Search results

  1. Z

    VPN Director Bug?

    The bypass was designed by Asus/Broadcom and likely to match VPNFusion. @RMerlin ported this to the more capable VPNDirector but the options are limited. You simply add source ip to bypass to a file admin@RT-AX86U_Pro-BBC8:/tmp/home/root# cat /proc/blog/skip_wireguard_network 192.168.100.128/25...
  2. Z

    Push notifications from router to phone

    Not really a router addon, but just in case anyone is interested: https://github.com/ZebMcKayhan/SIA-Server If anyone here is using Honywell Galaxy alarms you may be interested to know that the public notification service (via GX remote control app) ends on 1st of April. This is something you...
  3. Z

    Wireguard Server blocking random sites

    Hmm ok... the /1 means you only include half the internet (0.0.0.0 - 127.255.255.255). Are you using the VPS to connect to router wg server and relay clients? Here is how I did it https://github.com/ZebMcKayhan/WireguardManager?tab=readme-ov-file#setup-private-server-via-cloud-server (You need...
  4. Z

    Wireguard Server blocking random sites

    I have had issues in my setup and the problem was that the router gives an ipv4/ipv6 to the client, so the client thinks it have both. In my case ipv6 was not working which caused issues. In your case ipv6 may work but through wan and not vpn, so from a different city/country. This is what I...
  5. Z

    Wireguard Server blocking random sites

    The only thing that comes into mind is perhaps ipv6 issues. Do you have ipv6 enabled on the router?
  6. Z

    wireguard vpn director multiple tunnels

    There are no such option in the gui. I belive this is possible using the VPNMON addon, have a look: https://www.snbforums.com/threads/vpnmon-r3-v1-8-3-jan-17-2026-monitor-openvpn-wireguard-wan-dual-wan-health-random-reset-multiple-connections-available-in-amtm.95416/post-965374
  7. Z

    Push notifications from router to phone

    That is one of the reasons I like ntfy.sh. you dont even need to register at all, not even give them your email address. Just open the app and subscribe to a channel of your own name and it just works. All public services have a tendency to die out after some time which drives me crazy. This is...
  8. Z

    Push notifications from router to phone

    That would be a nice service. However, my carrier only does this for corperate customers, and not free.
  9. Z

    Push notifications from router to phone

    Thanks! I did not know this. Perhaps I'm missing something but as far as I can see, pushover cost ~5 USD per platform as a one time cost. The cost is reasonable I would say as your information is kept private, it's definitely a solid option. I've downloaded and started my trial to test it out...
  10. Z

    Push notifications from router to phone

    Recently my alarm manufacturer cancelled their free push notification service and redirected to a cloud service which I cannot even setup as an end user - frustrating! It got me thinking about doing this myself, I mean, how hard could it be, right? One part of the problem is how to get push...
  11. Z

    MerlinWRT port forward over VPN (VPN director connection)

    You dont need to setup packet marks for this, that just complicates things. This is a good start: https://www.snbforums.com/threads/guide-wireguard-portforwarding.89737/post-903628
  12. Z

    Restricting Wireguard server client access to the router

    This is not really my area, so I probably cant help you. DoT is something I would expect to be used externally, like directly out to a public dns server or between something like stubby on the router which requests DoT externally or if dnsmasq can do this now days possibly. I wouldnt expect DoT...
  13. Z

    Restricting Wireguard server client access to the router

    The problem with using firewall-start isthat the firewall is not restarted when wgs1 starts, so your rules may be superseded when wgs1 starts. The firmware is already prepared to do all this in the wgserver-start hook script, but you need to amend the /etc/wg/fw_wgs1.sh file which is executed...
  14. Z

    Restricting Wireguard server client access to the router

    I dont do that. There always a risk with whatever you do and this means different things to different people. Not sure I understand what you mean. With the firewall rule removed, there is basically the same access from WG server to the router that there is from WAN to the router. Run a...
  15. Z

    Restricting Wireguard server client access to the router

    Sure, but there is really no need. The firewall is built up upon dropping everything last, then on top of it allow whatever should be allowed. now we removed the firewall rule that would allow wgs1 to access the router so this means it will be dropped by the firewall. any specific reason you...
  16. Z

    Restricting Wireguard server client access to the router

    Depends, and up to you. I didnt know you had IPv6 enabled. So, right now the firewall allows IPv6 from Wireguard Server to the router but not IPv4. if you are not using IPv6 over your VPS then it shouldnt matter. but just for the sake of: /jffs/scripts/wgserver-start #!/bin/sh #remove firewall...
  17. Z

    Restricting Wireguard server client access to the router

    No, that would not be reliable as the firewall rebuilds itself every now and then and not when wg-server is started. We would need to do this in wgserver-start First you need to turn on userscripts in the gui (Administration -> system) Then edit the file executed when wg server starts nano...
  18. Z

    Restricting Wireguard server client access to the router

    Depends on how it is setup to be used. The only thing that could matter is if you need dns lookup on the router (from wg server connected clients) for it to work. If this is your intended operation you should be good. We are not affecting any lan operation or any routing stuff. Try it out with...
  19. Z

    Restricting Wireguard server client access to the router

    Hmm, ok. Using non-official apps? And you are right, it wouldnt be secure from user tampering. The AllowedIP at the client is meant to tell the client which destination ip to go over the tunnel and which should not. But there are only a set of AllowedIPs, you cannot prevent an ip. So if you want...
  20. Z

    Restricting Wireguard server client access to the router

    Before we create files for persistance, if you log in over ssh and execute this line iptables -D WGSI -i wgs1 -j ACCEPT It should not give any output if it works. Then test if all that should work over wg is working and you get the effect you want. Just be careful, any config change on the...
Back
Top