i’ve set the “Customize Routing Rules”, but when i go to Luci i can’t edit the wgclient, what should i do ? install luci-proto-wireguard first ?
network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd82:3aa8:5b72::/48'
config device
option name 'br-lan'
option type 'bridge'
option macaddr 'XXXXXXXXXXXXXXXXXXXXXXX'
list ports 'eth1'
list ports 'eth2'
list ports 'eth3'
list ports 'eth4'
list ports 'eth5'
config device
option name 'eth1'
option macaddr 'XXXXXXXXXXXXXXXXXXXXXXX'
config device
option name 'eth2'
option macaddr 'XXXXXXXXXXXXXXXXXXXXXXX'
config device
option name 'eth3'
option macaddr 'XXXXXXXXXXXXXXXXXXXXXXX'
config device
option name 'eth4'
option macaddr 'XXXXXXXXXXXXXXXXXXXXXXX'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option isolate '0'
option ipaddr '192.168.1.1'
config device
option name 'eth0'
option macaddr 'XXXXXXXXXXXXXXXXXXXXXXX'
config interface 'wan'
option device 'eth0'
option force_link '0'
option ipv6 '0'
option metric '10'
option proto 'static'
option ipaddr '192.168.55.2'
option gateway '192.168.55.1'
option vlanid '0'
option netmask '255.255.255.0'
option peerdns '0'
option dns '192.168.1.4'
config interface 'wan6'
option proto 'dhcpv6'
option disabled '1'
option device '@wan'
config switch
option name 'switch0'
option reset '0'
option enable_vlan '0'
config interface 'tethering6'
option proto 'dhcpv6'
option disabled '1'
option device '@tethering'
config interface 'wwan6'
option proto 'dhcpv6'
option disabled '1'
option device '@wwan'
config interface 'guest'
option force_link '1'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.9.1'
option netmask '255.255.255.0'
option ip6assign '60'
option multicast_querier '1'
option igmp_snooping '0'
option isolate '0'
option bridge_empty '1'
option disabled '1'
config interface 'wwan'
option proto 'dhcp'
option metric '20'
config interface 'modem_1_1_6'
option proto 'dhcpv6'
option disabled '1'
option device '@modem_1_1'
config rule 'policy_direct_rt'
option lookup 'main'
option suppress_prefixlength '0'
option priority '1100'
config rule 'policy_default_rt_vpn'
option mark '0x8000/0xc000'
option lookup '8000'
option priority '1101'
option invert '1'
config rule6 'policy_direct_rt6'
option lookup 'main'
option suppress_prefixlength '0'
option priority '1100'
config rule6 'policy_default_rt_vpn6'
option mark '0x8000/0xc000'
option lookup '8000'
option priority '1101'
option invert '1'
config rule 'policy_default_rt_vpn_ts'
option lookup 'main'
option priority '1099'
option mark '0x80000/0xc0000'
option invert '0'
config interface 'wgclient'
option proto 'wgclient'
option config 'peer_9842'
option disabled '0'
firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
list network 'wwan'
option output 'ACCEPT'
option forward 'REJECT'
option mtu_fix '1'
option input 'DROP'
option masq '1'
config forwarding
option src 'lan'
option dest 'wan'
option enabled '1'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config rule
option name 'Support-UDP-Traceroute'
option src 'wan'
option dest_port '33434:33689'
option proto 'udp'
option family 'ipv4'
option target 'REJECT'
option enabled 'false'
config include
option path '/etc/firewall.user'
config include 'nat6'
option path '/etc/firewall.nat6'
option reload '1'
config rule 'block_dns'
option name 'block_dns'
option src '*'
option device 'br-+'
option dest_port '53'
option target 'REJECT'
option enabled '0'
config rule 'process_mark'
option name 'process_mark'
option dest '*'
option proto 'all'
option extra '-m owner --gid-owner 65533'
option target 'MARK'
option set_xmark '0x8000/0xc000'
config rule 'wan_in_conn_mark'
option name 'wan_in_conn_mark'
option src 'wan'
option dest '*'
option set_xmark '0x8000/0xc000'
option target 'MARK'
option extra '-j CONNMARK --set-xmark 0x8000/0xc000'
option enabled '1'
config rule 'lan_in_conn_mark_restore'
option name 'lan_in_conn_mark_restore'
option src 'lan'
option dest '*'
option set_xmark '0x8000/0xc000'
option target 'MARK'
option extra '-m connmark --mark 0x8000/0xc000 -j CONNMARK --restore-mark'
option enabled '1'
config rule 'out_conn_mark_restore'
option name 'out_conn_mark_restore'
option dest '*'
option set_xmark '0x8000/0xc000'
option target 'MARK'
option extra '-m connmark --mark 0x8000/0xc000 -j CONNMARK --restore-mark'
option enabled '1'
config include 'swap_wan_in_conn_mark'
option type 'script'
option reload '1'
option path '/etc/firewall.swap_wan_in_conn_mark.sh'
option enabled '1'
config include 'gls2s'
option type 'script'
option path '/var/etc/gls2s.include'
option reload '1'
config include 'glblock'
option type 'script'
option path '/usr/bin/gl_block.sh'
option reload '1'
config zone
option name 'guest'
option network 'guest'
option forward 'REJECT'
option output 'ACCEPT'
option input 'REJECT'
config forwarding
option src 'guest'
option dest 'wan'
option enabled '1'
config rule
option name 'Allow-DHCP'
option src 'guest'
option target 'ACCEPT'
option proto 'udp'
option dest_port '67-68'
config rule
option name 'Allow-DNS'
option src 'guest'
option target 'ACCEPT'
option proto 'tcp udp'
option dest_port '53'
config include 'vpn_server_policy'
option type 'script'
option path '/etc/firewall.vpn_server_policy.sh'
option reload '1'
option enabled '1'
config zone 'wgclient'
option name 'wgclient'
option forward 'DROP'
option output 'ACCEPT'
option mtu_fix '1'
option network 'wgclient'
option enabled '1'
option input 'DROP'
option masq '1'
option masq6 '1'
config forwarding 'wgclient2wan'
option src 'wgclient'
option dest 'wan'
option enabled '1'
config forwarding 'lan2wgclient'
option src 'lan'
option dest 'wgclient'
option enabled '1'
config forwarding 'guest2wgclient'
option src 'guest'
option dest 'wgclient'
option enabled '1'
