Recent content by Nodens

You don't need a kill switch on WG. The interface does not go down in case the other side is unreachable so no traffic bound for the tunnel can leak. You just get loss of connectivity, like using a kill switch. "Allowed IPs" in WG terms does 2 things. First it's what is allowed to go through...

Oh I read it very carefully I just fail to understand what you imply, technically, by "Not every connection is going to be as impervious as fiber. A similar asymmetric cable connection would easily buckle to the bottleneck produced by the routers insufficient arm processors having to respond...

This is what I actually use with my ONT and it works great. The VID is usually 835 for ISPs in Europe and since he said Vodafone IT, I assume it's Italy so that should work. Here, in Greece, Vodafone uses 835 as well. EDIT: Do notice that usually static package offerings usually require the...

Do you mean due to retransmissions and NAT acceleration? I'm not sure on the impact there so I can't comment. If you mean due to retransmissions and AES acceleration wireguard should still be faster. If it's not userland implementation then yeah it's wireguard-linux-compat for sure. Asus may be...

I know its hardcoded. The difference between Xchacha20 and chacha20 is that the first uses a 192bit nonce vs a 64bit nonce on the later (with the obvious benefits). It is pretty trivial to implement support for it and fallback if it's not supported on the endpoint. This is why I said that I...

The original point was that this is simply not true and I explained why. No worries, we're just having a technical discussion. No one is badmouthing anything :) No one said anything about swapping kernels or whatever. At some point devices will move to newer kernels though as they always have...

The reasons you dislike it though are actually features. Perhaps you're too accustomed to the openvpn flow of things. This is not entirely correct. I assume you got this info trying to google for details. 5.6 is when the linux kernel merged wireguard in (2019), so from 5.6 and afterwards, it's...

Pretty sure that's for letsencrypt certificate issuing renewal as it works exactly like that.. it uses nginx on port 80 to do the verification cause that's how letsencrypt works with the web authentication option. I know it for sure because I've tested it to see the implementation as I'm not...

I have fiber WAN to AX88U and a static /28 from my ISP. I assign two IPs from this /28 to two servers providing public services. The configuration I use is this: in nat-start: ip addr add xxx.xxx.xxx.xxx/28 dev ppp0 iptables -t nat -A PREROUTING -d xxx.xxx.xxx.xxx -j DNAT --to-destination...

Wow. How did I miss that all this time. Haha. I looked at the manual again and on the legend it uses 1 for USB port, immediately my eyes went to the port I knew that was there at the back so looking at the legend for a second port I found none but at a closer inspection now both are marked with...

I want to attach a 5G failover USB modem to the router but don't want to lose the usb drive for scripting. The router has a single physical USB port although ASUS web page technical specs and Asuswrt web interface list 2 ports. Does this mean I can easily connect a 2 port hub and be done with...

So. What I need to do is dynamic DNS updates on an authorative BIND9 DNS server for both IPv4 and IPv6 addresses. This can be easily done with dhcpd with something like this added to conf: ddns-domainname "domain.com"; ddns-rev-domainname "in-addr.arpa"; ddns-update-style standard...