Domain VPN Routing + WireGuard

[AirAlarm]

Hello, I'm coming from SNB Forums, the problem is that the script doesn't seem to be routing traffic through the WireGuard connection. I'm also using the UDP trash hack for WireGuard to generate random connection port because of the local censorship.

Router: RT-AX58U v1 Merlin: 3004.388.8_2

wgclient-start as follows:

#!/bin/sh

# Enable exit on error
set -e

# Function to generate a random number between 49152 and 65535
generate_random_port() {
    awk -v min=49152 -v max=65535 'BEGIN { srand(); print int(min + rand() * (max - min + 1)) }'
}

interface="wgc$1"
sleep 3
# Log the start of the script
logger -t WireGuardClient -p user.notice "Starting junk-udp-hack script"
logger -t WireGuardClient -p user.notice "Processing WG interface - $interface"

# Retrieve the server and port
wg_endpoint=$(wg show "$interface" endpoints 2>/dev/null || echo "")
if [ -z "$wg_endpoint" ]; then
    logger -s -t WireGuardClient -p user.err "Unable to retrieve endpoint for interface $interface" >&2
    exit 1
fi

wg_server=$(echo "$wg_endpoint" | awk '{print $2}' | cut -d':' -f1 2>/dev/null || echo "")
wg_port=$(echo "$wg_endpoint" | awk '{print $2}' | cut -d':' -f2 2>/dev/null || echo "")

if [ -z "$wg_server" ] || [ -z "$wg_port" ]; then
    logger -s -t WireGuardClient -p user.err "Unable to extract server or port for interface $interface" >&2
    exit 1
fi

# Generate a random message
message=$(dd if=/dev/urandom bs=228 count=5 2>/dev/null | tr -dc 'A-Za-z0-9')

# Generate a new random port and ensure it's not in use
l_port=$(generate_random_port)
while netstat -an | grep -qE '(^|[^0-9])'"$l_port"'([^0-9]|$)'; do
    logger -t WireGuardClient -p user.warn "Port $l_port is already in use. Generating new one"
    sleep 1
    l_port=$(generate_random_port)
done

logger -t WireGuardClient -p user.notice "Setting connection to WG server $wg_server:$wg_port from client's port $l_por>

# Send the message using socat
echo "$message" | socat - UDP-SENDTO:"$wg_server:$wg_port",sourceport="$l_port"

# Update the WireGuard interface with the new listen port
wg set "$interface" listen-port "$l_port"

logger -t WireGuardClient -p user.notice "Done"

sh /jffs/scripts/domain_vpn_routing.sh cron # domain_vpn_routing

sh /jffs/scripts/domain_vpn_routing.sh querypolicy all # domain_vpn_routing_queryall

I have created a single policy to test YouTube with (also blocked for me):

Policy Name: YouTube
Interface: wgc1
Verbose Logging: Enabled
Private IP Addresses: Disabled
Domains:
*.googlevideo.com
ggpht.com
googleapis.com
googleusercontent.com
googlevideo.com
gstatic.com
nhacmp3youtube.com
www.youtube.com
youtu.be
youtube.com
youtubei.googleapis.com
yt3.ggpht.com
yt4.ggpht.com
ytimg.com
ytimg.l.google.com

How can I share the log data with you so you could have a look into my case? What kind of additional info would you need?

Thanks!

[JoyZzzzz]

This script bundle works fine for me. Try using a newer version of the UDP Trash Hack script.

*.googlevideo.com

You may also have a problem with this domain. Remove *.

[Ranger802004]

The wildcard is not supported and I can see that causing an error in the current build. I am working to include wildcards for the next release.

[AirAlarm]

I have removed the wildcard and updated the UDP script. Still doesn’t seem to be working.

Do I need to assign devices in the VPN Director for my WireGuard connection?

[JoyZzzzz]

Do I need to assign devices in the VPN Director for my WireGuard connection?

Only if you want to route all traffic through WireGuard without using a routing script

[AirAlarm]

Only if you want to route all traffic through WireGuard without using a routing script

And what if I want to use the routing script, is there any way I could track and troubleshoot the issue described above?