Menu
What's new
By:
Filters Better Search

Search results

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

  1. Z

    Wireguard Site to Site problem with clients

    Doesn't look like any firewall issues for any wgs1 client to be forwarded to any other wgs1 peer: admin@RT-AX86U_Pro:/tmp/home/root# iptables -nvL WGSF Chain WGSF (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * wgs1...
  2. Z

    PROBLEM, DNS Director AdGuard + VPN Wireguard

    Well, if I look at the firewall rules DNSDirector creates they are only applied for br+ interface devices. That would be your lan and guest wifi. Further firewall rules uses devices mac address to redirect specific mac addresses to selected dns service. When connecting into your router via...
  3. Z

    SBS. Script for using sing-box on Asus routers with Merlin firmware.

    Great job! And thanks for sharing! I saw that you managed to work around the deletion of routes when exiting the shell by letting the router system start it. Perhaps the up/down of the interface during shell exit is something you could feedback to whoever wrote this sing-box application?
  4. Z

    SBS. Script for using sing-box on Asus routers with Merlin firmware.

    You would just ping a moderator, like @thiggins and ask him to move the thread to the asuswrt-merlin addons section. I think this fits better there. It could be whatever you want it to be. If you choose to just leave it as it is, then that's great too!
  5. Z

    SBS. Script for using sing-box on Asus routers with Merlin firmware.

    I wouldn't think so. You could test this by adding some route manually, I.e ip route add 10.11.12.13 dev br0 table 222 Then log out and back in and check that it's still there. It is for me. More likely your sbtun interface goes down and up again, even so shortly. When an interface goes down...
  6. Z

    SBS. Script for using sing-box on Asus routers with Merlin firmware.

    Hmm, ok. weird... Now that I think of it, both fw and other vpn managers (like Wireguard Session Manager) Does not use default route in the policy tables. Instead they use 0.0.0.0/1 & 128.0.0.0/1. I wonder if that is the reason something like that happens?? What if you replace ip route add...
  7. Z

    SBS. Script for using sing-box on Asus routers with Merlin firmware.

    I would assume the route dissappears because the interface sbtun does not exist anymore? Could you confirm this using i.e "ifconfig sbtun"? Perhaps some more information relevant to merlin fw here https://www.snbforums.com/threads/struggling-to-write-a-non-killable-process.62455/post-556998
  8. Z

    SBS. Script for using sing-box on Asus routers with Merlin firmware.

    Probably your run command runs in the ssh console sessions and ends with the session. Some information here: https://askubuntu.com/questions/8653/how-to-keep-processes-running-after-ending-ssh-session The link proposes using nohup to prevent it from being killed with your session. Perhaps...
  9. Z

    SBS. Script for using sing-box on Asus routers with Merlin firmware.

    I understand, but it's a quite easy fix, just add it after adding the other rules so it gets added last: Like: for IP in $DEVICE_IPS; do echo "Adding routing rule for $IP..." ip rule add from $IP table $ROUTE_TABLE done ip rule add from all lookup main suppress_prefixlength...
  10. Z

    SBS. Script for using sing-box on Asus routers with Merlin firmware.

    I checked your script quickly and from what I understand it creates a new routing table with only a default route in it. Nothing else. Then points one IP to use this table. The problem I see is any local routes (I.e. to guest wifi or other stuff) will not be present in this table and even if it...
  11. Z

    SBS. Script for using sing-box on Asus routers with Merlin firmware.

    Routes are destination ip based, not source ip based. So if the ips you would like to access via sbtun interface are one or more unique confined ranges you could just add a route in the main route table. All lan could then access these ip/ranges via sbtun interface. If you plan on accessing I.e...
  12. Z

    IPv6 and Router Advertisement adding route to delegated /56 via WAN interface

    Depends. On other configuration I've seen it is the lan bridge interface (br0) that assigns itself an ipv6. Wan interface sometimes only has the link local address. I'm not sure about ppp, though. It should still work by using br0 ipv6 for external communication as well as internal if needed.
  13. Z

    PROBLEM, DNS Director AdGuard + VPN Wireguard

    Dnsdirector re-directs dns requests coming from your lan. Requests from wg server clients will not be. Pointing your wg server client to your router will only mean it will come into your router dns forwarder. Which means probably wan dns service. If that is not correct what dns service do you...
  14. Z

    PROBLEM, DNS Director AdGuard + VPN Wireguard

    Last time I checked DNSDirector was only for lan devices. As it's based on mac-addresses it wouldnt work for wireguard. Doesn't it work to change DNS in Wireguard client app?
  15. Z

    Solved What VPN Director rule should i use to be able to connect outside my home to my VPN provider?

    Try Localip: 10.6.0.2/32 Remoteip: leave blank Iface: wgc2 This covers a single server clients. Change localip to 10.6.0.0/24 for all server clients if needed.
  16. Z

    Solved AX86U & 2 wireguard connections

    You need to add rules in VPNDirector i.e which source should use which vpn tunnel. Or which destination ips should use which vpn. You can't send the same traffic to both tunnels
  17. Z

    Advance firewall rules

    I'm not sure that you can, but even if you can, for the iptables commands to be executed at boot they need to be in firewall-start. The firmware sometimes wipes all firewall rules and rebuilds them, in these cases these also needs to be re-applied which happens in firewall-start. The firewall...
  18. Z

    Advance firewall rules

    I'm not sure that is the right way to go, but I like the idea. I would also like the source and destination interfaces as free-text unless selectable from drop down list. I would assume the webpage somehow gets the info into nvram but this is sparse. I would also assume some firewall.c file to...
  19. Z

    Release Asuswrt-Merlin 3004.388.7 is now available

    Yes, but it's not that simple, I.e. https://blogs.infoblox.com/ipv6-coe/ula-is-broken-in-dual-stack-networks/
  20. Z

    Release Asuswrt-Merlin 3004.388.7 is now available

    I'm not sure it would be appropriate for the router to suddenly announce ipv6 to lan unless you have enabled ipv6 in the gui. Furthermore the ipv6 you get in a Wireguard config is just a single ip, not a subnet to announce to your lan. Even if it was a subnet, it's a ULA address, your LAN...
Top