Suggestions for Merlin Add-ons

[motox22a]

For me it would be WIREGUARD incorporated into the GUI.
Right now it's not critical for me as I don't have much bandwidth so I wouldn't benefit that much.
But as PIA (my VPN) is instituting WIREGUARD support first in their Software Application and later with router support
and "if" Elon actually succeeds with Starlink then I might actually get some bandwidth and WIREGUARD would definitely
be of benefit then and having it in the GUI like other VPN options would be nice.

 

[dave14305]

@dave14305 just make sure your very appreciated venture into this is coordinated when it tangents third parties.

I’m soliciting wild ideas to hopefully match the best ones with willing developers. No sacred ground will be trampled.

 

[thelonelycoder]

I’m soliciting wild ideas to hopefully match the best ones with willing developers. No sacred ground will be trampled.

Well, I'm onto something, it starts with a D and will profit from your groundwork you laid elsewhere

 

[thelonelycoder]

Then I also vote for that USB device copy/clone feature. It has been sitting at the top of the amtm feature list i keep. I just have not had the urge or kick to code it. It would have to depend on firmware binaries only, for obvoius reasons.

 

[Xentrk]

If @Xentrk doesn't mind, I could take a look at a WebUI addition to his nvram save/restore script...

Help yourself. I was hoping others would step in to help support and maintain it. The only update I have planned is to finish some POSIX updates to eliminate the remaining "echo -e" code when the nvram-restore gets created during a save.

 

[SomeWhereOverTheRainBow]

For me it would be WIREGUARD incorporated into the GUI.
Right now it's not critical for me as I don't have much bandwidth so I wouldn't benefit that much.
But as PIA (my VPN) is instituting WIREGUARD support first in their Software Application and later with router support
and "if" Elon actually succeeds with Starlink then I might actually get some bandwidth and WIREGUARD would definitely
be of benefit then and having it in the GUI like other VPN options would be nice.

It would be interesting to see someone tackle this idea. The only potential issue I could see is the fact it would only be usable with a limited number of asuswrt-merlin routers as it only works with certain kernels (Don't know if this is still true , but it was initially.)

https://www.snbforums.com/threads/experimental-wireguard-for-rt-ac86u-ax88u.46164/

 

[elorimer]

How about a graphical syslog with color coded event graphs based on severity levels similar to the Statistics page under Traffic Analyzer? That would be cool

What I think you are looking at is a syslog-ng pipe to Elasticsearch and then Kibana. Not sure that should be on the router or a NAS instead.

 

[heysoundude]

and "if" Elon actually succeeds with Starlink

I’m likely misinformed, or misremembering, but I thought I heard that company had gone bankrupt.
I don’t know what your physical location is, but a terrestrial meshnet of nodes would be much easier to deploy/maintain - there are a bunch of projects you can follow on GitHub.


Sent from my iPhone using Tapatalk

 

[heysoundude]

It would be interesting to see someone tackle this idea. The only potential issue I could see is the fact it would only be usable with a limited number of asuswrt-merlin routers as it only works with certain kernels (Don't know if this is still true , but it was initially.)

https://www.snbforums.com/threads/experimental-wireguard-for-rt-ac86u-ax88u.46164/

Agreed, now that the AX58 (I assume it runs under k4.1) seems to be gaining popularity/traction lately; that would make 3 routers, with more to come...


Sent from my iPhone using Tapatalk

 

[motox22a]

Nope,
Starlink is on track...There's now more than 400 satellites launched...He's hoping to launch the service this year...It will only be offered to people in rural
areas with little to no ISP options initially...Eventually it will be offered to underserved locations overseas (Like Austrailia)...I live in rural Nevada....My current connection which I pay $80 a month is 12Mbps down/3Mbps up. It uses a
WISP with a Ubiquiti 5Ghz CPE on my roof pointing to an access point about 9 miles away on a mountain. From there it's Microwave back to the
main office about 60 miles from there. Anything currently with higher bandwidth (Another WISP provider) would cost double what I'm paying.

I’m likely misinformed, or misremembering, but I thought I heard that company had gone bankrupt.
I don’t know what your physical location is, but a terrestrial meshnet of nodes would be much easier to deploy/maintain - there are a bunch of projects you can follow on GitHub.


Sent from my iPhone using Tapatalk

 

[heysoundude]

Nope,
Starlink is on track...There's now more than 400 satellites launched...He's hoping to launch the service this year...It will only be offered to people in rural
areas with little to no ISP options...I live in rural Nevada....My current connection which I pay $80 a month is 12Mbps down/3Mbps up. It uses a
WISP with a Ubiquiti 5Ghz CPE on my roof pointing to an access point about 9 miles away on a mountain. From there it's Microwave back to the
main office about 60 miles from there. Anything currently with higher bandwidth (Another WISP provider) would cost double what I'm paying.

At what height is the geosync constellation?

Once Elon has battery tech nailed, its only a matter of time before he starts a global mobile company, don’t you think?


Sent from my iPhone using Tapatalk

 

[motox22a]

They're LEO (low earth orbit)...about 500 to 700 miles up...
He just got FCC approval to launch thousands of them...They talk satellite to satellite as well for collision avoidance (Using the USG satellite Tracking)...PING TIMES are expected to be 20 to 30mS...Unlike Geostationary satellites at 28,000 miles up which have ping times of 600mS.

At what height is the geosync constellation?

Once Elon has battery tech nailed, its only a matter of time before he starts a global mobile company, don’t you think?


Sent from my iPhone using Tapatalk

 

[Keith Gorham]

How about a page to manage attached ASUS nodes and/or update firmware that are not setup as AIMesh?

 

[dave14305]

Keep the ideas coming. But also know that some of the ideas put forth would require deeper firmware integration that is likely beyond the scope of what can be done via the existing firmware functions + Entware.

 

[heysoundude]

They're LEO (low earth orbit)...about 500 to 700 miles up...
He just got FCC approval to launch thousands of them...They talk satellite to satellite as well for collision avoidance (Using the USG satellite Tracking)...PING TIMES are expected to be 20 to 30mS...Unlike Geostationary satellites at 28,000 miles up which have ping times of 600mS.

Back to the WireGuard part of our convo - @RMerlin has been consistently clear about where he stands on incorporating it.
That said, @Adamm released a script a week or so ago for people who wish to "roll their own" Merlin, and in that discussion, I raised the prospect of someone with the appropriate abilities taking on what we're interested in. Check it out:
https://www.snbforums.com/threads/release-amcfwm-asuswrt-merlin-custom-firmware-manager.63227/

 

[SomeWhereOverTheRainBow]

Back to the WireGuard part of our convo - @RMerlin has been consistently clear about where he stands on incorporating it.
That said, @Adamm released a script a week or so ago for people who wish to "roll their own" Merlin, and in that discussion, I raised the prospect of someone with the appropriate abilities taking on what we're interested in. Check it out:
https://www.snbforums.com/threads/release-amcfwm-asuswrt-merlin-custom-firmware-manager.63227/

From my understanding @Martineau has played around with trying to place wireguard on his setup , if it is a simple process and he has time potentially provide a simple step layout to how he is doing it, then maybe others can try it out.
https://www.snbforums.com/threads/r...tom-firmware-manager.63227/page-5#post-572022

 

[Martineau]

From my understanding @Martineau has played around with trying to place wireguard on his setup , if it is a simple process and he has time potentially provide a simple step layout to how he is doing it, then maybe others can try it out.
https://www.snbforums.com/threads/r...tom-firmware-manager.63227/page-5#post-572022

There is a user-space wireguard implementation written in "go" for non-HND routers.

e.g. on my RT-AX56U

admin@RT-AX56U:/jffs/scripts# opkg list wireguard*

wireguard-go_nohf - v0.0.20200121-1 - This is an implementation of WireGuard in Go
wireguard-tools - 1.0.20191226-1

admin@RT-AX56U:/jffs/scripts# wg-quick

Usage: wg-quick [ up | down | save | strip ] [ CONFIG_FILE | INTERFACE ]
  CONFIG_FILE is a configuration file, whose filename is the interface name
  followed by `.conf'. Otherwise, INTERFACE is an interface name, with
  configuration found at /etc/wireguard/INTERFACE.conf. It is to be readable
  by wg(8)'s `setconf' sub-command, with the exception of the following additions
  to the [Interface] section, which are handled by wg-quick:
  - Address: may be specified one or more times and contains one or more
    IP addresses (with an optional CIDR mask) to be set for the interface.
  - DNS: an optional DNS server to use while the device is up.
  - MTU: an optional MTU for the interface; if unspecified, auto-calculated.
  - Table: an optional routing table to which routes will be added; if
    unspecified or `auto', the default table is used. If `off', no routes
    are added.
  - PreUp, PostUp, PreDown, PostDown: script snippets which will be executed
    by bash(1) at the corresponding phases of the link, most commonly used
    to configure DNS. The string `%i' is expanded to INTERFACE.
  - SaveConfig: if set to `true', the configuration is saved from the current
    state of the interface upon shutdown.

See wg-quick(8) for more info and examples.

admin@RT-AX56U:/jffs/scripts# wg --help

Usage: wg <cmd> [<args>]

Available subcommands:
  show: Shows the current configuration and device information
  showconf: Shows the current configuration of a given WireGuard interface, for use with `setconf'
  set: Change the current configuration, add peers, remove peers, or change peers
  setconf: Applies a configuration file to a WireGuard interface
  addconf: Appends a configuration file to a WireGuard interface
  syncconf: Synchronizes a configuration file to a WireGuard interface
  genkey: Generates a new private key and writes it to stdout
  genpsk: Generates a new preshared key and writes it to stdout
  pubkey: Reads a private key from stdin and writes a public key to stdout
 
You may pass `--help' to any of these subcommands to view usage.

admin@RT-AX56U:/jffs/scripts# which wg

/opt/bin/wg

However it suffers the same performance hit as OpenVPN because they both constantly jump back and forth between the kernel and user-space, whereas the kernel module used in the HND wireguard implementation remains within the kernel with the associated throughput benefits.

Purely as an exercise for myself, I thought... why not try and compile wireguard native for the RT-AX56 (its kernel v4.1.52 is > v3.x.x which is the minimum required), and who knows it might appear in a GUI etc.

 

[SomeWhereOverTheRainBow]

There is a user-space wireguard implementation written in "go" for non-HND routers.

e.g. on my RT-AX56U

admin@RT-AX56U:/jffs/scripts# opkg list wireguard*

wireguard-go_nohf - v0.0.20200121-1 - This is an implementation of WireGuard in Go
wireguard-tools - 1.0.20191226-1

admin@RT-AX56U:/jffs/scripts# wg-quick

Usage: wg-quick [ up | down | save | strip ] [ CONFIG_FILE | INTERFACE ]
  CONFIG_FILE is a configuration file, whose filename is the interface name
  followed by `.conf'. Otherwise, INTERFACE is an interface name, with
  configuration found at /etc/wireguard/INTERFACE.conf. It is to be readable
  by wg(8)'s `setconf' sub-command, with the exception of the following additions
  to the [Interface] section, which are handled by wg-quick:
  - Address: may be specified one or more times and contains one or more
    IP addresses (with an optional CIDR mask) to be set for the interface.
  - DNS: an optional DNS server to use while the device is up.
  - MTU: an optional MTU for the interface; if unspecified, auto-calculated.
  - Table: an optional routing table to which routes will be added; if
    unspecified or `auto', the default table is used. If `off', no routes
    are added.
  - PreUp, PostUp, PreDown, PostDown: script snippets which will be executed
    by bash(1) at the corresponding phases of the link, most commonly used
    to configure DNS. The string `%i' is expanded to INTERFACE.
  - SaveConfig: if set to `true', the configuration is saved from the current
    state of the interface upon shutdown.

See wg-quick(8) for more info and examples.

admin@RT-AX56U:/jffs/scripts# wg --help

Usage: wg <cmd> [<args>]

Available subcommands:
  show: Shows the current configuration and device information
  showconf: Shows the current configuration of a given WireGuard interface, for use with `setconf'
  set: Change the current configuration, add peers, remove peers, or change peers
  setconf: Applies a configuration file to a WireGuard interface
  addconf: Appends a configuration file to a WireGuard interface
  syncconf: Synchronizes a configuration file to a WireGuard interface
  genkey: Generates a new private key and writes it to stdout
  genpsk: Generates a new preshared key and writes it to stdout
  pubkey: Reads a private key from stdin and writes a public key to stdout
 
You may pass `--help' to any of these subcommands to view usage.

admin@RT-AX56U:/jffs/scripts# which wg

/opt/bin/wg

However it suffers the same performance hit as OpenVPN because they both constantly jump back and forth between the kernel and user-space, whereas the kernel module used in the HND wireguard implementation remains within the kernel with the associated throughput benefits.

Purely as an exercise for myself, I thought... why not try and compile wireguard native for the RT-AX56 (its kernel v4.1.52 is > v3.x.x which is the minimum required), and who knows it might appear in a GUI etc.

If you are successful and don't mind sharing your process once that time comes, you will have made alot of future asuswrt merlin users happy.

 

[motox22a]

RT-AC86u are HND right? Maybe someone with the skills/knowledge and has this model and is able to successfully compile an image could share

 

[Butterfly Bones]

RT-AC86u are HND right? Maybe someone with the skills/knowledge and has this model and is able to successfully compile an image could share

Do you mean wireguard on the RT-AC86U? Here is the thread with builds.
https://www.snbforums.com/threads/experimental-wireguard-for-rt-ac86u-ax88u.46164/

Sorry if I misunderstood long thread with many replies and no reference quotes.