Menu
What's new
By:
Filters Better Search

Search results

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

  1. HELLO_wORLD

    What’s the next router to consider?

    The best logic I believe is when possible separate routing from AP, particularly with new meshed designs that removes the principle of one central AP. My R7800 was powerful enough for gigabit traffic (and by enough, I mean with a large margin), but when I added a GRE tunnel to the equation, it...
  2. HELLO_wORLD

    Aegis Aegis 1.7.x

    It is quite common that GitHub ends up in these blocklists for a while, until someone reports it to the curators and it is ok again until next time. I am not sure why, but I noticed that it happened several times over the years. Best advice is to whitelist it and you won't ever be bothered...
  3. HELLO_wORLD

    Device vpn and router bypass

    Very likely, the VPN app on your laptop is forcing to use the VPN DNS, but this it is not the case on the router! All DNS requests are still using the default DNS outside of the VPN! You would need to either set up the router DNS to the VPN one or force all DNS traffic to use the VPN one with...
  4. HELLO_wORLD

    Device vpn and router bypass

    I will add to the excellent answer from @R. Gerrits that on this part: vpn server <-unencrypted over internet-> to destination, the IP that the destination sees is the one from the VPN server, and not your public IP (provided by your ISP), nor the IP of your laptop on the LAN. of course, the...
  5. HELLO_wORLD

    Aegis Aegis 1.7.x

    Just passing by, and I am not forgetting any of you :) Wishing you a Happy and Healthy New Year 2023. I am not working on Aegis anymore for Netgear routers, as it is mature and working fine as it is now. I am experimenting with an Aegis on OpenWrt 22.03 based on nftables (what a change from...
  6. HELLO_wORLD

    Buildable version of R7800 Voxel firmware

    Exactly. OpenWrt is not fully accelerated for R7800 while Voxel is ;)
  7. HELLO_wORLD

    Voxel Set custom DNS for a device IP?

    Short answer: yes! I don’t have the time right now to detail, but you can achieve this with iptables rules. Do some research on internet and this specific forum, you will find good starting points.
  8. HELLO_wORLD

    Aegis Aegis 1.7.x

    Hi, It is blacklisting anything you want, from either (or/and) lists of IPs, IP ranges that they are from a remote list published on internet or your own custom list. It comes with some default lists (all can be seen as it is open source), that blocks known spammers, hackers and bogon IPs, but...
  9. HELLO_wORLD

    Voxel Best tunnel for R7800 (HW acceleration, perfs…)

    Ok, the verdict: 1) with NSS ON Speedtest through WAN via a LAN device (using ethernet) Speedtest by Ookla Server: LaFibre.info BBR - Massy (id: 2231) ISP: K-NET SARL Idle Latency: 28.43 ms (jitter: 0.12ms, low: 28.40ms, high: 28.61ms) Download: 967.16 Mbps (data...
  10. HELLO_wORLD

    Voxel Best tunnel for R7800 (HW acceleration, perfs…)

    Very simple indeed! Thank you. I will try this likely tomorrow (when the family is not too awake). It will be interesting to see if it changes anything about this problem.
  11. HELLO_wORLD

    Voxel Best tunnel for R7800 (HW acceleration, perfs…)

    Anyone knows how to disable nss temporarily, or to force some packets/interface to not use it? The LAN device I am trying the tunnel with is on ath0 (Wifi), so ethtool would not be helpful.
  12. HELLO_wORLD

    Voxel Best tunnel for R7800 (HW acceleration, perfs…)

    nftables is interesting indeed. I avoided it since it is not supported in the R7800, but now I will likely learn it (it will take some adjustment since I am used to ebtables and iptables a lot). The offload flow bypass is interesting, but I don't have much control on it, and the kernel in the...
  13. HELLO_wORLD

    Voxel Best tunnel for R7800 (HW acceleration, perfs…)

    I just ordered this (from another place): https://www.lavarma.com/soft-router/21105-intel-celeron-n5105-n5095-soft-router-fanless-mini-pc-4x-intel-i225-2-5g-lan-hdmi-dp-pfsense-firewall-appliance-esxi-aes-ni.html#/28333-plugs_type-us/28340-bundle-celeron_n5105/28334-color-16gb_ddr4_256gb_nvme...
  14. HELLO_wORLD

    Voxel Best tunnel for R7800 (HW acceleration, perfs…)

    MTU: I do nothing, it is what it is 1500 ethernet, 1476 GRE tunnel. If I don't clamp the MSS, then the packets are being fragmented by the router, and the connection becomes extremely slow. So I need to clamp it ether manually to 1436 (or less), or automatically with -j TCPMSS...
  15. HELLO_wORLD

    Voxel Best tunnel for R7800 (HW acceleration, perfs…)

    MW0 root@HERMES:~$ tcpdump -i mw0 -tnn net 151.101.0.0/16 tcpdump: verbose output suppressed, use -v[v]... for full protocol decode listening on mw0, link-type LINUX_SLL (Linux cooked v1), snapshot length 262144 bytes IP TUN_PUB_IP.49702 > 151.101.65.69.443: Flags [S], seq 349707654, win 65535...
  16. HELLO_wORLD

    Voxel Best tunnel for R7800 (HW acceleration, perfs…)

    BR0 root@HERMES:~$ tcpdump -i br0 -tnn net 151.101.0.0/16 tcpdump: verbose output suppressed, use -v[v]... for full protocol decode listening on br0, link-type EN10MB (Ethernet), snapshot length 262144 bytes IP 192.168.0.7.49702 > 151.101.65.69.443: Flags [S], seq 349707654, win 65535, options...
  17. HELLO_wORLD

    Voxel Best tunnel for R7800 (HW acceleration, perfs…)

    Now, I did a little experiment to check what is going on with the packets… I tried to access the site from one device on the LAN (192.168.0.7), and I ran simultaneously tcpdump on the device, and on br0 and mw0 on the router. Here are the results: LAN DEVICE: LAN_DEVICE ~ % tcpdump -i en0 -tnn...
  18. HELLO_wORLD

    Voxel Best tunnel for R7800 (HW acceleration, perfs…)

    It should not hit the FORWARD chain when I do it from the router but as you rightfully say the INPUT/OUTPUT ones. I did have the TCPMSS rules for INPUT and OUTPUT before. I just put them back: iptables -t mangle -w -I OUTPUT -o mw0 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1436 iptables...
  19. HELLO_wORLD

    Voxel Best tunnel for R7800 (HW acceleration, perfs…)

    From my ISP connection: « SpeedGuide.net TCP Analyzer Results » Tested on: 2022.08.09 06:39 IP address: 2.59.xxx.xxx Client OS/browser: Mac OS (Safari 15.5) TCP options string: 020405b4010303060101080a6b87bae80000000004020000 MSS: 1460 MTU: 1500 TCP Window: 131712 (not multiple of MSS) RWIN...
  20. HELLO_wORLD

    Voxel Best tunnel for R7800 (HW acceleration, perfs…)

    I will look into that tomorrow (it is late here in France…) thank you! I agree the problem is a routing one, since the curl through the tunnel from the router is ok, but not from the LAN device (for which the router is forwarding to the tunnel). Now, at this point, I spent hours trying to...
Top