Search results
-
Z
SBS. Script for using sing-box on Asus routers with Merlin firmware.
No, this was the info I was looking for. So that's not it then. It's difficult to debug these things when there are different configs at play. When singbox to linux server lookup fails, can you still see the dns requests coming to your Linux server? Or do they never get there?- ZebMcKayhan
- Post #59
- Forum: Asuswrt-Merlin AddOns
-
Z
SBS. Script for using sing-box on Asus routers with Merlin firmware.
It may not at all be about how they are connected it could be device os and how fast they are to switch to alternative dns or methods perhaps. Or have you tested this? I wonder if we broke dns lookup from your Linux server when we set dns director global direction to linux server. Even the...- ZebMcKayhan
- Post #57
- Forum: Asuswrt-Merlin AddOns
-
Z
SBS. Script for using sing-box on Asus routers with Merlin firmware.
Yep, forgot the 'add', updated now. Looks good! It will make all specific routes, like routes to your lan, guest wifi, other interfaces you may have be accessible for who ever uses policy tables, but not prefix 0 (default route for unknown destinations like internet). It may have som drawbacks...- ZebMcKayhan
- Post #55
- Forum: Asuswrt-Merlin AddOns
-
Z
SBS. Script for using sing-box on Asus routers with Merlin firmware.
Your call. But it would be interesting to see if you execute at the prompt: ip rule add from all lookup main suppress_prefixlength 0 Then run ip rule And check so this rule ends up below the rule pointing to table local and above your custom rules. Usually script writers make scripts that...- ZebMcKayhan
- Post #52
- Forum: Asuswrt-Merlin AddOns
-
Z
SBS. Script for using sing-box on Asus routers with Merlin firmware.
No idea... doesn't seem like anything in the firewall preventing this. I don't know the inner working of singbox. Would it be aware that your lan ip suppose to go out locally and not sent over the tunnel? Perhaps you need to add your lan ip range to some singbox config file? One thought I had...- ZebMcKayhan
- Post #49
- Forum: Asuswrt-Merlin AddOns
-
Z
SBS. Script for using sing-box on Asus routers with Merlin firmware.
Great! While you are into using ipsets, you could handle routing using the same ipset, so an entry in the ipset takes care of both routing and dns. Routing cannot be done directly with ipset, but letting firewall mark matching packets, ip rule... could be setup for marked packets so end result...- ZebMcKayhan
- Post #47
- Forum: Asuswrt-Merlin AddOns
-
Z
SBS. Script for using sing-box on Asus routers with Merlin firmware.
That's a great idea! If I may propose to use hash:net instead... it would allow you to use cidr notation to cover entirely or parts of network. https://github.com/ZebMcKayhan/WireguardManager?tab=readme-ov-file#create-and-setup-ipsets Nope, only the firewall rules. The ipsets are left alone...- ZebMcKayhan
- Post #45
- Forum: Asuswrt-Merlin AddOns
-
Z
SBS. Script for using sing-box on Asus routers with Merlin firmware.
Wait, you advertise a local linux server as dns to your lan? This may be trouble as even though the data passes the router, lan to lan is not routed, it's switched. This means this data won't reach router firewall and our firewall rules will not do anything. If this is the case it's nothing you...- ZebMcKayhan
- Post #42
- Forum: Asuswrt-Merlin AddOns
-
Z
SBS. Script for using sing-box on Asus routers with Merlin firmware.
Nope, prerouting happens before that. You should be able to watch packet count by iptables -t nat -nvL PREROUTING and iptables -t nat -nvL SINGBOXDNS send some dns requests from this ip and run them again and see if the counter goes up. (Also you could post the output here so we can se they...- ZebMcKayhan
- Post #41
- Forum: Asuswrt-Merlin AddOns
-
Z
SBS. Script for using sing-box on Asus routers with Merlin firmware.
@Kyjiep please note I updated the rules as I found a typo (I wonder if copy-paste really saved anyone some time, really).- ZebMcKayhan
- Post #37
- Forum: Asuswrt-Merlin AddOns
-
Z
SBS. Script for using sing-box on Asus routers with Merlin firmware.
It's the name of the new firewall chain we are creating. It's more convenient to create a new chain (rule list) and have all udp and tcp port 53 to be sent to this new chain. Then simpler rules could be made in this chain since we know only dns requests come here. If we didn't do it like this...- ZebMcKayhan
- Post #36
- Forum: Asuswrt-Merlin AddOns
-
Z
SBS. Script for using sing-box on Asus routers with Merlin firmware.
It's the same, you just add the port to translate to: #create new chain and flush it iptables -t nat -N SINGBOXDNS iptables -t nat -F SINGBOXDNS 2>/dev/null #create record for dns to jump to this chain: iptables -t nat -I PREROUTING -p tcp -m tcp --dport 53 -j SINGBOXDNS iptables -t nat -I...- ZebMcKayhan
- Post #34
- Forum: Asuswrt-Merlin AddOns
-
Z
SBS. Script for using sing-box on Asus routers with Merlin firmware.
As I said, there can only be one instance on the router listening to port 53 (dns). I don't know how AGH does this, it may use a different port and have dnsmasq forward to this port (like Unbound)or it may also be that AGH disables dnsmasq dns and listens to port 53 itself. Anyhow, if you want...- ZebMcKayhan
- Post #32
- Forum: Asuswrt-Merlin AddOns
-
Z
SBS. Script for using sing-box on Asus routers with Merlin firmware.
Most certainly. What dns are your router telling your clients to use (LAN -> DHCP page)? Are you pushing router ip as dns to clients via dhcp? How are you testing this? Can you send dns requests to arbitrary dns from your client? You could always enable it and setup custom dns to whatever dns...- ZebMcKayhan
- Post #30
- Forum: Asuswrt-Merlin AddOns
-
Z
SBS. Script for using sing-box on Asus routers with Merlin firmware.
You are right, I haven't. Just trying to help. A router is abit different since it serves many devices and various systems are put in to prevent dnsleaks. Things any single device don't have to care about. Dnsdirector might prevent dns requests from being forwarded which may be a problem for...- ZebMcKayhan
- Post #28
- Forum: Asuswrt-Merlin AddOns
-
Z
SBS. Script for using sing-box on Asus routers with Merlin firmware.
Usually router itself uses "exclusive" mode, which means dns redirection via firewall rules. It could look something like this: #create new chain and flush it iptables -t nat -N SINGBOXDNS iptables -t nat -F SINGBOXDNS 2>/dev/null #create record for dns to jump to this chain: iptables -t nat...- ZebMcKayhan
- Post #26
- Forum: Asuswrt-Merlin AddOns
-
Z
Guide to using vpn with unbound dns?
Here is one way (or actually 2 ways) to do it: https://github.com/ZebMcKayhan/WireguardManager?tab=readme-ov-file#setup-transmission-andor-unbound-to-use-wg-client Atleast from unbound and onwards. It's written for wgm but it would work the same using vpndirector with ovpn. Note: you still need...- ZebMcKayhan
- Post #4
- Forum: Asuswrt-Merlin AddOns
-
Z
Wireguard Site to Site problem with clients
Care to explain what the issue was and how you resolved it? A picture of your vpndirector rules of r2 and r3 may help others....- ZebMcKayhan
- Post #12
- Forum: Asuswrt-Merlin
-
Z
Restart WireGuard client when fails
Great, good luck! And please share your script when you are done. I'm not sure the echo 2 > ... will persist after reboot. You may need to re-apply every time wg client starts in I.e. /jffs/scripts/wgclient-start- ZebMcKayhan
- Post #8
- Forum: Asuswrt-Merlin
-
Z
Wireguard Site to Site problem with clients
So this is actually a hub-and-spoke (star) topology where r1 is the hub. Well, one problem is that any roaming wg device will not be on r1 lan. So if you made everyone aware of respective lan only, this will be the outcome. But this is just speculations. To make it clear, the roaming device ip...- ZebMcKayhan
- Post #9
- Forum: Asuswrt-Merlin