_hostname_x
+ grep -iF /opt/etc/wireguard.d/wg11.conf
+ [ -z # Cloudflare Warp
[Interface]
PrivateKey = ePnDh+pQjs66xQRSXIsxyXexA+80NevCKjmEmO3ue1I=
#Address = 172.16.0.2/32
#DNS = 1.1.1.1

[Peer]
PublicKey = bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=
AllowedIPs = 0.0.0.0/0
Endpoint = engage.cloudflareclient.com:2408 ]
+ PEER_TYPE=device
+ echo device
+ Mode=device
+ [ device == server ]
+ local TABLE=clients
+ [ wg11 == nopolicy ]
+ echo+ awk {$1=""}1
wg11
+ LOOKAHEAD=
+ echo + awk {print $1}

+ [ == nopolicy ]
+ [ -z ]
+ [ device == client ]
+ [ start == restart ]
+ echo -en \e[96m
+ SayT v4.04 Initialising Wireguard VPN 'device' Peer (wg11)
+ echo -e 11857 v4.04 Initialising Wireguard VPN 'device' Peer (wg11)
+ basename /jffs/addons/wireguard/wg_manager.sh
+ logger -t (wg_manager.sh)
+ ifconfig+ grep -E ^wg11

+ [ -n ]
+ [ -f /opt/etc/wireguard.d/wg11.conf ]
+ [ device == server ]
+ [ device == client ]
+ sh /jffs/addons/wireguard/wg_client wg11 policy
wireguard-client1: Initialising Wireguard VPN 'client' Peer (wg11) in Policy Mode to engage.cloudflareclient.com:2408 (# Cloudflare Warp)
wireguard-client1: Initialisation complete.

+ Route=
+ WG_show
+ local SHOW=
+ [ == Y ]
+ set +x

WireGuard ACTIVE Peer Status: Clients 0, Servers 0

My warp.conf

Spoiler: warp.conf

# Cloudflare Warp
[Interface]
PrivateKey = hidden
Address = 172.16.0.2/32
DNS = 1.1.1.1

[Peer]
PublicKey = bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=
AllowedIPs = 0.0.0.0/0
Endpoint = engage.cloudflareclient.com:2408

 

[Martineau]

And start:

Spoiler: output part 2

Eebug mode enabledOption ==> 4 wg11
+ printf %s 4 wg11
+ sed s/^[ \t]*//;s/[ \t]*$//
+ menu1=4 wg11
+ Validate_User_Choice 4 wg11
+ local menu1=4 wg11
+ [ Y == Y ]
+ echo 4 wg11
+ awk {$1="start"}1
+ menu1=start wg11
+ echo start wg11
+ menu1=start wg11
+ Process_User_Choice start wg11
+ local menu1=start wg11
+ Manage_Wireguard_Sessions start wg11
+ local ACTION=start
+ shift
+ local WG_INTERFACE=wg11
+ shift
+ local CATEGORY=
+ [ -z wg11 ]
+ echo -en \e[96m
+ local PEERS=wg11
+ [ wg != wg ]
+ local INTERFACES= wg11
+ WG_INTERFACE= wg11
+ printf %s+ sed s/^[ \t]*//;s/[ \t]*$//
wg11
+ WG_INTERFACE=wg11
+ echo -e \e[97m\n\tRequesting WireGuard VPN Peer start (\e[95mwg11\e[0m)

Requesting WireGuard VPN Peer start (wg11)
+ echo
+ grep -w nopolicy
+ [ -n ]
+ echo -e

+ LOOKAHEAD=wg11
+ Server_or_Client wg11
+ local WG_INTERFACE=wg11
+ local PEER_TYPE=
+ [ -f /opt/etc/wireguard.d/wg11.conf ]
+ grep -iE ^Endpoint /opt/etc/wireguard.d/wg11.conf
+ [ -n Endpoint = engage.cloudflareclient.com:2408 ]
+ nvram get ddns_hostname_x
+ grep -iF /opt/etc/wireguard.d/wg11.conf
+ [ -z # Cloudflare Warp
[Interface]
PrivateKey = ePnDh+pQjs66xQRSXIsxyXexA+80NevCKjmEmO3ue1I=
#Address = 172.16.0.2/32
#DNS = 1.1.1.1

[Peer]
PublicKey = bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=
AllowedIPs = 0.0.0.0/0
Endpoint = engage.cloudflareclient.com:2408 ]
+ PEER_TYPE=device
+ echo device
+ Mode=device
+ [ device == server ]
+ local TABLE=clients
+ [ wg11 == nopolicy ]
+ echo+ awk {$1=""}1
wg11
+ LOOKAHEAD=
+ echo + awk {print $1}

+ [ == nopolicy ]
+ [ -z ]
+ [ device == client ]
+ [ start == restart ]
+ echo -en \e[96m
+ SayT v4.04 Initialising Wireguard VPN 'device' Peer (wg11)
+ echo -e 11857 v4.04 Initialising Wireguard VPN 'device' Peer (wg11)
+ basename /jffs/addons/wireguard/wg_manager.sh
+ logger -t (wg_manager.sh)
+ ifconfig+ grep -E ^wg11

+ [ -n ]
+ [ -f /opt/etc/wireguard.d/wg11.conf ]
+ [ device == server ]
+ [ device == client ]
+ sh /jffs/addons/wireguard/wg_client wg11 policy
wireguard-client1: Initialising Wireguard VPN 'client' Peer (wg11) in Policy Mode to engage.cloudflareclient.com:2408 (# Cloudflare Warp)
wireguard-client1: Initialisation complete.

+ Route=
+ WG_show
+ local SHOW=
+ [ == Y ]
+ set +x

WireGuard ACTIVE Peer Status: Clients 0, Servers 0

My warp.conf

Spoiler: warp.conf

# Cloudflare Warp
[Interface]
PrivateKey = hidden
Address = 172.16.0.2/32
DNS = 1.1.1.1

[Peer]
PublicKey = bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=
AllowedIPs = 0.0.0.0/0
Endpoint = engage.cloudflareclient.com:2408

Can you try

e  = Exit Script [?]

E:Option ==> stop

e  = Exit Script [?]

E:Option ==> e

and post the ouptput from

sh -x /jffs/addons/wireguard/wg_client wg11

 

[Ubimo]

Ok, here:

Spoiler: output

admin@RT-AC86U-9AD0:/tmp/home/root# sh -x /jffs/addons/wireguard/wg_client wg11
+ VERSION=v4.01
+ CONFIG_DIR=/opt/etc/wireguard.d/
+ INSTALL_DIR=/jffs/addons/wireguard/
+ SQL_DATABASE=/opt/etc/wireguard.d/WireGuard.db
+ ANSIColours
+ cRESET=\e[0m
+ cBLA=\e[30m
+ cRED=\e[31m
+ cGRE=\e[32m
+ cYEL=\e[33m
+ cBLU=\e[34m
+ cMAG=\e[35m
+ cCYA=\e[36m
+ cGRA=\e[37m
+ cBGRA=\e[90m
+ cBRED=\e[91m
+ cBGRE=\e[92m
+ cBYEL=\e[93m
+ cBBLU=\e[94m
+ cBMAG=\e[95m
+ cBCYA=\e[96m
+ cBWHT=\e[97m
+ aBOLD=\e[1m
+ aDIM=\e[2m
+ aUNDER=\e[4m
+ aBLINK=\e[5m
+ aREVERSE=\e[7m
+ cRED_=\e[41m
+ cGRE_=\e[42m
+ nvram get buildno
+ awk BEGIN { FS = "." } {printf("%03d%02d",$1,$2)}
+ echo 386.2
+ FIRMWARE=38602
+ modprobe xt_set
+ modprobe xt_comment
+ insmod /opt/lib/modules/wireguard
+ VPN_ID=wg11
+ [ -z wg11 ]
+ [ wg1 == wg1 ]
+ MODE=client
+ TXT=to
+ VPN_NUM=1
+ WG_INTERFACE=wg11
+ echo wg11
+ grep force
+ [ -n ]
+ + grep -oE ^wg[2][1-2]|^wg[1][1-5]*$
echo wg11
+ [ -z wg11 ]
+ echo+ grep policy
wg11
+ [ -n ]
+ POLICY_MODE=
+ [ client == client ]
+ [ -z ]
+ sqlite3 /opt/etc/wireguard.d/WireGuard.db SELECT subnet FROM clients where peer='wg11';
+ LOCALIP=172.16.0.2/32
+ export LocalIP=172.16.0.2/32
+ [ -z ]
+ sqlite3 /opt/etc/wireguard.d/WireGuard.db SELECT socket FROM clients where peer='wg11';
+ SOCKET=engage.cloudflareclient.com:2408
+ START_PRIO=9910
+ END_PRIO=9919
+ WAN_PRIO=9910
+ VPN_PRIO=9911
+ VPN_TBL=121
+ VPN_UNIT=wg11
+ sqlite3 /opt/etc/wireguard.d/WireGuard.db SELECT tag FROM clients where peer='wg11';
+ DESC=# Cloudflare Warp
+ printf %s # Cloudflare Warp+ sed s/^[ \t]*//;s/[ \t]*$//

+ DESC=# Cloudflare Warp
+ [ -z # Cloudflare Warp ]
+ [ wg11 != disable ]
+ [ != disable ]
+ [ -n 172.16.0.2/32 ]
+ logger -t wireguard-client1 Initialising Wireguard VPN client Peer (wg11) to engage.cloudflareclient.com:2408 (# Cloudflare Warp)
+ echo -e \e[96m\twireguard-client1: Initialising Wireguard VPN 'client' Peer (\e[95mwg11\e[96m) to engage.cloudflareclient.com:2408 (\e[95m# Cloudflare Warp\e[96m)\e[0m
wireguard-client1: Initialising Wireguard VPN 'client' Peer (wg11) to engage.cloudflareclient.com:2408 (# Cloudflare Warp)
+ ip link del dev wg11
+ ip link add dev wg11 type wireguard
+ wg setconf wg11 /opt/etc/wireguard.d/wg11.conf
+ ip address add dev wg11 172.16.0.2/32
+ ip link set up dev wg11
+ ifconfig wg11 mtu 1420
+ ifconfig wg11 txqueuelen 1000
+ date +%s
+ TIMESTAMP=1616932433
+ sqlite3 /opt/etc/wireguard.d/WireGuard.db INSERT into session values('wg11','Start','1616932433');
+ sqlite3 /opt/etc/wireguard.d/WireGuard.db INSERT into traffic values('wg11','1616932433','0','0');
+ [ -f /jffs/addons/wireguard/Scripts/wg11-route-up.sh ]
+ wg show+ sed -n s/.*\t\(.*\):.*/\1/p
wg11 endpoints
+ host=162.159.192.1
+ ip route get 162.159.192.1
+ sed / via [0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}/{s/^\(.* via [0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\).*/\1/}
+ head -n 1
+ ip route add 162.159.192.1 via 88.116.190.96
+ [ -z ]
+ wg show interfaces
+ grep -E wg[0-1]
+ wc -w
+ [ 1 -gt 1 ]
+ ip route add 0/1 dev wg11
+ ip route add 128/1 dev wg11
+ ip route add 0/1 dev wg11 table 121
+ ip route add 128/1 dev wg11 table 121
+ echo 172.16.0.2/32+ cut -d. -f1-3

+ ip route add 172.16.0.0/24 dev wg11 proto kernel scope link src 172.16.0.2/32
+ + nvram get lan_ifname
read ROUTE
+ ip route show table main dev br0
+ nvram get lan_ifname
+ ip route add table 121 192.168.1.0/24 proto kernel scope link src 192.168.1.1 dev br0
+ read ROUTE
+ ip+ read ROUTE
route show table main dev wg11
+ ip route add table 121 0.0.0.0/1 scope link dev wg11
+ read ROUTE
+ ip route add table 121 128.0.0.0/1 scope link dev wg11
+ read ROUTE
+ Firewall_delete
+ iptables -t mangle -D FORWARD -o wg11 -j MARK --set-xmark 0x01/0x7 -m comment --comment WireGuard 'client'
+ iptables -t mangle -D FORWARD -i wg11 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu -m comment --comment WireGuard 'client'
+ iptables -t mangle -D FORWARD -o wg11 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu -m comment --comment WireGuard 'client'
+ iptables -t mangle -D PREROUTING -i wg11 -j MARK --set-xmark 0x01/0x7 -m comment --comment WireGuard 'client'
+ [ 38602 -ge 38601 ]
+ iptables -t filter -D FORWARD -i br1 -o wg11 -j ACCEPT -m comment --comment WireGuard Guest_VLAN
+ iptables -t filter -D FORWARD -i br2 -o wg11 -j ACCEPT -m comment --comment WireGuard Guest_VLAN
+ nvram get lan_ipaddr
+ iptables -t nat -D POSTROUTING -s 192.168.1.1/16 -o wg11 -j MASQUERADE -m comment --comment WireGuard 'client'
+ [ -f /jffs/addons/wireguard/Scripts/wg11-up.sh ]
+ iptables -t mangle -I FORWARD -o wg11 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu -m comment --comment WireGuard 'client'
+ iptables -t mangle -I FORWARD -i wg11 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu -m comment --comment WireGuard 'client'
+ iptables -t mangle -I FORWARD -o wg11 -j MARK --set-xmark 0x01/0x7 -m comment --comment WireGuard 'client'
+ iptables -t mangle -I PREROUTING -i wg11 -j MARK --set-xmark 0x01/0x7 -m comment --comment WireGuard 'client'
+ [ 38602 -ge 38601 ]
+ iptables -t filter -I FORWARD -i br1 -o wg11 -j ACCEPT -m comment --comment WireGuard Guest_VLAN
+ iptables -t filter -I FORWARD -i br2 -o wg11 -j ACCEPT -m comment --comment WireGuard Guest_VLAN
+ nvram get lan_ipaddr
+ iptables -t nat -I POSTROUTING -s 192.168.1.1/16 -o wg11 -j MASQUERADE -m comment --comment WireGuard 'client'
+ [ != ]
+ echo -en \e[92m\t
+ logger -st wireguard-client1 Initialisation complete.
wireguard-client1: Initialisation complete.
+ echo -e \e[0m

+ exit
admin@RT-AC86U-9AD0:/tmp/home/root#

 

[Martineau]

Ok, here:

Spoiler: output

admin@RT-AC86U-9AD0:/tmp/home/root# sh -x /jffs/addons/wireguard/wg_client wg11
+ VERSION=v4.01
+ CONFIG_DIR=/opt/etc/wireguard.d/
+ INSTALL_DIR=/jffs/addons/wireguard/
+ SQL_DATABASE=/opt/etc/wireguard.d/WireGuard.db
+ ANSIColours
+ cRESET=\e[0m
+ cBLA=\e[30m
+ cRED=\e[31m
+ cGRE=\e[32m
+ cYEL=\e[33m
+ cBLU=\e[34m
+ cMAG=\e[35m
+ cCYA=\e[36m
+ cGRA=\e[37m
+ cBGRA=\e[90m
+ cBRED=\e[91m
+ cBGRE=\e[92m
+ cBYEL=\e[93m
+ cBBLU=\e[94m
+ cBMAG=\e[95m
+ cBCYA=\e[96m
+ cBWHT=\e[97m
+ aBOLD=\e[1m
+ aDIM=\e[2m
+ aUNDER=\e[4m
+ aBLINK=\e[5m
+ aREVERSE=\e[7m
+ cRED_=\e[41m
+ cGRE_=\e[42m
+ nvram get buildno
+ awk BEGIN { FS = "." } {printf("%03d%02d",$1,$2)}
+ echo 386.2
+ FIRMWARE=38602
+ modprobe xt_set
+ modprobe xt_comment
+ insmod /opt/lib/modules/wireguard
+ VPN_ID=wg11
+ [ -z wg11 ]
+ [ wg1 == wg1 ]
+ MODE=client
+ TXT=to
+ VPN_NUM=1
+ WG_INTERFACE=wg11
+ echo wg11
+ grep force
+ [ -n ]
+ + grep -oE ^wg[2][1-2]|^wg[1][1-5]*$
echo wg11
+ [ -z wg11 ]
+ echo+ grep policy
wg11
+ [ -n ]
+ POLICY_MODE=
+ [ client == client ]
+ [ -z ]
+ sqlite3 /opt/etc/wireguard.d/WireGuard.db SELECT subnet FROM clients where peer='wg11';
+ LOCALIP=172.16.0.2/32
+ export LocalIP=172.16.0.2/32
+ [ -z ]
+ sqlite3 /opt/etc/wireguard.d/WireGuard.db SELECT socket FROM clients where peer='wg11';
+ SOCKET=engage.cloudflareclient.com:2408
+ START_PRIO=9910
+ END_PRIO=9919
+ WAN_PRIO=9910
+ VPN_PRIO=9911
+ VPN_TBL=121
+ VPN_UNIT=wg11
+ sqlite3 /opt/etc/wireguard.d/WireGuard.db SELECT tag FROM clients where peer='wg11';
+ DESC=# Cloudflare Warp
+ printf %s # Cloudflare Warp+ sed s/^[ \t]*//;s/[ \t]*$//

+ DESC=# Cloudflare Warp
+ [ -z # Cloudflare Warp ]
+ [ wg11 != disable ]
+ [ != disable ]
+ [ -n 172.16.0.2/32 ]
+ logger -t wireguard-client1 Initialising Wireguard VPN client Peer (wg11) to engage.cloudflareclient.com:2408 (# Cloudflare Warp)
+ echo -e \e[96m\twireguard-client1: Initialising Wireguard VPN 'client' Peer (\e[95mwg11\e[96m) to engage.cloudflareclient.com:2408 (\e[95m# Cloudflare Warp\e[96m)\e[0m
wireguard-client1: Initialising Wireguard VPN 'client' Peer (wg11) to engage.cloudflareclient.com:2408 (# Cloudflare Warp)
+ ip link del dev wg11
+ ip link add dev wg11 type wireguard
+ wg setconf wg11 /opt/etc/wireguard.d/wg11.conf
+ ip address add dev wg11 172.16.0.2/32
+ ip link set up dev wg11
+ ifconfig wg11 mtu 1420
+ ifconfig wg11 txqueuelen 1000
+ date +%s
+ TIMESTAMP=1616932433
+ sqlite3 /opt/etc/wireguard.d/WireGuard.db INSERT into session values('wg11','Start','1616932433');
+ sqlite3 /opt/etc/wireguard.d/WireGuard.db INSERT into traffic values('wg11','1616932433','0','0');
+ [ -f /jffs/addons/wireguard/Scripts/wg11-route-up.sh ]
+ wg show+ sed -n s/.*\t\(.*\):.*/\1/p
wg11 endpoints
+ host=162.159.192.1
+ ip route get 162.159.192.1
+ sed / via [0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}/{s/^\(.* via [0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\).*/\1/}
+ head -n 1
+ ip route add 162.159.192.1 via 88.116.190.96
+ [ -z ]
+ wg show interfaces
+ grep -E wg[0-1]
+ wc -w
+ [ 1 -gt 1 ]
+ ip route add 0/1 dev wg11
+ ip route add 128/1 dev wg11
+ ip route add 0/1 dev wg11 table 121
+ ip route add 128/1 dev wg11 table 121
+ echo 172.16.0.2/32+ cut -d. -f1-3

+ ip route add 172.16.0.0/24 dev wg11 proto kernel scope link src 172.16.0.2/32
+ + nvram get lan_ifname
read ROUTE
+ ip route show table main dev br0
+ nvram get lan_ifname
+ ip route add table 121 192.168.1.0/24 proto kernel scope link src 192.168.1.1 dev br0
+ read ROUTE
+ ip+ read ROUTE
route show table main dev wg11
+ ip route add table 121 0.0.0.0/1 scope link dev wg11
+ read ROUTE
+ ip route add table 121 128.0.0.0/1 scope link dev wg11
+ read ROUTE
+ Firewall_delete
+ iptables -t mangle -D FORWARD -o wg11 -j MARK --set-xmark 0x01/0x7 -m comment --comment WireGuard 'client'
+ iptables -t mangle -D FORWARD -i wg11 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu -m comment --comment WireGuard 'client'
+ iptables -t mangle -D FORWARD -o wg11 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu -m comment --comment WireGuard 'client'
+ iptables -t mangle -D PREROUTING -i wg11 -j MARK --set-xmark 0x01/0x7 -m comment --comment WireGuard 'client'
+ [ 38602 -ge 38601 ]
+ iptables -t filter -D FORWARD -i br1 -o wg11 -j ACCEPT -m comment --comment WireGuard Guest_VLAN
+ iptables -t filter -D FORWARD -i br2 -o wg11 -j ACCEPT -m comment --comment WireGuard Guest_VLAN
+ nvram get lan_ipaddr
+ iptables -t nat -D POSTROUTING -s 192.168.1.1/16 -o wg11 -j MASQUERADE -m comment --comment WireGuard 'client'
+ [ -f /jffs/addons/wireguard/Scripts/wg11-up.sh ]
+ iptables -t mangle -I FORWARD -o wg11 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu -m comment --comment WireGuard 'client'
+ iptables -t mangle -I FORWARD -i wg11 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu -m comment --comment WireGuard 'client'
+ iptables -t mangle -I FORWARD -o wg11 -j MARK --set-xmark 0x01/0x7 -m comment --comment WireGuard 'client'
+ iptables -t mangle -I PREROUTING -i wg11 -j MARK --set-xmark 0x01/0x7 -m comment --comment WireGuard 'client'
+ [ 38602 -ge 38601 ]
+ iptables -t filter -I FORWARD -i br1 -o wg11 -j ACCEPT -m comment --comment WireGuard Guest_VLAN
+ iptables -t filter -I FORWARD -i br2 -o wg11 -j ACCEPT -m comment --comment WireGuard Guest_VLAN
+ nvram get lan_ipaddr
+ iptables -t nat -I POSTROUTING -s 192.168.1.1/16 -o wg11 -j MASQUERADE -m comment --comment WireGuard 'client'
+ [ != ]
+ echo -en \e[92m\t
+ logger -st wireguard-client1 Initialisation complete.
wireguard-client1: Initialisation complete.
+ echo -e \e[0m

+ exit
admin@RT-AC86U-9AD0:/tmp/home/root#

The script shows that in response to wg show interfaces and wg show that it is running.

Can you confirm?

wg show

wg show interfaces

 

[Ubimo]

Yes, its running.

Spoiler: output

E:Option ==> wg show

WireGuard Userspace Tool:

interface: wg11
public key: QsI4jJI25mXZMdDh3+fQIaYEVvGv1cn/xkXeql2aFUw=
private key: (hidden)
listening port: 37573

peer: bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=
endpoint: 162.159.192.1:2408
allowed ips: 0.0.0.0/0

WireGuard ACTIVE Peer Status: Clients 0, Servers 0



1 = Update Wireguard modules 7 = Display QR code for a Peer {device} e.g. iPhone
2 = Remove WireGuard/wg_manager 8 = Peer management [ "list" | "category" | "new" ] | [ {Peer | category} [ del | show | add [{"auto="[y|n|p]}] ]
9 = Create Key-pair for Peer {Device} e.g. Nokia6310i (creates Nokia6310i.conf etc.)
3 = List ACTIVE Peers Summary [Peer...] [full] 10 = IPSet management [ "list" ] | [ "upd" { ipset [ "fwmark" {fwmark} ] | [ "enable" {"y"|"n"}] | [ "dstsrc"] ] } ]
4 = Start [ [Peer [nopolicy]...] | category ] e.g. start clients
5 = Stop [ [Peer... ] | category ] e.g. stop clients
6 = Restart [ [Peer... ] | category ] e.g. restart servers

? = About Configuration
v = View ('/jffs/addons/wireguard/WireguardVPN.conf')

e = Exit Script [?]

E:Option ==> wg show interfaces

WireGuard Userspace Tool:

wg11

WireGuard ACTIVE Peer Status: Clients 0, Servers 0

But most websites won't load, e.g. speedtest.net, wunderground.com, reddit.com, facebook.com, github.com, cloudflare.com, ...
Strangely, snbforums.com is loading.

I think WARP is working somehow, because

tracert 1.1.1.1

shows only 2 hops.

 

[Ubimo]

4 wg11

does not the same as the script above, see interfaces:

Spoiler: output

E:Option ==> 4 wg11

Requesting WireGuard VPN Peer start (wg11)

wireguard-client1: Initialising Wireguard VPN 'client' Peer (wg11) in Policy Mode to engage.cloudflareclient.com:2408 (# Cloudflare Warp)
wireguard-client1: Initialisation complete.


WireGuard ACTIVE Peer Status: Clients 0, Servers 0



1 = Update Wireguard modules 7 = Display QR code for a Peer {device} e.g. iPhone
2 = Remove WireGuard/wg_manager 8 = Peer management [ "list" | "category" | "new" ] | [ {Peer | category} [ del | show | add [{"auto="[y|n|p]}] ]
9 = Create Key-pair for Peer {Device} e.g. Nokia6310i (creates Nokia6310i.conf etc.)
3 = List ACTIVE Peers Summary [Peer...] [full] 10 = IPSet management [ "list" ] | [ "upd" { ipset [ "fwmark" {fwmark} ] | [ "enable" {"y"|"n"}] | [ "dstsrc"] ] } ]
4 = Start [ [Peer [nopolicy]...] | category ] e.g. start clients
5 = Stop [ [Peer... ] | category ] e.g. stop clients
6 = Restart [ [Peer... ] | category ] e.g. restart servers

? = About Configuration
v = View ('/jffs/addons/wireguard/WireguardVPN.conf')

e = Exit Script [?]

E:Option ==> 5

Requesting WireGuard VPN Peer stop (wg11)


Error: no such column: subnet
Error: no such column: peer
wireguard-client1: Wireguard VPN 'client' Peer (wg11) to engage.cloudflareclient.com:2408 (# Cloudflare Warp) Terminated


WireGuard ACTIVE Peer Status: Clients 0, Servers 0



1 = Update Wireguard modules 7 = Display QR code for a Peer {device} e.g. iPhone
2 = Remove WireGuard/wg_manager 8 = Peer management [ "list" | "category" | "new" ] | [ {Peer | category} [ del | show | add [{"auto="[y|n|p]}] ]
9 = Create Key-pair for Peer {Device} e.g. Nokia6310i (creates Nokia6310i.conf etc.)
3 = List ACTIVE Peers Summary [Peer...] [full] 10 = IPSet management [ "list" ] | [ "upd" { ipset [ "fwmark" {fwmark} ] | [ "enable" {"y"|"n"}] | [ "dstsrc"] ] } ]
4 = Start [ [Peer [nopolicy]...] | category ] e.g. start clients
5 = Stop [ [Peer... ] | category ] e.g. stop clients
6 = Restart [ [Peer... ] | category ] e.g. restart servers

? = About Configuration
v = View ('/jffs/addons/wireguard/WireguardVPN.conf')

e = Exit Script [?]

E:Option ==> 4 wg11

Requesting WireGuard VPN Peer start (wg11)

wireguard-client1: Initialising Wireguard VPN 'client' Peer (wg11) in Policy Mode to engage.cloudflareclient.com:2408 (# Cloudflare Warp)
wireguard-client1: Initialisation complete.


WireGuard ACTIVE Peer Status: Clients 0, Servers 0



1 = Update Wireguard modules 7 = Display QR code for a Peer {device} e.g. iPhone
2 = Remove WireGuard/wg_manager 8 = Peer management [ "list" | "category" | "new" ] | [ {Peer | category} [ del | show | add [{"auto="[y|n|p]}] ]
9 = Create Key-pair for Peer {Device} e.g. Nokia6310i (creates Nokia6310i.conf etc.)
3 = List ACTIVE Peers Summary [Peer...] [full] 10 = IPSet management [ "list" ] | [ "upd" { ipset [ "fwmark" {fwmark} ] | [ "enable" {"y"|"n"}] | [ "dstsrc"] ] } ]
4 = Start [ [Peer [nopolicy]...] | category ] e.g. start clients
5 = Stop [ [Peer... ] | category ] e.g. stop clients
6 = Restart [ [Peer... ] | category ] e.g. restart servers

? = About Configuration
v = View ('/jffs/addons/wireguard/WireguardVPN.conf')

e = Exit Script [?]

E:Option ==> wg show

WireGuard Userspace Tool:

interface: wg11
public key: QsI4jJI25mXZMdDh3+fQIaYEVvGv1cn/xkXeql2aFUw=
private key: (hidden)
listening port: 44491

peer: bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=
endpoint: 162.159.192.1:2408
allowed ips: 0.0.0.0/0

WireGuard ACTIVE Peer Status: Clients 0, Servers 0



1 = Update Wireguard modules 7 = Display QR code for a Peer {device} e.g. iPhone
2 = Remove WireGuard/wg_manager 8 = Peer management [ "list" | "category" | "new" ] | [ {Peer | category} [ del | show | add [{"auto="[y|n|p]}] ]
9 = Create Key-pair for Peer {Device} e.g. Nokia6310i (creates Nokia6310i.conf etc.)
3 = List ACTIVE Peers Summary [Peer...] [full] 10 = IPSet management [ "list" ] | [ "upd" { ipset [ "fwmark" {fwmark} ] | [ "enable" {"y"|"n"}] | [ "dstsrc"] ] } ]
4 = Start [ [Peer [nopolicy]...] | category ] e.g. start clients
5 = Stop [ [Peer... ] | category ] e.g. stop clients
6 = Restart [ [Peer... ] | category ] e.g. restart servers

? = About Configuration
v = View ('/jffs/addons/wireguard/WireguardVPN.conf')

e = Exit Script [?]

E:Option ==> wg show interfaces

WireGuard Userspace Tool:

wg11

WireGuard ACTIVE Peer Status: Clients 0, Servers 0