Menu
What's new
By:
Filters Better Search

Search results

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

  1. eibgrad

    Openvpn access problems

    There's also a risk of a conflict w/ the tunnel's IP network, which by default, is often in the 10.x.x.x range. I once visited a large hotel in Pennsylvania that decided to use 192.168.0.0/16 for its own IP network. Yes, the entire 192.168.x.x range, all 64k possible hosts.
  2. eibgrad

    Openvpn access problems

    If you're connected to the OpenVPN server and your app (ssh or anything else) references the remote IP network over the tunnel, either because you've made the tunnel your default gateway or pushed it to the OpenVPN client, it should be routed through the tunnel and work. Usually. So what could...
  3. eibgrad

    Routing my VPN Server through VPN Client 1 Having issues with Facetime

    Out of curiosity, I tried Passepartout myself. I was particularly interested in whether it supported bridged (TAP) OpenVPN tunnels w/ my iPhone, since traditionally this has NOT been possible w/ OpenVPN Connect on iOS, presumably a limitation imposed by Apple. But I wasn't sure, so I tried it...
  4. eibgrad

    Connecting a Pool Heater

    If I had to bet, it probably is shoddy wireless, much like most of the wireless you find on smart TVs. That's why I avoid wireless as much as possible, relegating it (ideally) to mobile devices. Sometimes devices will have been developed and tested w/ older networking equipment, and sometimes...
  5. eibgrad

    Network places accessible from internet

    By "see", some users mean they don't see resources listed under Network Places (or whatever MS is calling it these days). That feature relies on network discovery, which will NOT typically work across a routed (TUN) tunnel. It may work w/ a bridged tunnel (TAP), but WG doesn't support bridged...
  6. eibgrad

    How to prevent WireGuard VPN server clients from accessing the local network (allow only Internet access)?

    You're opening access to the LAN and router, but it's in a secure fashion, unlike simple port forwarding directly over the WAN. If it's only for YOUR use, and you protect any private keys, it's reasonably safe. Many ppl want access to the LAN and/or router, and NOT just for the purposes of...
  7. eibgrad

    How to prevent WireGuard VPN server clients from accessing the local network (allow only Internet access)?

    What you consider safe is up to you. Who's accessing the router? Just you? Anyone else you might not fully trust? My primary concern is if we limit access to the router, and you've configured those WG clients to access the router's DNS server (which is common w/ VPN configurations), then...
  8. eibgrad

    How to prevent WireGuard VPN server clients from accessing the local network (allow only Internet access)?

    I just noticed the following. Chain WGSF (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- eth0 wgs1 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- wgs1 eth0 0.0.0.0/0 0.0.0.0/0...
  9. eibgrad

    How to prevent WireGuard VPN server clients from accessing the local network (allow only Internet access)?

    What I want you to do is attempt access of the LAN from the WG client so we can see if it enters the router via the wgs1 network interface and gets blocked from accessing the LAN (br0) by that rule. If that happens, the pkts count field on the rule should be > 0. But as it stands, I can't tell...
  10. eibgrad

    How to prevent WireGuard VPN server clients from accessing the local network (allow only Internet access)?

    Thanks for the GUI images. As before, the rule is there, but there's still no indication of any attempt to route traffic through the WG tunnel and into the local network. You are trying before posting these dumps, correct?
  11. eibgrad

    How to prevent WireGuard VPN server clients from accessing the local network (allow only Internet access)?

    You gave me the nat table, I need the FORWARD chain of the filter table. iptables -vnL FORWARD
  12. eibgrad

    How to prevent WireGuard VPN server clients from accessing the local network (allow only Internet access)?

    Again, I don't have access to WG on my own router, but doesn't it allow you to configure LAN only, internet only, or Both, much like the OpenVPN server? (I've never seen the GUI in this regard, I'm flying blind)
  13. eibgrad

    How to prevent WireGuard VPN server clients from accessing the local network (allow only Internet access)?

    Well at least the rule is there now. But no indication of it being hit (based on packet counts) from any attempted access from the WG server and into the local network (br0).
  14. eibgrad

    How to prevent WireGuard VPN server clients from accessing the local network (allow only Internet access)?

    Well I don't see that rule in the dump of the FORWARD chain. When you add it, make sure it appears in the table. iptables -vnL FORWARD For example... Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0...
  15. eibgrad

    How to prevent WireGuard VPN server clients from accessing the local network (allow only Internet access)?

    Then you'll have to dump some of the internals so I can see exactly what's happening. ifconfig brctl show ip route ip rule iptables -vnL iptables -t nat -vnL Feel free to mask your public IP. Just make it obvious and consistent.
  16. eibgrad

    VPN Director Question

    I had actually considered another option for you, but there appears to be a bug preventing it. https://www.snbforums.com/threads/openvpn-client-mishandled-route-directives.91235/
  17. eibgrad

    How to prevent WireGuard VPN server clients from accessing the local network (allow only Internet access)?

    iptables -I FORWARD -i <wg-network-interface> -o br+ -j REJECT I don't have access to Wireguard on my router, or else I would have specified it. You just need to check w/ ifconfig what that is and replace it in the rule. Test it first by copying/pasting from ssh, and if it works, make it...
  18. eibgrad

    OpenVPN Client: mishandled route directives

    ASUS RT-AC68U - 386.14 I'm trying to help the OP w/ the following problem. https://www.snbforums.com/threads/vpn-director-question.91225/ One approach I was considering is to add route directives to the custom config field of the OpenVPN client to route the following domains through the WAN...
  19. eibgrad

    Release Asuswrt-Merlin 3004.388.8_2 is now available

    No idea. It is a loopback IP, so it's an internal process. Could be AiCloud, Transmission, something from the numerous add-on, etc.
  20. eibgrad

    Network places accessible from internet

    Use a VPN! Do NOT expose such services directly to the internet via the WAN.
Top