SSH into router and disconnect Wiregurd Client

Hello

I’m a relative novice. I have the Beryl router and I am able to establish a SSH connection to it.

I use Beryl as a Wiregurd Client.

Through SSH, is it possible to connect and disconnect the Wireguard connection. Is it possible to switch between different saved client configs?

I thought I would find a simple answer somewhere but on Google it looks too complicated!

I’d be grateful if someone could post the relevant command/code!

Take a look at Start/stop wireguard by shell
Maybe it would be easier to write a script around the two tasks for stop or start. Something like this should to the trick:

Stop WG

# /etc/init.d/wireguard stop && uci set wireguard.@proxy[0].enable=‘0’

Start WG

# /etc/init.d/wireguard start && uci set wireguard.@proxy[0].enable=‘1’

If you’d like to choose/change the configuration I’m afraid you have to rewrite the init-script.

Wow, thanks so much for your reply!

It kinda works :slight_smile:

Turning wireguard off is OK, but turning it on again I encounter similar problems in the post you linked to.

In that post it seems the problem was solved - the user said:

‘I have revolver deleting uci set wireguard.@proxy[0].enable=‘0’ uci set wireguard.@proxy[0].enable=‘1’ during stop and start wireguard and it’s ok.’

I… have no idea what a revolver is or how to use it! Could you kindly help me with an example? Is it the command ‘rm’?

rm stands for remove …You should not use it in any case, if you are not 100% understanding what is happening. There is no ‘trash’ where you can recover files, like in windows.
Better use mv do move a file, check the service and if everything is okay, remove the file.

Since I have not tested the lines from the linked post, maybe the second one needs to be switched:
# uci set wireguard.@proxy[0].enable=‘1’ && /etc/init.d/wireguard start

Hey LupusE

Really appreciate you trying to help me out here.

Unfortunately, I am still unable to switch on Wireguard through SSH, no matter which way around the commands are.

I tried it by starting a new session, from a state when the Wireguard Client was off - nothing happened!

However, the command to turn Wireguard off when it’s already on works perfectly.

Weird, huh?

Do you have any idea what might be complicating things? I only have one WG client profile installed. I just want to replicate the functionality that pressing the ‘connect’ button has when using the portal…

My Beryl is at the moment in production, I’m on the road. My family would not be amused if I test around.
I do think the GL.iNet staff will answer tomorrow faster with a better solution.

You may have to commit the UCI changes:

# /etc/init.d/wireguard stop && uci set wireguard.@proxy[0].enable=‘0’ && uci commit

# uci set wireguard.@proxy[0].enable=‘1’ && uci commit && /etc/init.d/wireguard start

I do not work for and I am not directly associated with GL.iNet

Hi all,

Really appreciate the help from the fantastic community here.

Unfortunately, committing doesn’t help either. I’ve even tried reverting firmware to get it to work (to ensure there are no nasties on my end) and, well, it doesn’t. It simply returns a message ‘0’ on an iOS device, or nothing in the mac terminal.

I’m at a loss and out of my depth!

Reason for doing this is I hope to create a siri shortcut to activate the wireguard VPN at the router level, in case you’re wondering. Seems like it’s a long way off…

I do like the idea. Add voice command would be a great featurerequest.

Thanks dude.

Yup Siri already supports SSH scripting - not sure about Android. Unfortunately the router app does not support Siri shortcuts (another feature request? :)) so SSH is the way to go…

But we’re already close… if we can figure out how to turn on the VPN (and maybe figure out what script the guy in the other post used!)

Revolver is a typo. I’ve solved…

1 Like

So, just: stop and start works?

/etc/init.d/wireguard stop

/etc/init.d/wireguard start

1 Like

Huh, amazingly it does!

I can now turn and off the Wireguard VPN at the router using Siri. (using one config only)

Thanks everyone!

1 Like