***WireGuard® is currently incompatible with the H/W Acceleration/Flow Cache on ASUS Routers, therefore WAN speeds above 500Mbs cannot be exploited***
Jason Donenfeld's WireGuard® Kernel module and Userspace Tools see Wireguard Home was compiled by SNB Forums member @odkrys back in 2018 to run on two ASUS HND routers (RT-AC86U/RT-AX88U) running Kernel v4.1.xx , and generously shared the modules with the ASUS router community; see Original thread
WireGuard® Manager© v1.01b4 was conceived/written by SNB Forums member @Martineau in Early Feb. 2021 (see Release post) to automate the install of @odkrys' manual instructions, and later redesigned and enhanced the concept by no longer requiring to run WireGuard® as an Entware-style service (/opt/etc/init.d/S50wireguard) with manual editing by the user.
In Nov. 2021, ASUS released two Public Betas (ASUSWRT 386 RC3-2/3) firmwares see ASUS Public Beta RC3-2/3 that contain the WireGuard® Kernel module, and provided (via their consolidated re-vamped VPN WebUI) the ability to run a single WireGuard 'server' Peer (wgs) and up to 5 'client' Peers (wgc1 thru' wgc5) concurrently with OpenVPN etc. see @Martineau's brief review whilst WireGuard® Manager© allows for 5 'server' Peers (wg21 thru' wg25) and up to 9 'client' Peers (wg11 thru' wg19)
MIPS routers such as the venerable RT-AC68U are based on Kernel v2.6.xx therefore unfortunately lack Kernel support for the WireGuard® modules, however @RMerlin firmware v386.4+ (Jan 2022) now includes the necessary Kernel/Userspace Tools (v1.0.20210124) in a larger number of ASUS supported routers such as RT-AX58U/GT-AXE11000 etc.
SNB Forums member @ZebMcKayhan has now taken on the task to compile new WireGuard® Kernel modules/Userspace Tools for certain HND router models to keep in line with WireGuard® GitHub Patches/Release from Jason, and these updated modules may optionally be used by WireGuard® Manager© to override @RMerlin's included firmware modules. see @ZebMcKayhan's Kernel Modules
NOTE: As of July 2022 the Nov 2021 ASUSWRT 386 RC3-3 Public Beta has not been updated by ASUS, with rumours that ONLYASUS firmware v388.xx will contain full WireGuard® features in their revamped VPN Fusion support - Expected release in 3Q2022 ? on selected models.
ASUS WireGuard® 'client' Peer Support FAQ ASUS WireGuard® 'server' Peer Support FAQ
ASUS WireGuard® Site-to-Site Peers Support FAQ
@RMerlin forum post speculation release in 4Q2022 ?
1 = Update WireGuard® modules 7 = QRcode display for a Peer {device} e.g. iPhone
2 = Remove WireGuard®/(wg_manager) 8 = Peer management [ "help" | "list" | "new" ] | [ {Peer | category} [ del | show | add [{"auto="[y|n|p]}] ]
9 = Create[split] Road-Warrior device Peer for server Peer {device [server]} e.g. create myPhone wg21
3 = List ACTIVE Peers Summary [Peer...] [full] 10 = IPSet management [ "upd" { ipset [ "fwmark" {fwmark} ] | [ "enable" {"y"|"n"}] | [ "dstsrc"] {src} ] }]
4 = Start [ [Peer [nopolicy]...] | category ] e.g. start clients 11 = Import WireGuard® configuration { [ "?" | [ "dir" directory ] | [/path/]config_file [ "name="rename_as ] ]}
5 = Stop [ [Peer... ] | category ] e.g. stop clients 12 = vpndirector Clone VPN Director rules [ "clone" [ "wan" | "ovpn"n [ changeto_wg1n ]] | "delete" | "list" ]
6 = Restart [ [Peer... ] | category ] e.g. restart servers
? = About Configuration
v = View [ Peer[.conf] (default WireguardVPN.conf) (vx - Edit)
e = Exit Script [?]
E:Option ==>
There's already a wealth of information on @ZebMcKayhan's blog, so it isn't necessary to rewrite or include in full here.
WireGuard® Manager© was designed as a command line menu driven utility, and to create WebUI buttons/option for every command line invocation isn't feasible, but all features except the QRCode display of Road-Warrior 'device' Peers is currently available via the WebUI CMD dialog box
Useful features such as being able to import a desired profile from a vendor such as Mullvad via the WebUI ((ASUSWRT 386 RC3-3) requires you to manually clone/input the vendor provided WireGuard® .conf directives) plus the ability to manage the state of the WireGuard® interfaces by the default categories (ALL. clients or servers) is available, together with useful diagnostic/Info Buttons etc.
Peers are configured via the 'peer' command
e = Exit Script [?] E:Option ==> peer help peer help - This text peer - Show ALL Peers in database peer peer_name - Show Peer in database or for details e.g peer wg21 config peer peer_name {cmd {options} } - Action the command against the Peer peer peer_name del - Delete the Peer from the database and all of its files *.conf, *.key peer peer_name ip=xxx.xxx.xxx.xxx - Change the Peer VPN Pool IP peer category - Show Peer categories in database peer peer_name category [category_name {del | add peer_name[...]} ] - Create a new category with 3 Peers e.g. peer category GroupA add wg17 wg99 wg11 peer new [peer_name [options]] - Create new server Peer e.g. peer new wg27 ip=10.50.99.1/24 port=12345 peer new [peer_name] {ipv6} - Create new Dual-stack server Peer with 'aa' prefix e.g. peer new ipv6 peer new [peer_name] {ipv6} - Create new Dual-stack server Peer with 'fd' prefix e.g. peer new ipv6 ula peer new [peer_name] {ipv6 noipv4 [ula[4]]} - Create new IPv6 Only server Peer e.g. peer new ipv6 noipv4 peer new [peer_name] {ipv6 noipv4} - Create new IPv6 Only server Peer e.g. peer new ipv6 noipv4 ipv6=aaff:a37f:fa75:100:100::1/120 peer import peer_conf [options] - Import '.conf' into SQL database e.g. import Mullvad_Dallas import SiteA type=server peer peer_name [del|add|upd] ipset {ipset_name[...]} - Selectively Route IPSets e.g. peer wg13 add ipset NetFlix Hulu peer wg12 upd ipset MACs dstsrc src peer wg12 upd ipset all enable n peer peer_name [add] subnet {IPSubnet[...]} - Configure downstream subnets e.g. peer wg13 add subnet 192.168.5.0/24 peer peer_name {rule [del [all|id_num]|add [wan] rule_def]} - Manage Policy rules e.g. peer wg13 rule add 172.16.1.0/24 comment All LAN peer wg13 rule add wan 52.97.133.162 comment smtp.office365.com peer wg13 rule add wan 172.16.1.100 9.9.9.9 comment Quad9 DNS peer wg17 rule del 10 peer wg17 rule del all peer serv_peer_name {passthru client_peer {[add|del] [device|IP/CIDR]}} - Manage Passthu rules; 'server' peer devices/IPs/CIDR outbound via 'client' peer peer wg21 passthru add wg11 SGS8 peer wg21 passthru add wg15 all peer wg21 passthru add wg12 10.100.100.0/27 peer wg21 passthru del wg15 all peer wg21 passthru del SGS8 peer wg21 passthru del all peer serv_peer_name {bind device_peer} - Bind a Road Warrior 'device' Peer to a 'server' Peer e.g. peer wg21 bind SGS20 Visit @ZebMcKayhan's Hint's and Tips Guide https://github.com/ZebMcKayhan/WireguardManager/blob/main/README.md#table-of-content
Many thanks to SNB Forum members for supporting this project with bug reports etc. Apologies to any valued contributors I have inadvertantly missed!
Torson,ZebMcKayhan,jobhax,elorimer,Sh0cker54,here1310,defung,The Chief,abir1909,JGrana,heysoundude,archiel,Cam,endiz,Meshkoff,johndoe85,Juched and of course @odkrys for his 'experimental' initial post.