Recent content by eibgrad

As @bennor suggests, YazFi is no longer supported by the author. So use it at your own risk. Doesn't surprise me in the least it is increasingly subject to issues as the code grows stale over time.

That's it? No details at all? No logs? Absolutely nothing? We don't even know if it's OpenVPN or Wireguard. Or what YOU mean when describing it as active but not working. Do you mean it's *connected* but the VPN Director is NOT routing traffic as expected? BE SPECIFIC!

I'm not sure what you mean. Any port forward (added, changed, removed) only affects the VSERVER chain of the NAT table. iptables -t nat -vnL VSERVER But we added the nat rule to the POSTROUTING chain. iptables -t nat -vnL POSTROUTING I just tested it, and when I added a port forward, as...

You need to create a nat-start script, as explained in the following link. https://www.snbforums.com/threads/rt-ax86u-openvpn-adguard-home-no-internet-on-android.79467/#post-771219

This sounds like a site-to-site configuration. And in such cases, you normally do NOT NAT the tunnel in either direction. But in this case, you need to NAT the tunnel on the server side in order to force replies from mobile devices that reach the Keenetics router back through that same tunnel...

IIRC, ASUS routers used to have a facility where you could point to a script for execution on bootup. But that capability was removed several years ago for security reasons, leaving only third-party firmware as an option. Even if this was still possible, timing can become an issue. It may...

Merlin's comments about GCM are correct, but it has apparently created a misunderstanding as to what that actually means in practice. The decision to use or NOT use a GCM cipher has no bearing on whether you should enable/disable tls-auth. If you use a GCM cipher, and enable auth, the auth...

Correct.

You could create a nat-start script and add your own port forward(s) which includes its own scheduling using the time module. #!/bin/sh ext_ip="$(nvram get wan_ipaddr)" ext_port=3389 int_ip=192.168.1.100 int_port=3389 proto=tcp iptables -t nat -I PREROUTING -p $proto -d $ext_ip --dport...

No. auth and tls-auth are simply a means to encrypt and authenticate individual packets. The former is for data channel packets, the latter for control channel packets. They provide an *additional* layer of security. What's in those packets such as certs, keys, whatever, is of no concern...

The mount command combined w/ a regular expression should be sufficient to determine if something is mounted. mount | grep -q '^/dev/sda1 ' && echo 'mounted' As far as end-users, it should be a simple matter to configure a local script (Windows or Linux) to execute a remote Linux script using...

You could install a hosts file on your client machine(s). In fact, before there were DNS servers, that's how it was done (and that's exactly what you were effectively doing /w your prior router). Very crude, but for some circumstances, it may still be sufficient. But I don't see any way...

Options as described in the GUI typically use more descriptive naming than the underlying option as defined in the config file, for obvious reasons. And nothing says each side of the connection (client and server) necessarily will describe them the same. In this case, each side is using the...

I'm not exactly sure what you're saying here. If the internet goes down, then how can apps continue working (assuming by "working" you mean they have internet access). Or are claiming they *do* have internet access, but it's via the WAN? If the intent is to deny internet access to the WAN for...

https://www.asuswrt-merlin.net/