Menu
What's new
By:
Filters Better Search

Search results

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

  1. eibgrad

    redirecting VPN Server to VPN Fusion client

    When pages fail to load or become unpredictable, it's often an MTU issue. This is esp. true with VPNs since you're nesting one protocol inside another. If the VPN is using too big of an MTU, it can exceed the max MTU of 1500 and cause fragmentation.
  2. eibgrad

    redirecting VPN Server to VPN Fusion client

    Could you implement your own PBR? Technically, yes. But it's a bit complicated to set up and manage (it's more than one or two lines of coding). Even if you could, I'm not certain how easy it's going to be to manage *any* kind of scripting w/ the OEM firmware. Typically such capabilities are...
  3. eibgrad

    Unable to establish VPN connection to my PiVPN (ovpn) from my Asus RT-AC86U running Asuswrt-Merlin 386.14

    The syslog as presented doesn't provide much useful information. It just seems to be trying to connect and failing to reach the intended destination IP/port. Is the router (acting as the client) actually remote to the RPi (i.e., on a different private IP network), or on the same IP network...
  4. eibgrad

    redirecting VPN Server to VPN Fusion client

    Remember what I said about the routing system. It's NOT looking at the source IP, only the destination IP. That static route you added is tell the routing system how to route to the 172.16.0.0/16 network AS A DESTINATION! It's worthless because that IP network is the one on which the router is...
  5. eibgrad

    redirecting VPN Server to VPN Fusion client

    By default, the routing system only determines the routing based on the destination IP, NOT the source IP. IOW, it doesn't care how a packet got there, but only how to move it on to the next hop in its effort to get to the destination. In order to be routed based on the source IP, you need PBR...
  6. eibgrad

    redirecting VPN Server to VPN Fusion client

    I'm NOT a WG expert, but logically, in order to have the OpenVPN server's IP network routed over the WG client, the WG client must be serving as the default gateway. As I understand it, the Allowed IPs field is NOT based on the source IP (that will be NAT'd over the tunnel anyway), but the...
  7. eibgrad

    I think my ASUS router somehow "poisoned" my AT&T's fiber gateway...

    Thanks. I've never used such a thing, but based on what I'm hearing, I don't see the point, esp. if it's causing problems. Would be different if it was a true bridge, but otherwise, you're effectively in the same boat w/ a double NAT.
  8. eibgrad

    RT-AX88U - 3004.388.8_2 - SSH connection closed after few minutes from reboot

    What makes this so difficult is that the primary diagnostic tool is the very thing under investigation. I understand telnet is NOT secure, and so having it disabled/hidden by default is understandable. But removing it entirely leaves you w/ no viable options for a case such as this. AFAICT...
  9. eibgrad

    I think my ASUS router somehow "poisoned" my AT&T's fiber gateway...

    Then I assume it's just giving the "illusion" of a public IP on the router's WAN? If so, why bother if it's still double NAT'd?
  10. eibgrad

    I think my ASUS router somehow "poisoned" my AT&T's fiber gateway...

    I assume IP Passthrough is effectively placing the ISP router+modem into bridge mode. You don't *have* to use bridge mode. It's just preferred, since it passes the public IP to your WAN, and you avoid a double NAT situation. But for most ppl and situations, a double NAT is not usually a...
  11. eibgrad

    Routing rules for Dual WAN?

    The destination IP is only for those cases where you want that destination IP accessed via a specific WAN, for whatever reasons you might contrive (e.g., maybe you're uploading content to YouTube from a PC and one of the connections is dramatically faster on the upload side). Normally, you just...
  12. eibgrad

    Spicy Analyzer - can it determine WireGuard traffic shape?

    There are numerous resources on the web that explain DPI (Deep Packet Inspection). https://www.prodigitalweb.com/deep-packet-inspection-strategies/ It's an endless game of cat and mouse between those seeking security and privacy, vs. those with a need/desire to invade it. So I'm NOT...
  13. eibgrad

    [AC88U] How to connect 2 separated networks into 1 VLAN

    AFAIK, there is no VLAN support on the AC88U. In order to share/access resources between the two routers, you would need to route between them. That would require either a third router that was properly configured and patched via its LAN port to one router, and its WAN port to the other...
  14. eibgrad

    Question about DDNS forced update interval RT-AX86U

    AUTO on the DDNS page just means the router is using a self-signed certificate for accessing the router's GUI (the one referred to under Admin->System->Local). Ideally you want to use a certificate signed by a trusted CA, either one purchased from a commercial provider (e.g., DigiCert), or a...
  15. eibgrad

    Question about DDNS forced update interval RT-AX86U

    https://www.snbforums.com/threads/ddns-service-which-is-best.70125/post-661674
  16. eibgrad

    dedicated router for OpenVPN

    I would just create a firewall-start script containing the following: WAN_IF="$(ip route | awk '/^default/{print $NF}')" iptables -I FORWARD -i br+ -o $WAN_IF -j REJECT The following link shows how to create and install the firewall-start script. You just need to substitute the above rules...
  17. eibgrad

    [Help] Problems setting up OpenVPN

    If you have "Redirect internet traffic through tunnel" set to NO (which iirc, is the default), nothing will happen. You either have to use Yes(all) or the VPN Director (and some rules).
  18. eibgrad

    [Help] Problems setting up OpenVPN

    You do NOT want to use their up/down script(s). The router already manages the DNS configuration w/ its own scripts. That's why the GUI has the "Accept DNS configuration" setting.
  19. eibgrad

    [Help] Problems setting up OpenVPN

    Well that's a slightly different error message than before (unless you edited it). That appears to be an attempt to add an IPv6 address. Try adding the following to the custom config field. pull-filter ignore ifconfig-ipv6 pull-filter ignore route-ipv6 block-ipv6
  20. eibgrad

    dedicated router for OpenVPN

    It works as you describe it. The fact it's subordinate to another router upstream that YOU happen to control doesn't make it any different from the same configuration on the primary router. It all works the same. However... Many ppl don't find the built-in killswitch 100% reliable. It's...
Top