Wireguard
Manage/Install WireGuard on applicable ASUS routers
Install / Use
/learn @MartineauUK/WireguardREADME
WireGuard Manager
© Copyright 2021-2023 MartineaUK All Rights Reserved.
Manage/Install WireGuard® on applicable ASUS routers
Based on https://www.snbforums.com/threads/experimental-wireguard-for-rt-ac86u-gt-ac2900-rt-ax88u-rt-ax86u.46164/
"WireGuard" and the "WireGuard" logo https://www.wireguard.com/ are registered trademarks of Jason A. Donenfeld. © Copyright 2015-2023 Jason A. Donenfeld. All Rights Reserved.
Installation
###NOTE: Entware is assumed to be installed###
Enable SSH on router, then use your preferred SSH Client e.g. Xshell6,MobaXterm, PuTTY etc.
(TIP: Triple-click the install command below) to copy'n'paste into your router's SSH session:
curl --retry 3 "https://raw.githubusercontent.com/MartineauUK/wireguard/main/wg_manager.sh" --create-dirs -o "/jffs/addons/wireguard/wg_manager.sh" && chmod 755 "/jffs/addons/wireguard/wg_manager.sh" && /jffs/addons/wireguard/wg_manager.sh install
Example successful install.....
+======================================================================+
| Welcome to the WireGuard Manager/Installer script (Asuswrt-Merlin) |
| |
| Version v4.17 by Martineau |
| |
| Requirements: HND or AX router with Kernel 4.1.xx or later |
| e.g. RT-AC86U or RT-AX86U etc. |
| |
| USB drive with Entware installed |
| |
| ******************************************************************** |
| * NOTE: WireGuard® is incompatible with Hardware Acceleration * |
| * which is REQUIRED IF your WAN ISP speed is > 350 Mbps * |
| * * |
| * IF your WAN ISP speed is > 350 Mbps then you can * |
| * DISABLE Hardware Acceleration using command * |
| * * |
| * E:Option ==> fc disable * |
| * * |
| * but you will LIMIT ALL WAN throughput (not just * |
| * WireGuard® clients) to about 350 Mbps * |
| * * |
| * NOTE: WireGuard® Manager© will try and auto * |
| * ENABLE/DISABLE Hardware Aceleration based on * |
| * the number of ACTIVE "client" Peers * |
| ******************************************************************** |
| |
| 1 = Install WireGuard |
| o1. Enable firewall-start protection for Firewall rules |
| o2. Enable DNS |
| |
| |
+======================================================================+
WireGuard ACTIVE Peer Status: Clients 0, Servers 0
1 = Begin WireGuard Installation Process
e = Exit Script [?]
To prove the exception, RT-AX58U using @RMerlin Beta firmware (which includes the ASUS WireGuard Kernel/Userspace tools modules) although it's designated 'AX' it uses CPU ARMv7 ('arm') rather than 'aarch64'.....
E:Option ==> 1
Installing WireGuard Manager - Router RT-AX58U (v3.0.0.4.386.3_beta3) arch=arm
Downloading scripts
wg_client downloaded successfully
wg_server downloaded successfully
UDP_Updater.sh downloaded successfully
Installing column (2.37-1) to root...
Downloading https://bin.entware.net/armv7sf-k3.2/column_2.37-1_armv7-3.2.ipk
Configuring column.
Installing coreutils-mkfifo (8.32-6) to root...
Downloading https://bin.entware.net/armv7sf-k3.2/coreutils-mkfifo_8.32-6_armv7-3.2.ipk
Configuring coreutils-mkfifo.
Creating WireGuard configuration file '/jffs/addons/wireguard/WireguardVPN.conf'
No Peer entries to auto-migrate from '/jffs/addons/wireguard/WireguardVPN.conf', but you will need to manually import the 'device' Peer '*.conf' files:
[✔] WireGuard Peer SQL Database initialised OK
Creating WireGuard 'Server' Peer (wg21)'
Creating WireGuard Private/Public key-pairs for RT-AX58U (v3.0.0.4.386.3_beta3)
Initialising WireGuard VPN 'server' Peer
Requesting WireGuard VPN Peer start (wg21)
wireguard-server1: Initialising Wireguard VPN 'Server' Peer (wg21) on 10.88.8.1:51820 (# RT-AX58U Server #1)
wireguard-server1: Initialisation complete.
[✔] Statistics gathering is ENABLED
firewall-start updated to protect WireGuard firewall rules
Restarting DNSmasq to add 'wg*' interfaces
Done.
Creating 'wg_manager' alias for 'wg_manager.sh'
Event scripts
Adding Peer Auto-start @BOOT
Installing QR rendering module
Installing qrencode (4.1.1-1) to root...
Downloading https://bin.entware.net/armv7sf-k3.2/qrencode_4.1.1-1_armv7-3.2.ipk
Configuring qrencode.
Installing xargs module
Package findutils (4.8.0-1) installed in root is up to date.
Do you want to create a 'device' Peer for 'server' Peer (wg21) ?
Press y to create 'device' Peer or press [Enter] to skip
y
Enter the device name e.g. iPhone
iPhone
Creating Wireguard Private/Public key pair for device 'iPhone'
Device 'iPhone' Public key=K2RjDsyCvT1sJWhk5zHOGNer4Q+pt7Fcbf4mPiiyOm8=
Device 'iPhone' Pre-shared key=K2RjDsyCvT1sJWhk5zHOGNer4Q+pt7Fcbf4mPiiyOm8=
Using Public key for 'server' Peer 'wg21'
Warning: No DDNS is configured!
Press y to use the current WAN IP or enter DDNS name or press [Enter] to SKIP.
WireGuard config for Peer device 'iPhone' (10.50.1.2/32) created (Allowed IP's 0.0.0.0/0 # ALL Traffic)
Press y to Display QR Code for Scanning into WireGuard App on device 'iPhone' or press [Enter] to SKIP.
Press y to ADD device 'iPhone' to 'server' Peer (wg21) or press [Enter] to SKIP.
y
Adding device Peer 'iPhone' 10.50.1.2/32 to RT-AX58U 'server' (wg21) and WireGuard config
WireGuard 'server' Peer needs to be restarted to listen for 'client' Peer iPhone "Device"
Press y to restart 'server' Peer (wg21) or press [Enter] to SKIP.
y
Requesting WireGuard VPN Peer restart (wg21)
Restarting Wireguard 'server' Peer (wg21)
wireguard-server1: Wireguard VPN '' Peer (wg21) on 10.88.8.1:51820 (# RT-AX58U Server #1) Terminated
wireguard-server1: Initialising Wireguard VPN 'Server' Peer (wg21) on 10.88.8.1:51820 (# RT-AX58U Server #1)
wireguard-server1: Initialisation complete.
interface: wg21 Port:51820 10.50.1.1/24 VPN Tunnel Network # RT-AX58U Server #1
peer: K2RjDsyCvT1sJWhk5zHOGNer4Q+pt7Fcbf4mPiiyOm8= 10.50.1.2/32 # iPhone "Device"
v4.12 WireGuard Session Manager install COMPLETED.
WireGuard ACTIVE Peer Status: Clients 0, Servers 1
Display interactive WireGuard Manager menu
wgm
+======================================================================+
| Welcome to the WireGuard Manager/Installer script (Asuswrt-Merlin) |
| |
| Version v4.12 by Martineau |
| |
+======================================================================+
WireGuard ACTIVE Peer Status: Clients 3, Servers 2
=============================================================================================================================================================
1 = Update WireGuard modules 7 = QRcode for a Peer {device} e.g. iPhone
2 = Remove WireGuard/(wg_manager) 8 = Peer management [ "list" | "category" | "new" ] | [ {Peer | category} [ del | show | add [{"auto="[y|n|p]}] ]
9 = Create[split] Key-pair for Peer {Device} e.g. Nokia6310i (creates Nokia6310i.conf etc.)
3 = List ACTIVE Peers Summary [Peer...] [full] 10 = IPSet management [ "list" ] | [ "upd" { ipset [ "fwmark" {fwmark} ] | [ "enable" {"y"|"n"}] | [ "dstsrc"] ] } ]
4 = Start [ [Peer [nopolicy]...] | category ] e.g. start clients 11 = Import WireGuard configuration { [ "?" | [ "dir" directory ] | [/path/]config_file [ "name="rename_as ] ]}
5 = Stop [ [Peer... ] | category ] e.g. stop clients
6 = Restart [ [Peer... ] | category ] e.g. restart servers
? = About Configuration
v = View ('/jffs/addons/wireguard/WireguardVPN.conf')
e = Exit Script [?]
E:Option ==>
e.g.
E:Option ==> 3
WireGuard VPN Peer Status
interface: wg11 ('client' # Mullvad USA, New York)
peer: ru9aQRxYBkK5pWvNkdFlCR8VMPSqcEENBPGkIGEN0XU=
transfer: 228.31 KiB received, 32.93 KiB sent
interface: wg12 ('client' # Mullvad China, Hong Kong)
peer: oS4vR1RHoFtpevzl2KLUjqDH9AiLwnh9GHBMiB5FVgM=
transfer: 204.65 KiB received, 24.38 KiB sent
interface: wg13 ('client' # Mullvad Oz, Melbourne)
peer: D2ltFd7TbpYNq9PejAeGwlaJ2bEFLqOSYywdY9N5xCY=
transfer: 189.15 KiB received, 15.96 KiB sent
interface: wg21 ('server' # Martineau RT-AC86U Host Peer 1)
peer: jCLceBJGCk1nKFHsMEAXbnxm5DvGkbM+EspGM84B/Ck= ('server client' # Unidentified)
interface: wg22 ('server' # Martineau RT-AC86U Host Peer 2)
peer: EOv5VAl6eD8JaBQbL7vEu5kyKtQODrxuSK9GYNROThc= ('server client' # Unidentified)
e = Exit Script [?]
E:Option ==> ?
Router RT-AX58U Firmware (v3.0.0.
