v1.13.0 and wireguard working well on WDR4300 v1.7. Enjoying the excellent firmware on several different devices. I noticed a couple of minor issues with the wireguard implementation.
Issue #1:
It seems you can only include one network in the AllowedIPs line of the Peer section in the wireguard config file. If there is more than one (comma separated) entry only one entry seems to be recognized. I usually include both the remote LAN and the tunnel networks so I can get full ping/trace results from the tunnel. So I've limited my test config file to the remote LAN only. Is this limitation by design?
Issue #2:
I only want the remote LAN traffic to go over the VPN and all other traffic to go out to the internet. I had to add a static default route in gargoyle to make this happen. Without this all traffic went over the tunnel. Is this the correct way to do this?
Gargoyle 1.13.0 with Wireguard on TP-Link WDR4300
Moderator: Moderators
Re: Gargoyle 1.13.0 with Wireguard on TP-Link WDR4300
Issue 1, are you referring to the gargoyle wireguard config, the wireguard network config, or the config file for wireguard clients that can be downloaded? Sorry there are 3 and it helps to be clear
/etc/config/wireguard_gargoyle
/etc/config/network
downloadable config
Issue 2, your remote client, is that a Gargoyle router or some other device? If you set the server to "clients use it for lan traffic only" then it should behave as you desire, but there are some reports that this isn't behaving correctly and would be a bug.
/etc/config/wireguard_gargoyle
/etc/config/network
downloadable config
Issue 2, your remote client, is that a Gargoyle router or some other device? If you set the server to "clients use it for lan traffic only" then it should behave as you desire, but there are some reports that this isn't behaving correctly and would be a bug.
https://lantisproject.com/downloads/gargoylebuilds for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.
Please be respectful when posting. I do this in my free time on a volunteer basis.
Re: Gargoyle 1.13.0 with Wireguard on TP-Link WDR4300
Issue 1 - referring to downloadable config file.
Issue 2 - Gargoyle is the client. Raspberry Pi OS running bullseye is the server. I tried both drop down options in gargoyle gui (allow non-wireguard and not). Behaviour was the same for both. Tunnel traffic was good. All other traffic was blocked. As soon as I added the default static route in the gargoyle gui, all was behaving as desired.
Thank you.
Issue 2 - Gargoyle is the client. Raspberry Pi OS running bullseye is the server. I tried both drop down options in gargoyle gui (allow non-wireguard and not). Behaviour was the same for both. Tunnel traffic was good. All other traffic was blocked. As soon as I added the default static route in the gargoyle gui, all was behaving as desired.
Thank you.
Re: Gargoyle 1.13.0 with Wireguard on TP-Link WDR4300
More info after some testing:
Issue 1 - it seems like a route is created for only the first item of the AllowedIPs parameter.
Issue 2 - seems to be resolved with my current config. I did not track the various changes to determine what exactly caused the issue. Consider it resolved.
Thank you.
Issue 1 - it seems like a route is created for only the first item of the AllowedIPs parameter.
Issue 2 - seems to be resolved with my current config. I did not track the various changes to determine what exactly caused the issue. Consider it resolved.
Thank you.
Re: Gargoyle 1.13.0 with Wireguard on TP-Link WDR4300
Can you show an example of a line from the config that doesn’t work? I think I get it but just want to be sure.
I expect the config is not being parsed correctly and it isn’t sending the additional ips into the network config.
I expect the config is not being parsed correctly and it isn’t sending the additional ips into the network config.
https://lantisproject.com/downloads/gargoylebuilds for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.
Please be respectful when posting. I do this in my free time on a volunteer basis.
Re: Gargoyle 1.13.0 with Wireguard on TP-Link WDR4300
The following is a line from the uploaded config file in the peer section:
AllowedIPs = 192.168.14.0/24,192.168.21.1/32
A route does get added for the 192.168.14.0/24 but without the mask (in the gui > 192.168.14.0 instead of 192.168.14.0/255.255.255.0). No other routes are added. As a workaround, I added a cron job to add the routes correctly at reboot.
When the line appears like this:
AllowedIPs = 192.168.14.0/24
The route is added correctly as 192.168.14.0/255.255.255.0 on gui routes screen.
Unrelated questions:
Are the following wireguard config file parameters supported in the current implementation:
PersistentKeepAlive
PostUp / PostDown
Thank you.
AllowedIPs = 192.168.14.0/24,192.168.21.1/32
A route does get added for the 192.168.14.0/24 but without the mask (in the gui > 192.168.14.0 instead of 192.168.14.0/255.255.255.0). No other routes are added. As a workaround, I added a cron job to add the routes correctly at reboot.
When the line appears like this:
AllowedIPs = 192.168.14.0/24
The route is added correctly as 192.168.14.0/255.255.255.0 on gui routes screen.
Unrelated questions:
Are the following wireguard config file parameters supported in the current implementation:
PersistentKeepAlive
PostUp / PostDown
Thank you.
Re: Gargoyle 1.13.0 with Wireguard on TP-Link WDR4300
Are you comfortable modifying the javascript on the router? I assume so.
It will be minified so first step.
Locate /www/js/wireguard.js
Replace the contents with the contents of this https://raw.githubusercontent.com/ericp ... reguard.js
After line 306 (https://github.com/ericpaulbishop/gargo ... rd.js#L306) insert a new line:
At line 316 (now 317 after you've added the line above), change it as follows:
I haven't really tested it as I didn't want to disturb my current server config, but it should be pretty close.
For a server implementation we push PersistentKeepAlive out to all client configs, but when acting as a client the parameter is silently ignored. It should be trivial to add it in, let me know how the above goes and I'll look to add this in as well.
I think PostUp/Down would be far less trivial. Do you have a use case in mind?
It will be minified so first step.
Locate /www/js/wireguard.js
Replace the contents with the contents of this https://raw.githubusercontent.com/ericp ... reguard.js
After line 306 (https://github.com/ericpaulbishop/gargo ... rd.js#L306) insert a new line:
Code: Select all
var allowed_ips = document.getElementById(prefix + "allowed_ips").value;
+allowed_ips = allowed_ips.split(',');
uci.set("wireguard_gargoyle", "client", "allowed_ips", allowed_ips)
Code: Select all
-configureAC("wgserver",server_pubkey,[allowed_ips],endpoint_host,endpoint_port);
+configureAC("wgserver",server_pubkey,allowed_ips,endpoint_host,endpoint_port);
For a server implementation we push PersistentKeepAlive out to all client configs, but when acting as a client the parameter is silently ignored. It should be trivial to add it in, let me know how the above goes and I'll look to add this in as well.
I think PostUp/Down would be far less trivial. Do you have a use case in mind?
https://lantisproject.com/downloads/gargoylebuilds for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.
Please be respectful when posting. I do this in my free time on a volunteer basis.
Re: Gargoyle 1.13.0 with Wireguard on TP-Link WDR4300
Made your proposed changes (1 line add + 1 line change). No change in behaviour.
Summary of behaviour I've observed:
#1 - AllowedIPs = x.x.x.x/xx - all is good
#2 - AllowedIPs = x.x.x.1/32,x.x.x.0/24 - no routes added
#3 - AllowedIPs = x.x.x.0/24,x.x.x.x1/32 - route only added for /24 entry
In all 3 cases above, the /etc/config/wireguard_gargoyle and /etc/config/network AllowedIPs parameter is correct.
FYI. I expanded my workaround boot script (run via rc.local) to include adding the client-side persistent-keepalive via command line. It is working well.
No use case for PostUp/PostDown at this time. Just curious.
Thank you.
Summary of behaviour I've observed:
#1 - AllowedIPs = x.x.x.x/xx - all is good
#2 - AllowedIPs = x.x.x.1/32,x.x.x.0/24 - no routes added
#3 - AllowedIPs = x.x.x.0/24,x.x.x.x1/32 - route only added for /24 entry
In all 3 cases above, the /etc/config/wireguard_gargoyle and /etc/config/network AllowedIPs parameter is correct.
FYI. I expanded my workaround boot script (run via rc.local) to include adding the client-side persistent-keepalive via command line. It is working well.
No use case for PostUp/PostDown at this time. Just curious.
Thank you.
Re: Gargoyle 1.13.0 with Wireguard on TP-Link WDR4300
If we are populating the configs correctly then i'm not sure what is wrong, that's more of a wireguard thing now.
If you could post the network config just to confirm that is ok.
If you could post the network config just to confirm that is ok.
https://lantisproject.com/downloads/gargoylebuilds for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.
Please be respectful when posting. I do this in my free time on a volunteer basis.