Menu
What's new
By:
Filters Better Search

Recent content by ZebMcKayhan

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

  1. Z

    Solved AX86U & 2 wireguard connections

    You need to add rules in VPNDirector i.e which source should use which vpn tunnel. Or which destination ips should use which vpn. You can't send the same traffic to both tunnels
  2. Z

    Advance firewall rules

    I'm not sure that you can, but even if you can, for the iptables commands to be executed at boot they need to be in firewall-start. The firmware sometimes wipes all firewall rules and rebuilds them, in these cases these also needs to be re-applied which happens in firewall-start. The firewall...
  3. Z

    Advance firewall rules

    I'm not sure that is the right way to go, but I like the idea. I would also like the source and destination interfaces as free-text unless selectable from drop down list. I would assume the webpage somehow gets the info into nvram but this is sparse. I would also assume some firewall.c file to...
  4. Z

    Release Asuswrt-Merlin 3004.388.7 is now available

    Yes, but it's not that simple, I.e. https://blogs.infoblox.com/ipv6-coe/ula-is-broken-in-dual-stack-networks/
  5. Z

    Release Asuswrt-Merlin 3004.388.7 is now available

    I'm not sure it would be appropriate for the router to suddenly announce ipv6 to lan unless you have enabled ipv6 in the gui. Furthermore the ipv6 you get in a Wireguard config is just a single ip, not a subnet to announce to your lan. Even if it was a subnet, it's a ULA address, your LAN...
  6. Z

    Release Asuswrt-Merlin 3004.388.7 is now available

    If I remember correctly, Merlin firmware wireguard does not support ipv6, but I could be wrong. I imported a dual stack config file and both ipv4 and ipv6 addresses show up in the gui. But I'm currently on ipv4 only. However, in order to support it without ipv6 wan you will need to get an ipv6...
  7. Z

    Scheduling local clients (stop kids from using local Plex at night)

    I'm using this for parental control and it works fine: iptables -I FORWARD -o eth0 -m set --match-set parental-mac src --match time --weekdays Mon,Tue,Wed,Thu,Fri --timestart $(date -u -d @$(date "+%s" -d "11:00") +%H:%M) --timestop $(date -u -d @$(date "+%s" -d "17:00") +%H:%M) -j REJECT But it...
  8. Z

    Bugs in WireGuard config UI

    Even though the GUI has some limitations, it's still possible to change the keys via SSH: https://www.snbforums.com/threads/wireguard-server-tweaks.85758/post-852124
  9. Z

    VPNDirector routing setup to server connections (WGS for example)

    Here is some to read on AllowedIPs: https://www.snbforums.com/threads/question-on-wireguard-tunnel-configuration.89680/post-902916 It is one of the more difficult part to understand, but if a destination is not in allowedIPs it will not be allowed over the tunnel. If you plan on having internet...
  10. Z

    VPNDirector routing setup to server connections (WGS for example)

    In wgm site-2-site was setup using a server peer on each side. And to route internet data I wrote this as an example of creating your own policy table: https://github.com/ZebMcKayhan/WireguardManager?tab=readme-ov-file#route-site-2-site-internet-access But if your sole purpose is to join the 2...
  11. Z

    Accessing VPN Clients on Router thru Mobile Phone

    I don't know of any easy way to do this. But if you are up for some scripting, check out Android "SSH button" or Apple "Shortcuts". These would allow you to place buttons on your home screen that, when pushed, send one or more ssh commands to the router. It would be possible to have a button...
  12. Z

    VPNDirector routing setup to server connections (WGS for example)

    Note, routing rules are traversed from prio 0 first and upwards. Table local is only addresses destined for the router itself. If a rule is matched the route table appointed will be used. If no routes are found in the routing table the rules will continue to be processed. In Asus merlin, all...
  13. Z

    VPNDirector routing setup to server connections (WGS for example)

    Look at the routing rules using ssh: ip rule Wgc1 uses its own routing table as shown in the previous command, conveniently named wgc1. To check it use ip route show table wgc1 If you post it here I may be able to help but remove any public ip and such.
  14. Z

    Guide Wireguard-portforwarding

    What if you try this, after you started your wgc1 client with your vpndirector route, try to execute this at the ssh prompt: ip route del $(ip route show table wgc1 | grep $(wg show wgc1 endpoints | sed -n 's/.*\t\(.*\):.*/\1/p')) table wgc1 (This will temporary remove route to wgc1 endpoint in...
  15. Z

    Guide Wireguard-portforwarding

    If its still not working altough VPNDirector is set correct, there is the off chance you have this issue: https://www.snbforums.com/threads/port-forwarding-over-wireguard-connection.87498/post-873447
See more
Top