What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Search results

  1. Z

    Wireguard Connecting via IPv6

    Depending on what client you have and which app you are using perhaps there is a setting there somewhere?? No, as this is not related to peer ipv4/ipv6, it's about the udp tunnel. The tunnel is always over ipv4 OR ipv6, never both. It's always the client that chooses if the tunnel is over ipv4...
  2. Z

    Cannot access lan on AX-86U through Hub and Spoke wireguard

    Yes! No, there is no option for that. 10.0.0.x will directly contact your server as is. Its typical for Windows to only allow local ips unless specifically opened up for other ips. You will need to allow 10.0.0.0/24 in the Windows firewall.
  3. Z

    Cannot access lan on AX-86U through Hub and Spoke wireguard

    What do you mean with switched wan? The server needs to allow connections from wg network.perhaps its already done, but check? can you trace to asus router lan ip 192.168.3.1? Can you give me all AllowedIPs on all devices and I could take a look if something is wrong.
  4. Z

    Wireguard Connecting via IPv6

    It would be up to the client trying to connect if should use ipv4 or ipv6. If its trying to use ipv4 and it does not work Im not too sure it will try with ipv6 as Wireguard doesnt have any active connection tracking. I have created a ddns with only ipv6 in it and no ipv4 to force ipv6 usage.
  5. Z

    Cannot access lan on AX-86U through Hub and Spoke wireguard

    Ah, ok. So its not a site-2site? Just some clients connecting to the vps and want to reach your server on lan? So you should set Inbound firewall=allow Nat=no Keeping allowedIPs on asus router 10.0.0.0/24 should be fine. On the vps peer asus router connects to should have AllowedIP...
  6. Z

    Cannot access lan on AX-86U through Hub and Spoke wireguard

    Its tricky without knowing all the details. You will need to provide all ips involved in this. Your issue is probably in AllowedIPs somewhere. It usually is. I can see a server ip, 192.168.3.46, is that an ip on a remote lan also connecting into the vps? I can see the Wireguard subnet...
  7. Z

    Wireguard Connecting via IPv6

    No, I meant on the client device. As you cant make the handshake, your device is likely not reaching the router. Local wg ip hasnt come into play yet. thats no cgnat address, so what have changed? I did see your other posts and it looks like your back on public ipv4?
  8. Z

    Wireguard Connecting via IPv6

    If the handshake fails then the tunnel does not work on a lower level. How are you setting the endpoint in your client? Are you using ipv6 as it is? Br0 ipv6 or wan iov6? Or are you using ddns, and if so, how do you know its trying to use ipv6). Iirc i did setup wgm for direct connection using...
  9. Z

    Cannot access lan on AX-86U through Hub and Spoke wireguard

    The setting you are looking for is called: Inbound firewall. You should set it to allow. You also need to setup vpndirector rules. For reference, here is my setup, which initially used an addon for witrguard...
  10. Z

    Wireguard server not using DNS settings that are defined in WAN settings

    Great! Note that it must be in /jffs/scripts for it to be executed by firmware when rebuilding the nat table.
  11. Z

    Wireguard server not using DNS settings that are defined in WAN settings

    This really is a client issue if its not respecting wg dns. But if this is the way to solve I dont see a problem with it. If you want your rules to persist you could put them in the appropriate hook script, nat-start: https://github.com/RMerl/asuswrt-merlin.ng/wiki/User-scripts#nat-start It...
  12. Z

    Wireguard Wireguard Server - Backup/Restore/Migrate

    I just used this script when updating my RT-AX86U PRO from 388.8_4 to 3006.102.6 and it was successful. I removed my USB drive before updating. updated the FW and did a factory reset. did the basic setup manually and replugged my USB drive. when downloading and running the script again there...
  13. Z

    Solved Please help access my network resources from outside (VPN Cascading and IP Masquarading)

    if you add 10.6.0.1 to the allowedip list as "192.168.1.0/24, 10.6.0.1/32" then you should be able to use dns as 10.6.0.1 and have dns lookup by your router, potentially benefit if you are using domain names (or running Diversion or AGH or whatnot).
  14. Z

    Solved Please help access my network resources from outside (VPN Cascading and IP Masquarading)

    Sure, but this is something you control in the client app. Just edit the tunnel in your android app and change AllowedIPs to only 192.168.1.0/24 and remove the current 0.0.0.0/0 (all ips). (Edit: you may also need to add 10.6.0.1 to allowedIps if thats the dns you are using. Separate with ...
  15. Z

    Solved Please help access my network resources from outside (VPN Cascading and IP Masquarading)

    Glad it worked for you! but thats troublesome indeed. It means that Wireguard is bound to lan ip, which it wasnt before. We will probably see more of these reports. Since some of the later 388 fw this is taken care of "behind the scenes" in the fw. However that rule is not a bad idea, it may...
  16. Z

    Solved Please help access my network resources from outside (VPN Cascading and IP Masquarading)

    Ooh, I completally missed your picture about wg handshake not working. So the tunnel breakes on a lower level. I wonder if something have changed in fw recently. What if you follow @CaptainSTX advice and add a vpn director rule for Local IP: 192.168.1.1/32 Remote IP: leave blank Interface Wan...
  17. Z

    Solved Please help access my network resources from outside (VPN Cascading and IP Masquarading)

    Thats not how I would have done the rules, but I cant see why it would muck up your server clients internet connection. That is if routing is setup as in 388 fw. Could it be dns issue? Could you test to ping an ip, like 142.250.74.110 (google.com for me) from your server clients when internet...
  18. Z

    Solved Please help access my network resources from outside (VPN Cascading and IP Masquarading)

    Please share a picture of your VPNDirector rules when you have the vpn client running and things are not working. This should be possible, im running a similar setup without issues, altough im still on 388 fw for now.
  19. Z

    Skynet Skynet v8 - Router Firewall & Security Enhancements

    I dont see how this could be linked to skynet, sound likewgm fails to prepare the config file properly for some reason. I.e unexpected arguments like the interface address would make it fail to start. Did you try to reboot to clear out possible remnants?
  20. Z

    Wireguard server not using DNS settings that are defined in WAN settings

    You could try redirecting dns requests from Wireguard network, similar to what dnsdirector does, but using ip. If you execute these 2 commands in router ssh: iptables -t nat -I PREROUTING -s 10.6.0.0/24 -p tcp -m tcp --dport 53 -j DNAT --to-destination 192.168.1.199 iptables -t nat -I...
Back
Top