What's new

Wireguard site2site (Server AC86U Peer AX86U)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

helio58

Regular Contributor
Hi,
Preparing to connect a ste2site with wireguard.
Server location I have 2 networks 192.168.10.0/24 and 192.168.20.0/24
The peer location network 192.168.50.0/24
I will like both sites to use own internet but all lan trafik work both ways.
Please could I have same advise how to configure this?
Thanks
 
Hi,
Preparing to connect a ste2site with wireguard.
Server location I have 2 networks 192.168.10.0/24 and 192.168.20.0/24
The peer location network 192.168.50.0/24
I will like both sites to use own internet but all lan trafik work both ways.
Please could I have same advise how to configure this?
Thanks
Using firmware (ax86 only):
https://www.snbforums.com/threads/wireguard-site2site-ax88u-to-ax88u-on-version-388-1.83516/
(Read whole thread)

Using Wireguard Manager (ac86u and ax86u):
https://github.com/ZebMcKayhan/WireguardManager#setup-wireguard-site-2-site
 

@ZebMcKayhan

One question "Using firmware (ax86 only)"
Do you know the location off wgxx.conf of the server? I found the clients at /etc/wg
Thanks
 
Last edited:

@ZebMcKayhan

One question "Using firmware (ax86 only)"
Do you know the location off wgxx.conf of the server? I found the clients at /etc/wg
Thanks
No, sorry. Im running AC86U which is stuck on 386 firmware.

But according to merlin wireguard source code: https://github.com/RMerl/asuswrt-merlin.ng/blob/master/release/src/router/rc/wireguard.c the directory /etc/wg is used for both server and client configs. But perhaps it only exists there when the server is started?
 
I started the server, this is the content of the directory.

wg directory.jpg


The clients are ok but cant see the server config.
Thanks for the github guide.
I will set the ac86u as server so i can acess the server config.
 
In the image above I m in /etc/wg/
Ooh, sorry, you could try
Code:
cd /
find -name wgs1.conf
And see if something turns up.

If all fails you could use Wireguard tools:
Code:
wg showconf wgs1
but there might be some missing pieces that Wireguard doesnt use, like DNS = directive.
 
Ooh, sorry, you could try
Code:
cd /
find -name wgs1.conf
And see if something turns up.

If all fails you could use Wireguard tools:
Code:
wg showconf wgs1
but there might be some missing pieces that Wireguard doesnt use, like DNS = directive.
cd /
find -name wgs1.conf
nothing

but
wg showconf wgs1
shows the server config
Thanks

Do you know the command to edit?

Thanks
 
Do you know the command to edit?
You cant edit an active config (as far as I know). You need to bring the wg interface down. Perhaps even restart the interface with a new config, but honestly, isnt it easier to install Wireguard Manager from amtm and set it up according to your needs?
 
You cant edit an active config (as far as I know). You need to bring the wg interface down. Perhaps even restart the interface with a new config, but honestly, isnt it easier to install Wireguard Manager from amtm and set it up according to your needs?
Thanks you are right its easier to install Wireguard Manager.
Thanks for all help.
 
You cant edit an active config (as far as I know). You need to bring the wg interface down. Perhaps even restart the interface with a new config, but honestly, isnt it easier to install Wireguard Manager from amtm and set it up according to your needs?
1680941051603.png


The syncconf command would appear to be able to dynamically alter WireGuard parameters for a specific interface without disrupting traffic?

i.e. using wg showconf to pipe the existing active parameters to say a '/tmp/$$PID' file then use sed to modify '/tmp/$$PID' before reapplying.

Obviously parameters such as MTU are not supported, but could be modified by the appropriate ip link commands.
 
View attachment 49148

The syncconf command would appear to be able to dynamically alter WireGuard parameters for a specific interface without disrupting traffic?

i.e. using wg showconf to pipe the existing active parameters to say a '/tmp/$$PID' file then use sed to modify '/tmp/$$PID' before reapplying.

Obviously parameters such as MTU are not supported, but could be modified by the appropriate ip link commands.
Thanks Martineau, Its the MTU i m hopping to change.
 
Thanks Martineau, Its the MTU i m hopping to change.
Try these commands in a SSH session to see if you can successfully alter the MTU once the interface is UP
Code:
ip link show dev $WG_INTERFACE

ip link set dev $WG_INTERFACE mtu nnnn

If it works, then perhaps you can include them in a post-up script.
 
Try these commands in a SSH session to see if you can successfully alter the MTU once the interface is UP
Code:
ip link show dev $WG_INTERFACE

ip link set dev $WG_INTERFACE mtu nnnn

If it works, then perhaps you can include them in a post-up script.
Thanks i m using
ip link set dev wgs1 mtu 1400

It seem to keep the value .
When I m att my remote location the tunnel is upp all time.
My internet speed is 250/250 when using wireguard about 130/130 it ok.
 
It seem to keep the value .
When I m att my remote location the tunnel is upp all time.
You may want to keep an eye in it. Obviously the mtu will reset at router reboot but there may be other events were the firmware restarts the interface.
There are script hooks in merlin firmware that executes whenever a wireguard interface is brought up were you could put your mtu changing command.

Code:
/jffs/scripts/wgserver-start
the server number will be given as args.
 
Last edited:
You may want to keep an eye in it. Obviously the mtu will reset at router reboot but there may be other events were the firmware restarts the interface.
There are script hooks in merlin firmware that executes whenever a wireguard interface is brought up were you could put your mtu changing command.

Code:
/jffs/scripts/wgserver-start
the server number will be given as args.

Thanks will do that.
 
@ZebMcKayhan

AC86U as client AX86U as server
Its working very well.

I tried to exclude one computer from vpn but I can still acess all the computers on the remote.

The rule tht I use is:
peer wg11 rule add wan 192.168.0.87 comment computer to wan
peer wg11 auto=P

I must have missed same rule
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top