Search results

Nope, there wouldnt be a point to. Server routes all end up in main route table together with WAN internet. You fix this with AllowedIPs. Ok... what type of client site device are you trying to reach? On the wg client, did you set Inbound Firewall to Allow? And Enable NAT to No? Those are...

Yea, that could be trouble. By adding the server own lan into AllowedIPs(server) you are creating a routing conflict that could mess things up. AllowedIP(server) should contain destination ips that is reached over the tunnel, never ips local on the server side. So it should be 10.6.0.2/32...

You dont/cant. Site-2-site is generally for connecting 2 lans and its typically used for lan2lan and not internet data. On the server side you control which destinations that should be sent over the tunnel from the server side perspective with AllowedIPs (server) (under advanced site-2-site...

There is an issue with allowedIPs on both sides. If both routers shares a wireguard network they also share Wireguard ip range. In such case one could divide the wireguard ip in 2 ranges, for example: 10.6.0.1/25 = siteA+clients 10.6.0.128/25= siteB+clients. so site A have ip 10.6.0.1 and...

One way is to write 'vx' in unbound manager CLI. It will prompt for restart unbound after to apply your changes.

The bypass was designed by Asus/Broadcom and likely to match VPNFusion. @RMerlin ported this to the more capable VPNDirector but the options are limited. You simply add source ip to bypass to a file admin@RT-AX86U_Pro-BBC8:/tmp/home/root# cat /proc/blog/skip_wireguard_network 192.168.100.128/25...

Not really a router addon, but just in case anyone is interested: https://github.com/ZebMcKayhan/SIA-Server If anyone here is using Honeywell Galaxy alarms you may be interested to know that the public notification service (via GX remote control app) ends on 1st of April. This is something you...

Hmm ok... the /1 means you only include half the internet (0.0.0.0 - 127.255.255.255). Are you using the VPS to connect to router wg server and relay clients? Here is how I did it https://github.com/ZebMcKayhan/WireguardManager?tab=readme-ov-file#setup-private-server-via-cloud-server (You need...

I have had issues in my setup and the problem was that the router gives an ipv4/ipv6 to the client, so the client thinks it have both. In my case ipv6 was not working which caused issues. In your case ipv6 may work but through wan and not vpn, so from a different city/country. This is what I...

The only thing that comes into mind is perhaps ipv6 issues. Do you have ipv6 enabled on the router?

There are no such option in the gui. I belive this is possible using the VPNMON addon, have a look: https://www.snbforums.com/threads/vpnmon-r3-v1-8-3-jan-17-2026-monitor-openvpn-wireguard-wan-dual-wan-health-random-reset-multiple-connections-available-in-amtm.95416/post-965374

That is one of the reasons I like ntfy.sh. you dont even need to register at all, not even give them your email address. Just open the app and subscribe to a channel of your own name and it just works. All public services have a tendency to die out after some time which drives me crazy. This is...

That would be a nice service. However, my carrier only does this for corperate customers, and not free.

Thanks! I did not know this. Perhaps I'm missing something but as far as I can see, pushover cost ~5 USD per platform as a one time cost. The cost is reasonable I would say as your information is kept private, it's definitely a solid option. I've downloaded and started my trial to test it out...

Recently my alarm manufacturer cancelled their free push notification service and redirected to a cloud service which I cannot even setup as an end user - frustrating! It got me thinking about doing this myself, I mean, how hard could it be, right? One part of the problem is how to get push...

You dont need to setup packet marks for this, that just complicates things. This is a good start: https://www.snbforums.com/threads/guide-wireguard-portforwarding.89737/post-903628

This is not really my area, so I probably cant help you. DoT is something I would expect to be used externally, like directly out to a public dns server or between something like stubby on the router which requests DoT externally or if dnsmasq can do this now days possibly. I wouldnt expect DoT...

The problem with using firewall-start isthat the firewall is not restarted when wgs1 starts, so your rules may be superseded when wgs1 starts. The firmware is already prepared to do all this in the wgserver-start hook script, but you need to amend the /etc/wg/fw_wgs1.sh file which is executed...

I dont do that. There always a risk with whatever you do and this means different things to different people. Not sure I understand what you mean. With the firewall rule removed, there is basically the same access from WG server to the router that there is from WAN to the router. Run a...

Sure, but there is really no need. The firewall is built up upon dropping everything last, then on top of it allow whatever should be allowed. now we removed the firewall rule that would allow wgs1 to access the router so this means it will be dropped by the firewall. any specific reason you...