Recent content by grogi

For me the AX86s is ~150€, AX86u is ~250€... A lot of money for almost identical hardware...

There are simple steps to debug it out and figure out where the issue is. ipconfig /all on the client. Checks what are the settings distributed by DHCP server, which DNS server will be used. nslookup www.google.com 192.168.50.1 - checks if DNS server at 192.168.50.1 responds nslookup...

He does. The entries put into the LAN / DHCP Server screen are values distributed to the clients through DHCP. Clients really should not query 127.0.1.1 - which is each client querying itself. It wouldn't. Internally, there are two resolver configurations inside these router. one in...

Few tips, which should not affect effectiveness of blocking - but will imporove seciruty and performance. Remove the DNS server 2: 127.0.1.1. Any address that starts with 127 is local loopback - hosts will try to ask themselves for the addresses. Disable the AdGuard on the WAN interface as...

You don't need the complete [//100.168.192.in-addr.arpa/lan/local/]192.168.100.1:53 entry. [/lan/local/]192.168.100.1 will be enough - your private reverse DNS are specified below. If I understand it correctly, any address in 192.168.0.0/16, 172.16.0.0/12 and 10.0.0.0/8 will be reverse resolved...

I look, unfortunately I can see nothing... For instance GNUton build support Ax92u, while it is nowhere mentioned in any of the stickies. Could you point me to relevant post about GNUton builds?

I have zero experience in Adguard Home resolver. What will work reliably, without much configuration: WAN DNS - point to local adguard+unbound resolver LAN/DHCP DNS - router IP DNS Filter - router IP / no filter for some hosts Local name resolution will work, regular name resolution will...

Do you get dynamic prefix allocation? If you have a static prefix allocation, you should be able to hard-code the IPv6 configuration in one of the custom scripts after WAN is up. But have in mind, it is a tricky business. With IPv6 there is no NAT - so each host going out to the Internet is...

GNUton's builds support AX92u (currently in beta). https://github.com/gnuton/asuswrt-merlin.ng If you get one for cheap, AX92u would make a decent AiMesh node. AX radio acts as backhaul band + 2.4/5Ghz as access bands for clients.

That's exactly what I was doing in our previous location: Merlin solely as wired router/firewall + HP ProCurve Switch to deal with PoE/Bonding/VLANs etc. + Unifi AP.

. Why? Be consistent - if you want all your DNS request from LAN to go to PiHole, make the DNSFilter point to it as well. Yep. This is expected. PiHole doesn't know anything about your local devices and cannot resolve their names. You need to enable Conditional Forwarding. It is not...

Set a cron job that runs every minute. Script would: - check if ipv6 is enabled on the eth0 interface - read what address is assigned on the eth0 interface (or even better read the WLAN interface from nvram wan0_ifname variable) and if it is different from ipv6_rtr_addr - if they are...

If VPN Director doesn't support L2TP/PPTP, you would need to mimic it's behaviour and manually create routing table to push traffic through the tunnel interface (ip route xxxxxx) and create rules to assign given client to that table (ip rule xxxx). You would need to put those commands in a...

It is not unheard of for the legacy VPN infrastructure to support only those protocols.

There is an issue in the implementation in VPN director, which is loosing DNS intercept rules on certain scenarios. It will cause DNS queries leaking.