What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Recent content by eibgrad

  1. eibgrad

    YazFi Can't make Yazfi working with Wireguard

    As @bennor suggests, YazFi is no longer supported by the author. So use it at your own risk. Doesn't surprise me in the least it is increasingly subject to issues as the code grows stale over time.
  2. eibgrad

    AX88U surfshark active but not working

    That's it? No details at all? No logs? Absolutely nothing? We don't even know if it's OpenVPN or Wireguard. Or what YOU mean when describing it as active but not working. Do you mean it's *connected* but the VPN Director is NOT routing traffic as expected? BE SPECIFIC!
  3. eibgrad

    How to NAT traffic inbound to a specific host or network ?

    I'm not sure what you mean. Any port forward (added, changed, removed) only affects the VSERVER chain of the NAT table. iptables -t nat -vnL VSERVER But we added the nat rule to the POSTROUTING chain. iptables -t nat -vnL POSTROUTING I just tested it, and when I added a port forward, as...
  4. eibgrad

    How to NAT traffic inbound to a specific host or network ?

    You need to create a nat-start script, as explained in the following link. https://www.snbforums.com/threads/rt-ax86u-openvpn-adguard-home-no-internet-on-android.79467/#post-771219
  5. eibgrad

    How to NAT traffic inbound to a specific host or network ?

    This sounds like a site-to-site configuration. And in such cases, you normally do NOT NAT the tunnel in either direction. But in this case, you need to NAT the tunnel on the server side in order to force replies from mobile devices that reach the Keenetics router back through that same tunnel...
  6. eibgrad

    Do SSH change survive reboot?

    IIRC, ASUS routers used to have a facility where you could point to a script for execution on bootup. But that capability was removed several years ago for security reasons, leaving only third-party firmware as an option. Even if this was still possible, timing can become an issue. It may...
  7. eibgrad

    OVPN HMAC authentication switching from SHA1 to SHA256

    Merlin's comments about GCM are correct, but it has apparently created a misunderstanding as to what that actually means in practice. The decision to use or NOT use a GCM cipher has no bearing on whether you should enable/disable tls-auth. If you use a GCM cipher, and enable auth, the auth...
  8. eibgrad

    Add/Remove Port Forwards on a schedule

    Correct.
  9. eibgrad

    Add/Remove Port Forwards on a schedule

    You could create a nat-start script and add your own port forward(s) which includes its own scheduling using the time module. #!/bin/sh ext_ip="$(nvram get wan_ipaddr)" ext_port=3389 int_ip=192.168.1.100 int_port=3389 proto=tcp iptables -t nat -I PREROUTING -p $proto -d $ext_ip --dport...
  10. eibgrad

    OVPN HMAC authentication switching from SHA1 to SHA256

    No. auth and tls-auth are simply a means to encrypt and authenticate individual packets. The former is for data channel packets, the latter for control channel packets. They provide an *additional* layer of security. What's in those packets such as certs, keys, whatever, is of no concern...
  11. eibgrad

    Possibilities to trigger storage ejection remotely? (a more graceful hard shutdown/reboot)

    The mount command combined w/ a regular expression should be sufficient to determine if something is mounted. mount | grep -q '^/dev/sda1 ' && echo 'mounted' As far as end-users, it should be a simple matter to configure a local script (Windows or Linux) to execute a remote Linux script using...
  12. eibgrad

    Linksys EA9500 - Local DNS

    You could install a hosts file on your client machine(s). In fact, before there were DNS servers, that's how it was done (and that's exactly what you were effectively doing /w your prior router). Very crude, but for some circumstances, it may still be sufficient. But I don't see any way...
  13. eibgrad

    OVPN HMAC authentication switching from SHA1 to SHA256

    Options as described in the GUI typically use more descriptive naming than the underlying option as defined in the config file, for obvious reasons. And nothing says each side of the connection (client and server) necessarily will describe them the same. In this case, each side is using the...
  14. eibgrad

    RT-AX86U Pro killswitch

    I'm not exactly sure what you're saying here. If the internet goes down, then how can apps continue working (assuming by "working" you mean they have internet access). Or are claiming they *do* have internet access, but it's via the WAN? If the intent is to deny internet access to the WAN for...
  15. eibgrad

    Do SSH change survive reboot?

    https://www.asuswrt-merlin.net/
See more
Back
Top