Recent content by brec

I'm trying to implement what you describe. IP forwarding is enabled. I have only one LAN subnet. The only means of "instead be routed through the VPN" is to bring the WireGuard virtual tunnel interface up. The only way to do that is by SSH to the VPN client box, or as a boot-time process. Even...

Here's my attempt at emulating the router logic you've outlined and the failure report. I thought it too WireGuard-specific for this thread, but you're more than welcome to take a look at my SuperUser post.

Yes, but how is that intention implemented? How, e.g., does any router know that SSH traffic is local and not to be forwarded? Edit: AFAIK I have to write the relevant routing rules myself -- WireGuard is leaner in that respect than OpenVPN.

If all traffic into the VPN/router is tunneled out, what prevents SSH traffic into the VPN/router from being tunneled out and therefore not handled by its SSH server?

I'd be pleased to be persuaded that I'm making this unnecessarily complicated! I'll experiment with the single-interface approach and see if/where I get into trouble. How is SSH traffic handled? Both my WGbox and one of the client boxes are headless.

The project is to add a WireGuard VPN box to my LAN -- a headless Ubuntu system that will peer with a WireGuard server on a cloud VPS. Let's call this new LAN box "WGbox." It has multiple ethernet connectors. I'd like it to provide VPN tunneling to two other LAN clients: a headless data server...

Indeed! I wanted to avoid undue broadening of the scope. But now that you've asked (yay!) stand by for the project description and network design issues.

Would an alternative to using a command in the router like ifconfig br0:1 10.0.0.1 netmask 255.0.0.0 be to use the GUI's Advanced Settings::LAN::Route to provide a static route? The brief (as always for ASUS) documentation on that facility is that it's for other routers on the LAN side...

In reply to my question as to assigning a LAN device an address, such as 10.0.0.0/8, other than the router's 192.168.0.0/16. What does the 86U do with packets from a LAN connection with a source subnet unknown to it? -- Does "route it out its default gateway" mean out its WAN interface? Does...

Thanks for your patience -- take the rest of the day off!

Annnnnd... lastly (?) does ipconfig br0:1 ... create the br0 "device" or refer to a preexisting one?

I understand they're two different things. I'm trying to solve changing DHCP settings and not seeing the results in the client list until (I am guessing) the lease expires. E.g., taking a client offline doesn't reflect in the list. Removing a client from DHCP and assigning its ip to it manually...

Rebooting is often inconvenient because it disconnects innocent (i.e., other than me) users or a server. Is there any way to force a client list refresh, or to force a DHCP lease renewal of a device? The client list Refresh button doesn't seem to do anything.

Got it. Were I to do this, could I change your example 192.168.10.1 to a non-192.168.0.0/16 ip such as an address in 10.0.0.0/8?

1. Given that I can just use an address in my current subnet but that doesn't conflict with the DHCP pool, I think I'm OK without worrying about introducing another subnet. 2. But I'm technically curious. I am running Merlin. Where would I find the services-start script? I ssh'd into the 86U...