[SOLVED]Wireguard commands to enable, disable tunnels

Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Index -> Advanced Networking
Author Message
TheJags
DD-WRT Novice


Joined: 16 Jan 2021
Posts: 13

PostPosted: Sun Sep 26, 2021 20:49    Post subject: [SOLVED]Wireguard commands to enable, disable tunnels Reply with quote
Firmware: DD-WRT v3.0-r47481 std (09/24/21)
Router: ASUS RT AC68U

I'm looking for Wireguard commands to enable, disable or switch tunnels through SSH terminal. I have setup 2 tunnels, oet1 and oet2, through GUI, and they are working just fine.

Code:
wg --help
doesn't list `up` or `down` that I would use on Linux machine, e.g:
Code:
wg-quick up wg0

And it sounds like
Code:
wg-quick
is not there on the router.

Also, can I create/edit config files directly through terminal (not using GUI at all)? like:
Code:
sudo nano /etc/wireguard/wg0.conf
As I couldn't find Wireguard directory under /etc.

Many thanks in advance.
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12834
Location: Netherlands

PostPosted: Mon Sep 27, 2021 6:28    Post subject: Reply with quote
For lots of things DDWRT has a wiki, e.g. Google for: ddwrt wiki wireguard.

As a short cut see the link in my signature at the bottom of this post.

The troubleshooting section of the server setup guide has the instructions for manual starting and stopping.

You can disable the tunnel with its nvram parameter (I am not at home so it is on the top of my head):
oetX_en, 0 is disabled, 1 is enabled

so if you want to disable tunnel 2:
Code:
nvram set oet2_en=0
nvram commit


Then stop and start again

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
TheJags
DD-WRT Novice


Joined: 16 Jan 2021
Posts: 13

PostPosted: Tue Sep 28, 2021 15:21    Post subject: Reply with quote
egc wrote:


so if you want to disable tunnel 2:
Code:
nvram set oet2_en=0
nvram commit


Then stop and start again


Thank you. Also, is it possible to create/edit tunnel through SSH terminal?

Just in case anyone come across, here are complete commands (thanks to egc):

To enable and start:

Code:
ssh root@192.168.1.1 "nvram set oet1_en=1 && nvram commit && ip link set oet1 up && /etc/config/eop-tunnel.prewall && /etc/config/eop-tunnel.firewall" > /dev/null 2>&1;


To disable and stop:
Code:
ssh root@192.168.1.1 "nvram set oet1_en=0 && nvram commit && ip link set oet1 down" > /dev/null 2>&1;
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12834
Location: Netherlands

PostPosted: Tue Sep 28, 2021 15:36    Post subject: Reply with quote
You can configure as many tunnels as you want and stop/start these.

The Gui is basically setting nvram variables so in theory you can change anything from command line.

Next update will add a fail over group so you can set a number of tunnels in a fail group and if one goes down the next in line is started automatically Smile

It will also add more granular policy based routing.

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
TheJags
DD-WRT Novice


Joined: 16 Jan 2021
Posts: 13

PostPosted: Tue Sep 28, 2021 18:03    Post subject: Reply with quote
egc wrote:
You can configure as many tunnels as you want and stop/start these.

The Gui is basically setting nvram variables so in theory you can change anything from command line.


Thanks a lot, and how could I create a new tunnel using command line please. I'm looking for a location of oet1 conf file or something similar. I have read Wireguard server and client guides but did not find any commands there.

Like on a Linux machine, I could with:
Code:
sudo nano /etc/wireguard/wg0.conf
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12834
Location: Netherlands

PostPosted: Wed Sep 29, 2021 6:53    Post subject: Reply with quote
Squashfs (the filesystem of DDWRT and many embedded devices) is a read only file system (it makes some temporary settings but these are gone on reboot)

To store settings it use nvram commands to store things in flash.

The settings of wg can be viewed from command line with:
nvram show | grep oet1

You manipulate an individual setting with nvram get/set/unset
and to store: nvram commit
see: https://wiki.dd-wrt.com/wiki/index.php/Hardware

wg is setup with the usual wg set commands retrieved from the nvram parameters.

To setup a tunnel there is an Import config button that let you import wg.conf files and setup a tunnel for you with only a few mouse clicks.
Basically that is translating the conf parameters in nvram parameters and setup the new tunnel for you.

Of course you can use the wg set command to setup a tunnel all by yourself, DDWRT is just basic Linux but of course you have to setup the interface, do the routing and firewall etc. all by yourself

Perhaps tell us what your problem is you are trying to solve so that we can think of different solutions?

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
foz111
DD-WRT Guru


Joined: 01 Oct 2017
Posts: 704
Location: Earth

PostPosted: Thu Sep 30, 2021 10:05    Post subject: Reply with quote
"fail over group" What build number egc?

egc wrote:
You can configure as many tunnels as you want and stop/start these.

The Gui is basically setting nvram variables so in theory you can change anything from command line.

Next update will add a fail over group so you can set a number of tunnels in a fail group and if one goes down the next in line is started automatically Smile

It will also add more granular policy based routing.

_________________
Netgear R7800 PPPoE Main Router
Network IPV4 - Isolated Vlan's with IoT Devices. Unifi AC-Pro x 3 AP's, Router Wi-Fi Disabled. OVPN Server With Paid Commercial Wireguard Client's. Gateway Mode, DNSMasq, Static Leases & DHCP, Pi-Hole DNS & Running Unbound.

No one can build you the bridge on which you, and only you, must cross the river of life!
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12834
Location: Netherlands

PostPosted: Thu Sep 30, 2021 10:39    Post subject: Reply with quote
It is feature complete and running on my test router.

Currently I am on holiday but will return in two weeks, I then have to do some more testing so I hope you can see it in about 4 weeks give or take (if it is accepted ) Smile

After that you will hopefully get some enhancements for PBR see picture Smile

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
TheJags
DD-WRT Novice


Joined: 16 Jan 2021
Posts: 13

PostPosted: Thu Sep 30, 2021 21:33    Post subject: Reply with quote
egc wrote:
Squashfs (the filesystem of DDWRT and many embedded devices) is a read only file system (it makes some temporary settings but these are gone on reboot)


This answers most of the questions I had.

egc wrote:
Perhaps tell us what your problem is you are trying to solve so that we can think of different solutions?


There aren't any problems I am having at the moment. I was just wondering about command line so I can implement Wireguard on quite a few routers with similar configuration, but you've answered that already.

Thank you so much.
foz111
DD-WRT Guru


Joined: 01 Oct 2017
Posts: 704
Location: Earth

PostPosted: Fri Oct 01, 2021 9:13    Post subject: Reply with quote
Nice one, enjoy your hols mate Very Happy
egc wrote:
It is feature complete and running on my test router.

Currently I am on holiday but will return in two weeks, I then have to do some more testing so I hope you can see it in about 4 weeks give or take (if it is accepted ) Smile

After that you will hopefully get some enhancements for PBR see picture Smile

_________________
Netgear R7800 PPPoE Main Router
Network IPV4 - Isolated Vlan's with IoT Devices. Unifi AC-Pro x 3 AP's, Router Wi-Fi Disabled. OVPN Server With Paid Commercial Wireguard Client's. Gateway Mode, DNSMasq, Static Leases & DHCP, Pi-Hole DNS & Running Unbound.

No one can build you the bridge on which you, and only you, must cross the river of life!
TheJags
DD-WRT Novice


Joined: 16 Jan 2021
Posts: 13

PostPosted: Wed Mar 02, 2022 20:47    Post subject: Reply with quote
egc wrote:
The troubleshooting section of the server setup guide has the instructions for manual starting and stopping.

You can disable the tunnel with its nvram parameter (I am not at home so it is on the top of my head):
oetX_en, 0 is disabled, 1 is enabled

so if you want to disable tunnel 2:
Code:
nvram set oet2_en=0
nvram commit


Then stop and start again


hi again after a while.

I'm following the DDWRT Wireguard server setup guide v44 > Troubleshooting > Manual stopping and starting >

and getting error starting oet1.

I'm connecting to router using SSH terminal (from a linux desktop):

ssh root@192.168.1.1

Enabling oet1 works fine:

Code:
nvram set oet1_en=1 && nvram commit


But when I try to start oet1:

Code:
ip link set oet1 up


I'm getting this error:

ip: ioctl 0x8913 failed: No such device

Code:
ip a


List these interfaces (oet1 is not there):

Code:
lo, teql0, ctf0, eth0, vlan1@eth0, vlan2@eth0, eth1, eth2, br0, ppp0


Now if I start oet1 through GUI/browser, and run `ip a` again, it does list `oet1`

Code:
oet1: <POINTOPOINT,NOARP,UP,LOWER_UP100> mtu 1420 qdisc noqueue state UNKNOWN qlen 1
link/[65534]
inet 10.x.x.x/32 scope global oet1
valid_lft forever preferred_lft forever


So how can I start oet1 using ssh terminal, please. Many thanks in advance.
JavaOops
DD-WRT Novice


Joined: 02 Jan 2016
Posts: 17

PostPosted: Wed May 18, 2022 14:35    Post subject: WG via ssh Reply with quote
You wrote,

Enabling oet1 works fine:

Code:
nvram set oet1_en=1 && nvram commit

Have you tried running 'nvram show | grep oet' and seen that oet1_en is set yo 1?
Megazildjian
DD-WRT Novice


Joined: 28 Nov 2017
Posts: 19

PostPosted: Wed Nov 29, 2023 21:04    Post subject: Reply with quote
TheJags wrote:


To enable and start:
Code:
ssh root@192.168.1.1 "nvram set oet1_en=1 && nvram commit && ip link set oet1 up && /etc/config/eop-tunnel.prewall && /etc/config/eop-tunnel.firewall" > /dev/null 2>&1;


To disable and stop:
Code:
ssh root@192.168.1.1 "nvram set oet1_en=0 && nvram commit && ip link set oet1 down" > /dev/null 2>&1;


Very interested in having this work and ran across this helpful post. Having 16 WG tunnels, I modified the code in order to disable WHATEVER oet<x> tunnel is enabled. Then one can simply enter the number of the tunnel they would like to enable afterwards.

To Disable Current Tunnel:
Code:
INTERFACE=$(ifconfig -a | awk '/oet/{print $1}')
nvram set ${INTERFACE}_en=0 && nvram commit && ip link set $INTERFACE down > /dev/null 2>&1
echo "Interface ${INTERFACE} is now disabled."


To Enable Specific Tunnel (Enter ONLY single digit when prompted, i.e. entering "3" will enable oet3):
Code:
read -p "Enter the interface number: " INTERFACE_NUMBER;INTERFACE="oet${INTERFACE_NUMBER}";nvram set ${INTERFACE}_en=1 && nvram commit && ip link set ${INTERFACE} up && /etc/config/eop-tunnel.prewall && /etc/config/eop-tunnel.firewall > /dev/null 2>&1;echo "Interface ${INTERFACE} is now enabled."


The disable command doesn't seem to actually STOP the WG tunnel, like if you were in the GUI and only the SAVE button was pressed but not APPLY SETTINGS. The same with the enable command, it doesn't actually start the tunnel, it just enables it. Hoping someone can shed some light on this because using just a couple of SH snippets to switch tunnels would be great.

_________________
Linksys EA8500
v3.0-r53562 std (10/03/23)
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12834
Location: Netherlands

PostPosted: Thu Nov 30, 2023 15:11    Post subject: Reply with quote
You are necroposting an old thread with information which is no longer current.

Have a look at the current documentation to see if that works for you.

See WireGuard Server setup guide.

WireGuard Documentation is a sticky (first few threads) in this forum.

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Display posts from previous:    Page 1 of 1
Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum