Menu
What's new
By:
Filters Better Search

Search results

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

  1. eibgrad

    Openvpn client dns

    You might find the following helpful. https://www.snbforums.com/threads/how-to-monitor-dns-traffic-in-real-time.77151/ It's NOT clear exactly what you did to specify CF as your preferred DNS server(s). For one thing, the client can not *push* anything to itself. Only the server can push. If...
  2. eibgrad

    Please help me diagnose knotty routing problem

    Dealing w/ hostnames and local name resolution when it comes to DNSMasq can be very tricky. Things don't always work as expected. What I recommend is you following the advice I can to someone else regarding the proper configuration of DHCP, static leases, and DNS...
  3. eibgrad

    Issue with openVPN port forward in ASUS ac88u

    I can't make heads or tails of the OP's specific details here. They make no sense. For example, "I forwarded 1194 port to 10.10.10.1 (vpn ip address)". Huh? Port 1194 is presumably the port on which the OpenVPN server is listening for connection requests by remote OpenVPN clients, and...
  4. eibgrad

    Cannot bind IP - "This entry already exists."

    By reconfiguring DHCP as suggested. This should NOT require a total reset of the router. Just make sure to delete an DHCP reservations you may have created in the GUI. I don't believe any active leases will be preserved across a reboot. Upon reboot, as long as you have your devices NOT using...
  5. eibgrad

    [ 3004_388.8_3 Build(s) ] available build(s)

    The kill switch implementation has changed so many times, it's NOT even consistently implemented across the 386 and 388 builds. So trying to keep track of it anymore is a lesson in frustration. All I can recommend is using my firewall script, which I wrote quite some time ago to sidestep the...
  6. eibgrad

    Cannot bind IP - "This entry already exists."

    The reason I suggested what I did is to NOT have to deal w/ these kinds of problems. You avoid conflicts if you centralize management using DHCP, and ideally, using your own directives. It's crazy to be manually configuring 131 individual devices! That's how you end up in the situation you're...
  7. eibgrad

    Cannot bind IP - "This entry already exists."

    I assign almost everything via DHCP, both dynamic and static leases. It just makes it a lot easier to manage. And I *never* use the GUI. It's tedious, limited in how many static leases you can create, limited to only one (1) MAC address per device, and a pain to migrate to new firmware during...
  8. eibgrad

    Disable Intranet access for a LAN port (not the WiFi Guest network)?

    Unfortunately, my experience is primarily w/ Merlin, FT, and DD-WRT. With Merlin (or ASUS OEM), all you really need is to use the NSF (Network Services Filter). The following DD-WRT example is typical. https://pastebin.com/1df1XsuK It specifically blocks access to the immediate upstream...
  9. eibgrad

    Disable Intranet access for a LAN port (not the WiFi Guest network)?

    If you have a separate OpenWRT (or even DD-WRT, FreshTomato, or Merlin) router, you don't need to do anything on the primary router AT ALL! Just connect the WAN of the secondary router to a LAN port on the primary router. By definition, the LAN behind that secondary router *is* another VLAN...
  10. eibgrad

    in-addr.arpa: NXDOMAIN

    It just means there's no known domain name associated w/ that public IP address. Nothing requires ALL public IPs to be associated w/ a domain name. So getting NXDOMAIN as a result is NOT really an error. If it bothers you, you can simply ignore it as follows. nslookup 17.0.168.192 2>/dev/null
  11. eibgrad

    Tailscale and Asus Merlin Router

    Perhaps those device/apps are NOT listening on the Tailscale network interface, and/or there are personal firewall issues. We know the connectivity and routing works since ping works.
  12. eibgrad

    Tailscale and Asus Merlin Router

    If you want to access something w/ a Tailscale IP, that device has to be running Tailscale itself. But more typically, you only enable Tailscale on the router, then use it as a gateway to your other devices based on their local IPs.
  13. eibgrad

    Accessing remotly Server While Using VPN on Asus Router with Merlin Firmware

    Irrespective of your particular issue in this thread, and in general, we do NOT recommend accessing services directly over the WAN, but instead using a VPN (e.g., OpenVPN server). That has alway been a major concern since you're now relying solely on the target of that remote access to protect...
  14. eibgrad

    Accessing remotly Server While Using VPN on Asus Router with Merlin Firmware

    When you specify the Remote IP w/ the VPN director, you are effectively creating a static route that binds that IP to the WAN, which is what I originally suggested as a workaround. And as I indicated, this assumes you KNOW what that IP will be. IOW, when the remote access occurs over the WAN...
  15. eibgrad

    Accessing remotly Server While Using VPN on Asus Router with Merlin Firmware

    Sorry, I don't understand what you're trying to say. As long as any given LAN device is NOT bound to the VPN, it will remain accessible via the WAN. If that's what you've effectively done (which is what I originally suggested), then yes, that device will be reachable over the WAN.
  16. eibgrad

    Solved "Block internet access" does nothing

    Any blocking based on MAC address is a lot less effective these days due to more and more devices using MAC randomization to continually change the MAC address of clients. That wasn't even a thing until a few years ago. I think Apple started it, and others have followed suit. It's just the...
  17. eibgrad

    Accessing remotly Server While Using VPN on Asus Router with Merlin Firmware

    You're comparing apples to oranges. I can't speak to the issue of WG since I don't know how it's actually configured on that or any other router. I can only speak to the issue of OpenVPN client as you originally described it. The only legitimate comparison at the moment is the use of OpenVPN...
  18. eibgrad

    Accessing remotly Server While Using VPN on Asus Router with Merlin Firmware

    Any device bound to the VPN is NOT accessible over the WAN because of reverse-path filtering, which requires inbound traffic (such as that coming from remote access) to exit through the same network interface. IOW, you can't create a situation of WAN in/VPN out, or vice versa. It has to be WAN...
  19. eibgrad

    VLAN question

    I don't have access to this new feature, but just speaking logically … The untagged VLAN is typically considered the default. And by definition, there can only be one. Doesn't mean you can't tag it if you wish, but normally it is NOT. Most any VLAN utility is well aware of the above, so I...
  20. eibgrad

    RDP across AIMesh Nodes?

    Does the problem only affect RDP specifically, or anything at all (e.g., ping)?
Top