Menu
What's new
By:
Filters Better Search

Search results

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

  1. Z

    Proton Wireguard Client Question

    In merlin fw, for wireguard, you need to add rules in VPN Director what parts of your lan should use the VPN and which do not. For reference, here is my rules: It is likely that we don't have the same lan address, so you cannot simply copy my rules. After you imported your wg client and...
  2. Z

    Wireguard on Asus: Can only see router, not LAN Devices!

    I'm sorry, I'm not reading you correctly, I don't understand what you mean. Sure it could, but that is one reason to test the vpn config file on another device while connected to your lan. If it works then it should work on your router to. So, does this mean you have tested this config file on...
  3. Z

    Wireguard on Asus: Can only see router, not LAN Devices!

    It's difficult to see if something is wrong through the obfuscation. However, this line indicates that there is really no one on the other end. I would say that it's probably a case of bad config file. I've heard reports from user saying they have to generate several config files before finding...
  4. Z

    Wireguard on Asus: Can only see router, not LAN Devices!

    This is not the same problem. Wireguard fails to make the initial connection or fails to generate a valid config. Either generate a new config from your supplier and import or something goes wrong during the import. Please post a picture of how the client looks like (endpoint, AllowedIPs et.c)...
  5. Z

    Wireguard on Asus: Can only see router, not LAN Devices!

    AllowedIPs is a directive on each side of the tunnel that should represent destination ip addresses allowed over the tunnel. It is also used for routing normally. AllowedIPs (server) should normally only contain the clients ip as that is the only destination on the other side of the tunnel from...
  6. Z

    How to allow incoming WAN connections for WireGuard clients?

    Great! Yes, this is probably a better way if you can get it to work. If you end up going back for some reason, this is what I was thinking could be done on the router: #mark new packets incoming on wan: WAN_IF=$(ip route | awk '/^default/{print $NF}') iptables -t mangle -I PREROUTING -i...
  7. Z

    How to allow incoming WAN connections for WireGuard clients?

    There are several things that would prevent this from working. Rp_filter is one thing, general routing another. There is no way I am aware of to make this work in the gui, one must create the nessisary firewall rules and routing rules manually. I'm guessing you are using port forward to...
  8. Z

    Wireguard on Asuswrt-Merlin

    There is an addon to be able to run Wireguard on this router, as the router kernel is sufficiently new on this model but as it's not an AX- model Asus never bumped this router onto 388 code base. In order to get this Addon installed you would need to get an usb drive plugged into your router...
  9. Z

    Bugs in WireGuard config UI

    yep, I did it when I wrote the post linked above and it worked without issues. I have even created new peers that could connect via ipv6 which works without issues. The fact that we have the ability to update the keys and even put Endpoint directive in the server peer means this router is now...
  10. Z

    Bugs in WireGuard config UI

    yes, you are correct, I missed that. that makes no sense at all (which is probably why I read it backwards). the router does not use its own public key, neither clients private key. they are only there as a reference when generating client config files. each instance in a wireguard setup...
  11. Z

    Bugs in WireGuard config UI

    Just a Note, if you choose to only update WGS1 Private Key and WGS1_cX Public Key, which indeed is enough to make old clients connect again, you will never be able to make any new devices to this server as WGS1 private and public key are not related anymore. These keys are created as pairs and...
  12. Z

    Wireguard Wireguard Client Help

    That's horrible speeds! I've heard of some ISPs doing Deep Packet Inspection (DPI) which supposedly impacts WG speeds quite badly but this is all second hand information. If you monitor processor usage in the gui when running the speed test I bet you hardly see any difference. Your router will...
  13. Z

    Wireguard Wireguard Client Help

    I dont think that the issue is with your router, probably with your VPN supplier. you can try to use wgm to restart wg11 and see if you get a different endpoint ip and hopefully get to a server that are less crowded. When I had an AC86U router just as you, I continuously got 240Mbit/s over...
  14. Z

    Wireguard Wireguard Client Help

    ok, Great! This have really got me stumped! not sure what happened there, I have never saw "ip" fail in such sense. perhaps routing cache or something... my next suggestion was to reboot the router which would probably have solved it as well. regarding diversion...
  15. Z

    Bugs in WireGuard config UI

    The keys exists as nvram variables and could be updated via ssh: https://www.snbforums.com/threads/wireguard-server-tweaks.85758/post-852124 The file you found are only latest generated client configs. If you update the keys you might need to hit apply or something under each peer for it to...
  16. Z

    Wireguard Wireguard Client Help

    Aha, so there is an issue somewhere... I've never seen this before. I'll look into it tomorrow
  17. Z

    Wireguard Wireguard Client Help

    What do you get from: ip route get 172.217.21.174 from 192.168.1.182 iif br0 Are your added rules still there? ip rule
  18. Z

    Wireguard Wireguard Client Help

    Well, you could always try to add rules to ip manually. Try, directly at the prompt, not in wgm/amtm, one by one: ip rule add from 192.168.1.64/26 lookup 121 prio 9912 ip rule add from 192.168.1.32/27 lookup 121 prio 9913 ip rule add from 192.168.1.16/28 lookup 121 prio 9914 ip rule add from...
  19. Z

    Wireguard Wireguard Client Help

    This is what is making the difference. 192.168.1.1/24 = 192.168.1.0 - 192.168.1.255 And we use 4 rules to cover 192.168.1.128/25 = 192.168.1.128 - 192.168.1.255 192.168.1.64/26 = 192.168.1.64 - 192.168.1.127 192.168.1.32/27 = 192.168.1.32 - 192.168.1.63 192.168.1.16/28 = 192.168.1.16 -...
  20. Z

    Wireguard Wireguard Client Help

    This is unbelievable... just to make sure something have not happened since last time: ip rule
Top