Someone please point me to the commands for wireguard. wg -help is only giving me some. I'm having to log on to luci > interface > and stop/restart every time I require it off on on.
I know i know, it is the answer is somewhere but I cannot find it in search. 45 mins!
Just leave it up. WG is passively open, only replies if the right incoming packet is received. Try it out on an online port prober to verify for yourself.
What @darksky said is true if this is the 'server' side of the equation. However, if this is on the 'client' peer, you may want to be able to start and stop the tunnel -- in which case, the commands I provided above will do the trick. You may need to also restart the WAN interface to re-establish the default route (you can, alternatively, use metrics to prevent the default route from being overwritten by the wireguard interface).
Thanks psherman, works a treat.
@darksky I would but the female of the house (the boss) occasionally wants to watch disney and netflix which have a problem with wireguard as we know. I know there are ways round it, I am resistant to creating a 2nd wireless with no vpn - there's enough WiFi beaming around the house.
For now I've been grabbing my phone with a terminal emulator and SSH'ing in.
If you have another suggestion, fire away!
For the record, the amount of "wifi beaming around the house" does not change if you add another SSID. Oversimplifying, but basically the SSIDs simply timeshare the hardware radio(s) in the router. It does, obviously, mean another SSID is broadcast which could kind of clutter up the wifi menus for client devices, but that is the only difference.
@dairymilkbatman1 - Ah, your use case is to use WG to connect the entire network (house) via connecting to a remote WG peer (server). If you have a single device that needs to use some geobound streaming service, you then stop the WG connection for the entire network. If you drop WG, all connected devices suddenly have different IP addresses. Privacy is eroded. Personally, I would setup another firewall zone and another SSID to use your native IP or to use a 2nd WG instance connected to a server within the geo range of your streaming provider.
Yes, you are correct but, the wireguard is provided by a mullvad subscription which is present on my devices also for when I leave the house so am I right in assuming that I am protected since the app takes over? (The blocking internet setting is enabled on mullvad app)
Granted - if this indeed works - it is not ideal, but I did not know the above by psherman with regards to electromagnetic pollution in the house.
I will definitely consider setting up another SSID now though! openwrt is great, loving it so far!
To change the location of wireguard, I assume I need only obtain another key from mullvad for the correct location to keep netflix and disney woke boys happy?