Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
HOTFIX: 'wg' module not downloaded for any model eek!
FIX: Correct Kernel module 3rd-party download filename for RT-AX86U i.e. "k27" ==> "k52"
FIX: During import, comment-out 'Listenport = 51820' from Torguard generated 'client' .config, as when installed on a device it's both a 'server' and 'client' but this conflicts with router 'server' Peer 'wg21'"
FIX: Correct 'Is_IPv4_CIDR()' function (it didn't explicitly validate the '/xx' suffix to be in range 1x-32)
CHANGE: Command 'vpndirector clone [ [ { wan | openvpn_index [ wireguard_index ]} ]' now allows selecting which OVPN VPN Director rules are cloned and allows Wireguard interface redirect.
NEW: 'peer wg1x add subnet [ ip_subnet ]...' command to facilitate downstream subnets such as WiFi Guests.
NEW: 'useentware [ yes | no ]' command to set 'USEENTWAREMODULES' config directive.
CHANGE: '?' command incudes display of 'USEENTWAREMODULES' status if Firmware contains modules.
NEW: 'peer wg2x port=nnnnn' command allows changing 'ListenPort' for 'server' Peers where the default Port 51820 may conflict with Torguard 'client' Peers.
FIX: When terminating a 'client' Peer, its metrics report can still fail with non-numeric arithmetic operations e.g. 'expr nn - *'
FIX: amtm install will retain existing '/opt/etc/wireguard.d/WireGuard.db' Peer definitions if they exist.
FIX: To prevent stalls when 'wgm' is used to show initial menu, change 'iptables -L FORWARD' to 'iptables -nvL FORWARD'
FIX: 'AllowedIPs' routes not honoured i.e. default ALL routes '0.0.0.0/0' and '::/0' always set; and command doesn't update .config
FIX: 'vpndirector' command does not clone VPN Director OVPN4/5 rules
CHANGE: 'peer wg1x allowedips=[ list of_IPs_or subnets | default | default6 | 4 | 6 ] [,]...]' command
CHANGE: 'diag' command will list ALL defined SQL tables with their individual schema definitions.
NEW: Allow use of 'PreUp', 'PostUp', 'PreDown' and 'PostDown' directives in 'client' Peer .conf
NEW: Expose option '12' - 'vpndirector [ "clone" [ "wan" | "ovpn"n [ changeto_wg1n ]] | "delete" | "list" ]' command in menu
FIX: 'create new' command doesn't save Public Key, (it saved Private Key twice)
NEW: 'fc [ enable | disable | ? ]' command to manage Flow Cache status
NEW: Use of 'PreUp', 'PostUp', 'PreDown' and 'PostDown' directives in 'client' Peer .conf now allows special '%i' placeholder to be substituted for the current interface
FIX: Remove spurious text from error message; change
'Invalid Option " Invalid Option "dfgh" Please enter a valid option" Please enter a valid option'
to
'Invalid Option "dfgh" Please enter a valid option" Please enter a valid option'
FIX: For Alpha releases use 'nvram get innverver' otherwise use 'nvram get extendno' to identify firmware
Alpha: Router RT-AC86U Firmware (v3.0.0.4.386.4_beta1)
Beta: Router RT-AC86U Firmware (v386.4_beta3)
NEW: 'pgupkey { on | off }' command to allow ENABLING/DISABLING the use of 'Pg-Up' Key to retrieve any of the previous five commands
NEW: Use of 'PreUp', 'PostUp', 'PreDown' and 'PostDown' directives in 'server' Peer .conf now allows special '%i' placeholder to be substituted for the current interface
FIX: '?' command incorrectly reports status of 'Pg-Up' key feature as ALWAYS DISABLED
FIX: 'peer wgnn delX' to force deletion of orphan entry in a 'server' Peer .conf for nominated 'client' doesn't remove the peer entry
FIX: 'server' Peers do not honour/create multiple 'client' AllowedIPs routes
FIX: 'create xxxx' command should not allow single/double quotes in the name xxxx
FIX: 'import' command should comment out 'SaveConfig =' directive in Peer .conf
CHANGE: Explicity reference Busybox version of '/bin/uname' as Entware version (coreutils-uname installed) now reports different output - Thanks SNB Forums member @htmlspinnr
CHANGE: Use of 'PreUp', 'PostUp', 'PreDown' and 'PostDown' directives in Peer .conf now allows multiple commands per line separated with ';'
NEW: Use of 'PreUp', 'PostUp', 'PreDown' and 'PostDown' directives in Peer .conf now allows special '%w' placeholder to be substituted for the current WAN interface
FIX: Command '2|z|remove' now prompts for confirmation BEFORE removing wireguard_manager - @snb Forums member @ZebMcKayhan
CHANGE: 'list' command will identify 'client' Peer Endpoint by actual physical Endpoint (rather than extract from .conf/SQL)
CHANGE: 'list' command 'underline' attribute for default 'client' changed to 'reverse' attribute
CHANGE: Improve 'vpndirector' rule parsing for clone request
CHANGE: Improve IPv6 rules ?
NEW: Strip 'SaveConfig =' directive from 'client' Peer .conf
NEW: Command 'start ['interface'|'category'] [debug]' command now allows 'debug' literal for verbose display of 'client' Peer 'ip/iptables' commands issued - similar to wg-quick (c)
NEW: If 'client' Peers in Policy mode have been set to 'auto=N'; allow command 'start [policy] wg1x' to override 'auto=N' per client - @snb Forums member @abir1909
EXPERIMENTAL: For 'client' Peer add cURL connectivity test to Mullvad to retrieve actual server that is connected.
FIX: Using command 'uf [dev]', explicity 'stop' ALL Peers BEFORE the Kernel modules are unloaded/reloaded (prevents WGDNSx errors)
FIX: Command '1/Update' should only reload WireGuard Kernel module if it is already in firmware rather than perform FULL wireguard_manager install.
FIX: Message 'Press Y to Remove WireGuard ('/opt/etc/wireguard.d/') or press [Enter] to cancel request.'
changed to
'Press Y to Remove WireGuard Manager or press [Enter] to cancel request.'
or if WireGuard isn't in the firmware
'Press Y to Remove WireGuard/WireGuard Manager or press [Enter] to cancel request.'
FIX: Allow mix of IPv4 and IPv6 DNS for a 'client' Peer, and assign Policy IPv4/IPv6 IPs to their appropriate DNS chain. Also correctly tear down DNS -t nat chains etc.
FIX: RT-AX86U - issues error 'non local variable'
FIX: Remove route from table main, and IPv6 RPDB rules for 'stop wg1x' command - @snb Forums member @ZebMcKayhan
FIX: 'peer wg2x delX' command baulks if there are no wg2x.configs (doesn't detect 'server' type so fallback to name check i.e. wg2x)
NEW: If 'client' Peers in Policy mode ('auto=P'); allow command 'start [nopolicy] wg1x' to override 'auto=P' per client
NEW: Allow 'client' Peer cURL Endpoint connectivity test per interface for retrieve of actual server that is connected. see WireguardVPN.conf
FIX: 'diag' command uses "SELECT name FROM sqlite_schema"; sqlite3 v3.25 included in firmware but feature requires v3.33 from Entware ('opkg install sqlite3-cli')
FIX: Add explicit IPv6 LAN to 'client' Peer rule in lieu of the missing ASUS IPv6 firmware rule 'LAN to ANY'
CHANGE: Enhance Command input validation to trap typos such as 'stopwg22' from being interpreted/executed as 'stop' ALL!
CHANGE: Add missing ASUS IPv6 LAN to ANY rule 'ip6tables -I FORWARD -i br0 -j ACCEPT'
CHANGE: Creation of 'server' Peer i.e. 'peer new' command, add '#Address =' for documentation to .conf, and remove messy comment block
CHANGE: Allow/document 'peer import' command - same as 'import' command but seems logical
NEW: Command 'start ['interface'|'category'] [debug]' command now allows 'debug' literal for verbose display of 'server' Peer 'ip/iptables' commands issued - similar to wg-quick (c)
NEW: Allow importing of a 'server' Peer with explicit 'type=server' directive e.g. 'site2site' usage
EXPERIMENTAL: 'site2site'command to create and import 'SiteA'/'SiteB' template .configs
FIX: Detection of hybrid Site-to-Site wg2x type e.g. 'Endpoint' directive may now be present in 'server' Peer .conf
CHANGE: If 'wg setconf wgxx' command fails with syntax errors, destroy 'wgxx' Peer interface
NEW: Allow starting of 'server' Peers ('start wg2x') to use ONLY wg-quick directives; for Site-to-Site?
FIX: 'peer xxxx del' doesn't wipe 'Site-to-Site' Road Warrior 'client' xxxx Peer from 'server' Peer .config.
CHANGE: 'create xxxx [site=remote_config]' allows management of remote 'Site-to-Site' multi Road Warrior 'client' Peers
e.g. Suppose 'site2site Home Cabin' command has been used to create local/remote 'wg22' 'server' Peer.
Now you wish to add a Road Warrior mobile device to access either Site.
Command 'create iPhone site=Cabin' on the local 'Home' site will create the new 'iPhone' 'client' Peer and add it to both 'wg22.conf' and 'Cabin.conf'.
NOTE: 'Cabin.conf' will need to be transferred to the remote 'Cabin' site either as-is for import, or renamed as 'wg22.conf' and restart remote 'wg22'
CHANGE: 'create xxxx site=remote_config' now adds the Site-to-Site Peer to xxxx.conf, so both Endpoints are reachable.
CHANGE: 'create xxxx site=remote_config' now forces DNS = 1.1.1.1 (if ommitted) if first Peer connection DNS is unavailable.- Loading branch information
1 parent
4346161
commit 9440880