What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Search results

  1. eibgrad

    YazFi Can't make Yazfi working with Wireguard

    As @bennor suggests, YazFi is no longer supported by the author. So use it at your own risk. Doesn't surprise me in the least it is increasingly subject to issues as the code grows stale over time.
  2. eibgrad

    AX88U surfshark active but not working

    That's it? No details at all? No logs? Absolutely nothing? We don't even know if it's OpenVPN or Wireguard. Or what YOU mean when describing it as active but not working. Do you mean it's *connected* but the VPN Director is NOT routing traffic as expected? BE SPECIFIC!
  3. eibgrad

    How to NAT traffic inbound to a specific host or network ?

    I'm not sure what you mean. Any port forward (added, changed, removed) only affects the VSERVER chain of the NAT table. iptables -t nat -vnL VSERVER But we added the nat rule to the POSTROUTING chain. iptables -t nat -vnL POSTROUTING I just tested it, and when I added a port forward, as...
  4. eibgrad

    How to NAT traffic inbound to a specific host or network ?

    You need to create a nat-start script, as explained in the following link. https://www.snbforums.com/threads/rt-ax86u-openvpn-adguard-home-no-internet-on-android.79467/#post-771219
  5. eibgrad

    How to NAT traffic inbound to a specific host or network ?

    This sounds like a site-to-site configuration. And in such cases, you normally do NOT NAT the tunnel in either direction. But in this case, you need to NAT the tunnel on the server side in order to force replies from mobile devices that reach the Keenetics router back through that same tunnel...
  6. eibgrad

    Do SSH change survive reboot?

    IIRC, ASUS routers used to have a facility where you could point to a script for execution on bootup. But that capability was removed several years ago for security reasons, leaving only third-party firmware as an option. Even if this was still possible, timing can become an issue. It may...
  7. eibgrad

    OVPN HMAC authentication switching from SHA1 to SHA256

    Merlin's comments about GCM are correct, but it has apparently created a misunderstanding as to what that actually means in practice. The decision to use or NOT use a GCM cipher has no bearing on whether you should enable/disable tls-auth. If you use a GCM cipher, and enable auth, the auth...
  8. eibgrad

    Add/Remove Port Forwards on a schedule

    Correct.
  9. eibgrad

    Add/Remove Port Forwards on a schedule

    You could create a nat-start script and add your own port forward(s) which includes its own scheduling using the time module. #!/bin/sh ext_ip="$(nvram get wan_ipaddr)" ext_port=3389 int_ip=192.168.1.100 int_port=3389 proto=tcp iptables -t nat -I PREROUTING -p $proto -d $ext_ip --dport...
  10. eibgrad

    OVPN HMAC authentication switching from SHA1 to SHA256

    No. auth and tls-auth are simply a means to encrypt and authenticate individual packets. The former is for data channel packets, the latter for control channel packets. They provide an *additional* layer of security. What's in those packets such as certs, keys, whatever, is of no concern...
  11. eibgrad

    Possibilities to trigger storage ejection remotely? (a more graceful hard shutdown/reboot)

    The mount command combined w/ a regular expression should be sufficient to determine if something is mounted. mount | grep -q '^/dev/sda1 ' && echo 'mounted' As far as end-users, it should be a simple matter to configure a local script (Windows or Linux) to execute a remote Linux script using...
  12. eibgrad

    Linksys EA9500 - Local DNS

    You could install a hosts file on your client machine(s). In fact, before there were DNS servers, that's how it was done (and that's exactly what you were effectively doing /w your prior router). Very crude, but for some circumstances, it may still be sufficient. But I don't see any way...
  13. eibgrad

    OVPN HMAC authentication switching from SHA1 to SHA256

    Options as described in the GUI typically use more descriptive naming than the underlying option as defined in the config file, for obvious reasons. And nothing says each side of the connection (client and server) necessarily will describe them the same. In this case, each side is using the...
  14. eibgrad

    RT-AX86U Pro killswitch

    I'm not exactly sure what you're saying here. If the internet goes down, then how can apps continue working (assuming by "working" you mean they have internet access). Or are claiming they *do* have internet access, but it's via the WAN? If the intent is to deny internet access to the WAN for...
  15. eibgrad

    Do SSH change survive reboot?

    https://www.asuswrt-merlin.net/
  16. eibgrad

    Redirect subdomains to ports

    There isn't a wealth of information on the SNB forums. You're better off relying on YT videos. But even there, some of them are outdated, and can thus be a bit confusing for initial setup (e.g., CF has moved/reconfigured parts of their own website). Most of the issue I mentioned in that other...
  17. eibgrad

    Redirect subdomains to ports

    You can either run it like any other executable, or configure it as a service. I do the latter by installing Entware, then creating and installing a service for it w/ the following script. #!/bin/sh # inspired by: https://www.snbforums.com/threads/cloudflared-tunnel-in-rt-ac68u.88902/ ( #...
  18. eibgrad

    Redirect subdomains to ports

    CF tunnel doesn't have to run on the servers themselves. You can establish it on the router, then route from the tunnel to the servers. I suppose the downside is it creates a single point of failure. But that's no worse than your port forwards having the same single point of failure.
  19. eibgrad

    Redirect subdomains to ports

    I suppose the simplest way would be to have the router multihomed (i.e., be assigned more than one public IP). But that aside, I think what *I* would do is NOT use nginx at all as a local proxy, but instead using something like CF (Cloudflare) tunnels. This avoids port forwarding completely...
  20. eibgrad

    Solved Openvpn client dns

    You might find the following helpful. https://www.snbforums.com/threads/how-to-monitor-dns-traffic-in-real-time.77151/ It's NOT clear exactly what you did to specify CF as your preferred DNS server(s). For one thing, the client can not *push* anything to itself. Only the server can push. If...
Back
Top