Menu
What's new
By:
Filters Better Search

Search results

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

  1. E

    [Dev] Asuswrt-Merlin 388.1 development

    A kill switch in its simplest form is just an iptables rule which blocks FORWARD traffic going out of the WAN and as such is always possible. After routing is setup for WireGuard this rule can be adjusted if needed. I agree you do not need it as bad as you need it for OpenVPN but there sure is a...
  2. E

    [Dev] Asuswrt-Merlin 388.1 development

    See: https://www.snbforums.com/threads/dev-asuswrt-merlin-388-1-development.81087/post-797416
  3. E

    Need run Openvpn client config with TLS 1.2+Stealth (Scramble)

    StrongVPN also has the ability to use the scramble option. As far as I know to use the scramble option your OpenVPN client has to be compiled with the scramble patch, this is not standard OpenVPN. So either you have to compile yourself or ask RMerlin to do that or use other software which has...
  4. E

    [Dev] Asuswrt-Merlin 388.1 development

    It depends a bit on the implementation if the router is up and after that the tunnel starts you can have a window where traffic escapes through the WAN before the tunnel is up, and if there is an error in the WG setup the tunnel might not function at all. So although you do not need a kill...
  5. E

    [Dev] Asuswrt-Merlin 388.1 development

    Yes it looks like it: root@Asus-AC68:~# uname -r 4.4.302-st25 root@Asus-AC68:~# root@Asus-AC68:~# lsmod | grep -E 'wireguard|ctf' wireguard 71536 0 ip6_udp_tunnel 1431 1 wireguard udp_tunnel 1699 1 wireguard ipv6 302044 56...
  6. E

    [Dev] Asuswrt-Merlin 388.1 development

    No it is a kernel space implementation that is why the speed is triple that of OpenVPN. I know WireGuard does not work on Kernel 2.6 but these routers are using Kernel 4.4 so they are also using an upgraded CTF.ko module for Kernel 4.4. maybe that is compatible with WireGuard?
  7. E

    [Dev] Asuswrt-Merlin 388.1 development

    Because I needed the extra speed of Wireguard I had to revert to running DDWRT on my router (Asus AC68 and very happy to hear Wireguard is coming to AsusWRT-Merlin ), maybe DDWRT uses another Hardware NAT acceleration but as far as I know it is the broadcom CTF.ko module and that works together...
  8. E

    [Dev] Asuswrt-Merlin 388.1 development

    WireGuard also runs very good on older kernels with Wireguard Compat, it is the reason I switched one of my routers to DDWRT which already has Wireguard natively implemented from the beginning which tripled my speed compared to OpenVPN. So it will be a big plus (and long overdue) if Asus and...
  9. E

    Linux kernel WiFi stack vulnerabilities

    Linux Kernel maintainers are backporting fixes but only to 4.9 as that is the earliest version still supported. 4.4 is on SLTS (super long term support) so should get vulnerability fixes. But I am sure Asus or Broadcom will backport if necessary
  10. E

    Wireguard and NordVPN?

    Because I needed better speed than the 35 Mb/s my Asus AC68U did on OpenVPN, I unfortunately had to switch to other third party firmware to use WireGuard about a year ago, it tripled my speed and with that other third party firmware you could have CTF+FA (hardware NAT) enabled while using...
  11. E

    Howto connect DD-WRT OpenVPN client to Asus Merlin OpenVPN server

    DDWRT has a client import utility so basically just import the conf file
  12. E

    [Dev] Asuswrt-Merlin 388.1 development

    A kill switch might be somewhat useful if the tunnel is not brought up after a reboot. Failover/watchdog is useful and not very difficult to implement , you can always borrow it from other third party firmwares ;)
  13. E

    Firewall rules not working for one specific DNS

    That is why you should consider using IPSET with cloudfare-dns.com to get all the Cloudfare DNS servers blocked
  14. E

    [Dev] Asuswrt-Merlin 388.1 development

    My router goes from 35 Mb/s OpenVPN to 105 Mb/s on WireGuard measured with iperf3, dual core 800 MHz ARM A9 (e.g. Asus AC68)
  15. E

    [Dev] Asuswrt-Merlin 388.1 development

    About WireGuard, it is usually three times as fast as OpenVPN, very easy to setup, very robust and supported by most VPN providers nowadays (with some tricks you can use NordVPN). I have a DDWRT router which runs WireGuard and that has CTF+FA enabled (which is the DDWRT Hardware flow...
  16. E

    Firewall rules not working for one specific DNS

    Cloudfare probably has a lot more DNS servers then the usual IP addresses. Some browser might simply use cloudfare-dns.com and then use a regional IP address for DNS server. I use IPSET for DoH blocking but even then you cannot be 100% sure
  17. E

    OpenVpn issue need help

    There are also VPN providers who have VPN clients which can obfuscate/scramble the traffic and can bypass the China GFW (obfuscate is an OpenVPN add-on) https://support.strongvpn.com/hc/en-us/articles/360034090394-About-the-Scramble-feature-in-StrongVPN DDWRT has it added to the OpenVPN
  18. E

    Is this something to worry about?

    Security issue in uClibc: https://arstechnica.com/information-technology/2022/05/gear-from-netgear-linksys-and-200-others-has-unpatched-dns-poisoning-flaw/ Is this something to worry about?
View older results
Top