T-Mobile Home Internet (TMHI) Using WireGuard to TorGuard

[BlueiPhone]

Is there anyone who uses TMHI with WireGuard to TorGuard?

TorGuard has a Windows App that I can connect to TorGuard using WireGuard.

I set the service on TorGuard to Wireguard & I have to set the TorGuard’s Windows app MTU to 1376.

It connects and works great.

I would like to move my connection to my GT-AXE16000. I have gone to TorGuard’s site and from the home screen select Tools/Config Generator to create.

Wireguard tunnel type, 192.252.213.78 Host IP, my TorGuard User name,

1443 Port, Cloudflare DNS, MTU 1376

This is the output to 20.conf in my downloads folder.

# TorGuard WireGuard Config

[Interface]

PrivateKey = xxxxxxxxxxxxxxxxxxx

ListenPort = 57819

MTU = 1376

DNS = 1.1.1.1

Address = 10.13.128.81/24

[Peer]

PublicKey = xxxxxxxxxxxxxxxxxxxxx

AllowedIPs = 0.0.0.0/0

Endpoint = 192.252.213.78:1443

PersistentKeepalive = 25

I then upload this conf to ASUS VPN and it connects. I bring up Speedtest to check the connection and all looks good for the first round of download/upload, but when I select it again, it just hangs and I lose internet connection. I was having the same problem with TorGuard’s windows app until I changed the MTU to 1376. I have tried many different MTU sizes, from 1090-1390 but all do the same.

There is no MTU size field for WireGuard on the ASUS router. I am not sure that when I upload the conf file that the MTU is being applied. Is there a command to show the value for this wireguard client?

What am I missing? Looking for suggestions.

 

[ZebMcKayhan]

There is no MTU size field for WireGuard on the ASUS router. I am not sure that when I upload the conf file that the MTU is being applied. Is there a command to show the value for this wireguard client?

Not possible to change mtu in gui nor via config file. The firmware will discard this entry in the config file. Ssh into router then you can change it with command:

ip link set dev wgc1 mtu 1376

But it will only work until the next restart of the wireguard client (or reboot). To make it stick, you need to put this is

/jffs/scripts/wgclient-start

File that merlin fw execute everytime any wg client starts.

Example (for server peer) could be found here, you need to adjust for a client: https://www.snbforums.com/threads/wireguard-server-tweaks.85758/

Edit: please redact your private/public keys from your post unless you changed them. Otherwise someone else could use your tunnel.

 

[BlueiPhone]

Not possible to change mtu in gui nor via config file. The firmware will discard this entry in the config file. Ssh into router then you can change it with command:

ip link set dev wgc1 mtu 1376

But it will only work until the next restart of the wireguard client (or reboot). To make it stick, you need to put this is

/jffs/scripts/wgclient-start

File that merlin fw execute everytime any wg client starts.

Example (for server peer) could be found here, you need to adjust for a client: https://www.snbforums.com/threads/wireguard-server-tweaks.85758/

Edit: please redact your private/public keys from your post unless you changed them. Otherwise someone else could use your tunnel.

When TorGuard creates the config file that gets imported into the Router. It does set the MTU size.
I am assuming that ASUS is not setting this.

What is the SSH command to use to see what the current MTU on wgc1 size is berfore I change it?

Thank you for your suggestions...

Clay

 

[ZebMcKayhan]

What is the SSH command to use to see what the current MTU on wgc1 size is berfore I change it?

ifconfig wgc1

 

[BlueiPhone]

ifconfig wgc1

I SSH to the router and looked at the MTU size. It was 1420...
I adjusted it down to a MTU size of 1310 and now I it connects and does not hang...
and the speed of the Wireguard VPN is great.

Now I have to make it perm when the wgc comes on line.

Any help with making it more permanent would be greatful...

Thank you...

 

[ZebMcKayhan]

I SSH to the router and looked at the MTU size. It was 1420...
I adjusted it down to a MTU size of 1310 and now I it connects and does not hang...
and the speed of the Wireguard VPN is great.

Now I have to make it perm when the wgc comes on line.

Any help with making it more permanent would be greatful...

Thank you...

Edit/create the wireguard start file:

nano /jffs/scripts/wgclient-start

Paste into the editor:

#!/bin/sh

ip link set dev wgc1 mtu 1376

Save & Exit.

Make the file executable:

chmod +x /jffs/scripts/wgclient-start

Thats it!

 

[BlueiPhone]

Edit/create the wireguard start file:

nano /jffs/scripts/wgclient-start

Paste into the editor:

#!/bin/sh

ip link set dev wgc1 mtu 1376

Save & Exit.

Make the file executable:

chmod +x jffs/scripts/wgclient-start

Thats it!

I created the file with:
nano /jffs/scripts/wgclient-start
Then I pasted these two commands into the file
#!/bin/sh
ip link set dev wgc1 mtu 1376
Did a control-X to exit and saved the file

When I do this command:
chmod +x jffs/scripts/wgclient-start

I get this error:
chmod: jffs/scripts/wgclient-start: No such file or directory

if I do again:
nano /jffs/scripts/wgclient-start
I see the file with the two commands.

What am I doing wrong?

Thank you...

 

[octopus]

I created the file with:
nano /jffs/scripts/wgclient-start
Then I pasted these two commands into the file
#!/bin/sh
ip link set dev wgc1 mtu 1376
Did a control-X to exit and saved the file

When I do this command:
chmod +x jffs/scripts/wgclient-start

I get this error:
chmod: jffs/scripts/wgclient-start: No such file or directory

if I do again:
nano /jffs/scripts/wgclient-start
I see the file with the two commands.

What am I doing wrong?

Thank you...

Try:
chmod +x /jffs/scripts/wgclient-start
missing (/)

 

[ZebMcKayhan]

I created the file with:
nano /jffs/scripts/wgclient-start
Then I pasted these two commands into the file
#!/bin/sh
ip link set dev wgc1 mtu 1376
Did a control-X to exit and saved the file

When I do this command:
chmod +x jffs/scripts/wgclient-start

I get this error:
chmod: jffs/scripts/wgclient-start: No such file or directory

if I do again:
nano /jffs/scripts/wgclient-start
I see the file with the two commands.

What am I doing wrong?

Thank you...

yea, sorry. I missed an "/". copy-paste mistake. thanks @octopus for noticing and correcting. I have updated my post for future reference.

 

[BlueiPhone]

yea, sorry. I missed an "/". copy-paste mistake. thanks @octopus for noticing and correcting. I have updated my post for future reference.

Tks again for all your help...

I did the command with the / and it accepted it...

I am assuming that when I start the wgc1 it should process the command.

I stopped the wgc1 and rebooted the router.

When I start the wgc1 I see no difference...

ClayNKuky@GT-AXE16000:/tmp/home/root# ifconfig wgc1
wgc1 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.13.128.93 P-t-P:10.13.128.93 Mask:255.255.255.0
UP POINTOPOINT RUNNING NOARP MTU:1420 Metric:1
RX packets:69 errors:0 dropped:0 overruns:0 frame:0
TX packets:61 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:23300 (22.7 KiB) TX bytes:13140 (12.8 KiB)

Here is the file I created:

#!/bin/sh
ip link set dev wgc1 mtu 1310

What went wrong???

Clay

 

[ZebMcKayhan]

What went wrong???

No idea, what if you just try to execute the file you created:

/jffs/scripts/wgclient-start

Does it execute without errors? Does it change the mtu correctly?

 

[BlueiPhone]

I did a SSH to the router the MTU is 1420


ASUSWRT-Merlin GT-AXE16000 3004.388.4_0 Mon Aug 21 19:34:19 UTC 2023
ClayNKuky@GT-AXE16000:/tmp/home/root# ifconfig wgc1
wgc1 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.13.128.93 P-t-P:10.13.128.93 Mask:255.255.255.0
UP POINTOPOINT RUNNING NOARP MTU:1420 Metric:1
RX packets:240 errors:0 dropped:0 overruns:0 frame:0
TX packets:165 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:95252 (93.0 KiB) TX bytes:45308 (44.2 KiB)

ClayNKuky@GT-AXE16000:/tmp/home/root# /jffs/scripts/wgclient-start
ClayNKuky@GT-AXE16000:/tmp/home/root# ifconfig wgc1
wgc1 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.13.128.93 P-t-P:10.13.128.93 Mask:255.255.255.0
UP POINTOPOINT RUNNING NOARP MTU:1310 Metric:1
RX packets:7633 errors:0 dropped:0 overruns:0 frame:0
TX packets:5474 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3476476 (3.3 MiB) TX bytes:2507286 (2.3 MiB)

ClayNKuky@GT-AXE16000:/tmp/home/root#

I ran the script, no errors..and it did change the MTU.

Hmmmmm

 

[ZebMcKayhan]

I ran the script, no errors..and it did change the MTU.

Wierd... if you stop the client in the gui and then start it again, check the syslog. Any sign of it executing wgclient-start ?

Edit: this is how my syslog looks like when I restart my server:

Aug 22 19:48:52 rc_service: httpd 2467:notify_rc restart_wgs;restart_dnsmasq;
Aug 22 19:48:52 custom_script: Running /jffs/scripts/service-event (args: restart wgs)
Aug 22 19:48:52 wsdd2[11689]: Terminated received.
Aug 22 19:48:52 wsdd2[11689]: terminating.
Aug 22 19:48:52 Samba_Server: smb daemon is stopped
Aug 22 19:48:52 Samba_Server: daemon is started
Aug 22 19:48:52 custom_script: Running /jffs/scripts/wgserver-start (args: 1)
Aug 22 19:48:52 WireGuard: Starting server.
Aug 22 19:48:52 custom_script: Running /jffs/scripts/service-event (args: restart dnsmasq)
Aug 22 19:48:52 wsdd2[12916]: starting.
Aug 22 19:48:52 custom_script: Running /jffs/scripts/dnsmasq.postconf (args: /etc/dnsmasq.conf)
Aug 22 19:48:52 (dnsmasq.postconf): Updating /etc/dnsmasq.conf for unbound.....
Aug 22 19:48:52 Diversion: restarted Dnsmasq to apply settings

So it is clear that wgserver-start is executed. But I only run a server so I cant test a client.

 

[BlueiPhone]

Wierd... if you stop the client in the gui and then start it again, check the syslog. Any sign of it executing wgclient-start ?

Edit: this is how my syslog looks like when I restart my server:

Aug 22 19:48:52 rc_service: httpd 2467:notify_rc restart_wgs;restart_dnsmasq;
Aug 22 19:48:52 custom_script: Running /jffs/scripts/service-event (args: restart wgs)
Aug 22 19:48:52 wsdd2[11689]: Terminated received.
Aug 22 19:48:52 wsdd2[11689]: terminating.
Aug 22 19:48:52 Samba_Server: smb daemon is stopped
Aug 22 19:48:52 Samba_Server: daemon is started
Aug 22 19:48:52 custom_script: Running /jffs/scripts/wgserver-start (args: 1)
Aug 22 19:48:52 WireGuard: Starting server.
Aug 22 19:48:52 custom_script: Running /jffs/scripts/service-event (args: restart dnsmasq)
Aug 22 19:48:52 wsdd2[12916]: starting.
Aug 22 19:48:52 custom_script: Running /jffs/scripts/dnsmasq.postconf (args: /etc/dnsmasq.conf)
Aug 22 19:48:52 (dnsmasq.postconf): Updating /etc/dnsmasq.conf for unbound.....
Aug 22 19:48:52 Diversion: restarted Dnsmasq to apply settings

So it is clear that wgserver-start is executed. But I only run a server so I cant test a client.

This is my log:

Aug 22 14:06:35 rc_service: watchdog 2829:notify_rc stop_aae
Aug 22 14:06:35 rc_service: watchdog 2829:notify_rc start_mastiff
Aug 22 14:06:35 rc_service: waitting "stop_aae" via watchdog ...
Aug 22 14:06:36 Mastiff: init
Aug 22 14:06:55 rc_service: httpd 2820:notify_rc restart_wgc
Aug 22 14:06:55 kernel: wireguard: WireGuard 1.0.20210124 loaded. See www.wireguard.com for information.
Aug 22 14:06:55 kernel: wireguard: Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
Aug 22 14:06:55 vpndirector: Routing Clays PC from 192.168.1.67 to any through wgc1
Aug 22 14:06:55 wireguard: Forcing 192.168.1.67 to use DNS server 1.1.1.1 for WGC1
Aug 22 14:06:55 custom_script: Found wgclient-start, but custom script execution is disabled!
Aug 22 14:06:55 WireGuard: Starting client 1.
Aug 22 14:06:55 dnsmasq[2788]: read /etc/hosts - 27 names


How do I turn on custom scripts? It is disabled!!!

 

[ZebMcKayhan]

How do I turn on custom scripts? It is disabled!!!

Good find! Its under Administration->System tab.

 

[RMerlin]

I`ve been in talks with Asus on having them add MTU control on the webui. They sent me a preliminary patch which I haven't had time to review yet. But at least it's now something on their radar.

 

[BlueiPhone]

I`ve been in talks with Asus on having them add MTU control on the webui. They sent me a preliminary patch which I haven't had time to review yet. But at least it's now something on their radar.

Thank you for the info.... I will be happy to test..... Thank you for the great softwrae....