Recent content by eibgrad

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.
  1. eibgrad

    Problem adding third VPN client (tunnel) with VPN Director

    This has *nothing* to do w/ the Windows 10 VM, or any client trying to leverage one of the tunnels via PBR. What I'm talking about is how the tunnels associated w/ each OpenVPN client are configured on the router. When you configure any OpenVPN client, the router, in conjunction w/ the OpenVPN...
  2. eibgrad

    Problem adding third VPN client (tunnel) with VPN Director

    Anytime you have more than one concurrent OpenVPN client, you have to make 100% sure that each is using a unique IP network on its respective tunnel! Esp. when more than one is using the same OpenVPN provider. It's very easy to end up w/ more than one using the same IP network, thus creating a...
  3. eibgrad

    Need help to configure openVPN server on RT-AX58U with Merlins v. 386.3_0

    The OpenVPN server does NOT require port forwarding of any kind. It will simply open the requested port on the WAN once the OpenVPN server process is started. Are you sure the WAN ip is a *public* IP and NOT a private IP (including CGNAT)? P.S. Just noticed "" in the log, which...
  4. eibgrad

    OpenVPN Client Performance

    You can't compare the performance capabilities of the router to a full-blown desktop/laptop. There's NO WAY your typical consumer-grade router is going to have the kind of horsepower a VPN requires to provide comparable results. Use of the VPN on the router is almost always a compromise, where...
  5. eibgrad

    DHCP packet received on br1 which has no address

    AsusWRT-Merlin does NOT support VLANs and additional bridges natively. So you must have either developed these changes yourself using the CLI, or perhaps using some third-party tutorial or scripting. And given that, it's hard to know where things *might* have gone wrong to create the current...
  6. eibgrad

    VPN Director on ASUS AX88-U

    All that's required is two rules. One that routes *everything* through the VPN, and another that routes that one device over the WAN. Even though everything is routed over the VPN, the WAN rule will take precedence over the VPN rule for that one device. VPN WAN
  7. eibgrad

    Dual OpenVPN servers and routing

    When the routed OpenVPN client is assigned an IP on the tunnel (e.g.,, and it happens that the target resides across the bridged tunnel, the target on that side does NOT know how to route it back over the bridged tunnel. So it routes it to its default gateway on the same side...
  8. eibgrad

    Dual OpenVPN servers and routing

    I assume this new OpenVPN server is *routed* (tun), NOT bridged. Sounds like a case of the other side of the bridged tunnel NOT knowing where to correctly route the routed VPN's IP network. Once a packet is sent over the bridged tunnel, the target device on that side is probably routing it out...
  9. eibgrad

    Backing up Router Config

    On a side note, your script uses the following syntax. … 2>&1 >"$log_file" This will NOT send stderr to the logfile (assuming that's your intent). It continues to send stderr to the console. And that's because redirection occurs left to right. This command sends the output from descriptor...
  10. eibgrad

    Guest Network Slow/Unstable Connection

    It's neither a good idea to hide your SSID (nor necessary if you have a strong password) nor use the same named SSID. The combination of the two *may* cause the client to continually "hunt" for a better connection.
  11. eibgrad

    DNSFilter vs VPN (+VPN Director?) is NOT the public IP that matters. It's the *servers* it accesses that need to be bound to the WAN. And so yes, that makes it tricky to configure.
  12. eibgrad

    DNSFilter vs VPN (+VPN Director?)

    You can't change the behavior of the GUI in this respect. You'd have to script your own PBR to achieve the opposite behavior. That said, it is possible to force all traffic over the VPN, yet route specific destination IPs over the WAN using static routes. Perhaps that will be sufficient for...
  13. eibgrad

    DNSFilter vs VPN (+VPN Director?)

    When NOT using PBR, the router itself remains bound to the VPN by all its processes for all internet-bound traffic. It is, after all, the actual OpenVPN client and is only allowing clients on the LAN behind it to leverage the tunnel for their own purposes. However, once PBR is active, the...
  14. eibgrad

    DNSFilter vs VPN (+VPN Director?)

    You can't literally use the name CleanBrowsing (Family) in the rule. You need to determine what public IP is associated w/ that name by dumping the DNSFilter from the NAT table, where a DNAT rule is created for these purposes. iptables -t nat -vnL PREROUTING iptables -t nat -vnL DNSFILTER...
  15. eibgrad

    DNSFilter vs VPN (+VPN Director?)

    Whenever you use PBR, it removes the router itself from the VPN. It's just a side-effect of how the feature is implemented. But if you want to force a specific destination IP over the VPN, like those of DNS, back to the VPN, simply add those IPs as PBR rules! Just make sure to NOT qualify the...