Видео

@nihoniumog5185 Thanks for watching! There's been some thats changed, that could be worthy of a new video in 2025. Mostly, it would be around RPi 5 and using new HATs that include NVME and Ethernet NICs that are faster and over PCIe. I'm not sure of what build you are talking about. I know there is a project called PiFi that uses OpenWrt on the backend, with a customized App that lets you interact with LuCi in a simplified way, which has USB driver's installed for a separate WiFi antenna, but otherwise, I'm not sure of any other build you are talking about. I haven't tried PiFi yet, but I'm curious to do so in the future. Most of this video is great to get started on for where it's at, but there are other things you can do and ways you can address the process of putting it all together with new hardware, as noted above.

@@user-bh9vf2zu1r thanks for watching! I wish I’ve gotten to it, but I haven’t yet, as I haven’t spent the money on a 5G modem that’s pretty costly. Then I’d need the right carrier board (for a CM4/5) or a hat, which I’ve found candidates for mostly on the CM side, but less on the plain RPi side. With the advancements in RPi 5, I’m more hopefully for a HAT that can support a 5G module over PCIe, as opposed to USB, but I do have USB options I can try. All in all I hope to get to it, but need to spend the money on it and try it out. I expect the configuration to be mostly similar, but we’ll see. Only way to know is to dive into it.

@@DevOdyssey Which one do you have in mind. I can chip in something .

@@FloridaInvestor thanks for watching! Yes you can, just maybe not the way you’re describing it, and not really with VLANs as per this video. The raspberry pi would not only block ads for ps5, but also for everything on the network. You can run something like PiHole (a video I made linked below) and it will block not only ads on your ps5, but also any ads on any devices on your home network. All you need to make it work is have your devices use the PiHole as the DNS server, and it will block ads from running. You’ll certainly have to do some testing here, as some devices / software might not work if ads don’t run and you’d need to make an exception for those in PiHole. ruclips.net/video/XTk8eZ4NmFc/видео.html Give it a shot and see how it works!

Thanks for watching @lisboncruz2962! I've been wanting one of those hat's, just haven't really needed it yet, but I know I'll find it useful in one of my next Pi projects. You're welcome! Happy to hear how my video helped improve your understanding of networking. It's taken me a lot of trial and error, reading and research, so I do enjoy getting videos like this together when I figure out a new networking concept. So, what I meant by that statement is most consumer routers use VLANs behind the scenes to create a WAN and LAN network (usually 2 total), so that they only need to use 1 ethernet controller, and therefore save on costs (as opposed to 2 ethernet controllers, one for WAN and one for LAN). I don't have a WAX204 to check and I'm not sure how the software looks, but if it supports VLANs, you should be good to go. Technically it doesn't need to be a Layer 3 switch, it really just needs to supports VLANs. Most switches I've used are Layer 3 and I made that association when making the video, when I really just meant to say a VLAN capable switch. (i.e. not a dumb switch). Your WAX204 can act as your access point and switch. What kind of modem do you have and what do you mean about connecting to the modem? like a physical connection or accessing the modem's web UI? All you'd have to do is plug in an ethernet cable from the modem to a LAN port on the WAX204, that you'll mark as an untagged VLAN. Then another ethernet cable from another port on the WAX204 to the Raspberry Pi 5, with the same VLAN, tagged. Then on the Raspberry Pi 5 (in OpenWrt), that VLAN would also be marked as tagged. If you follow the video again, and you have a switch that can do VLANs, then it should work. I'm just not confident if the WAX204 supports VLAN configuration within the stock UI. If not, then it might be best to get a VLAN capable switch so that you can create this setup (if you still want a router on a stick configuration).

You're welcome @frontm.7875! Thanks for watching and the compliment!

@Mynuggets_oz Thanks for watching! Thats an interesting take on setting it up a WireGuard client for OpenWrt. Generally, this makes sense, but taking the conf file from the WireGuard server and putting it on your OpenWrt WireGuard client is a bit of an oversimplification. You'll need to effectively reverse the configuration. The peer on the server, becomes the interface on the client, and the peer on the client (i.e. the server), is the interface on the server. Therefore you'll need to change that conf up from the server, and make the peer (your client in the conf), the interface. I'd recommend using the conf file for help, and following along using the GUI, unless you prefer uci commands, or if you create your own conf file, and upload it. But that conf file from the server cannot simply be dropped into OpenWrt without making modifications.

@@DevOdyssey yeah i tried a few ways, running the router as a client is just bottle necked speed ( i think from cpu / upload speed from router, i might try a networking card on my homeserver and run that as a router and see if i have same issue ), i have 1000/50, vps is 250mbps but running router as a client it struggles to get 20+ mbps ( pc''s on the nextwork using wireguard client are around 230mbps ) and woops i forgot nginx too in first post but most prob assume i use it ( this was a meme vpn threw together for a nasty vpn on a free cloud, showing a friend how easy some streamers get bot lobbies :P )

Thanks for watching and sharing your experience @sahilpatil2667! Glad it worked for you. Can't say I run into that issue before, and nor have I heard of that being a solution to an issue like this, but its definitely good to tunnel IPv6 too if your ISP offers it, since it would be possible to effectively "leak" your traffic through IPv6 if your router was making requests to IPv6 endpoints and was not being tunneled. Doing so ensures you'd expect the same behavior no matter how you're connecting to the internet. For those that do not get an IPv6 IP assigned to their router, then they shouldn't encounter any leaks. Or, if possible, you can shut off dhcpv6 client and your router won't get an IPv6 IP address if it doesn't ask for one.

Thanks for watching and sharing this snippet @fdauti_ca! It's definitely notable when initially setting up your VPN connections before downloading the PBR package and making split tunneling rules. Otherwise, for anyone wanting to use OpenVPN as the default route, and split tunneling through WAN, that line entry above would be necessary.

Thanks for watching and sharing @jettangeles2707! As I was making this video, I found many other guides, many of which used parted. I belief I landed on fdisk based on guides that simply worked for me. I believe I tried using parted myself (gparted) and I think I ended up messing up the image. Not sure if it had to do with me using squashfs instead of a ext4, but many of the guides I saw with ext4 were definitely easier to increase the partition size. Because squashfs uses an overlay file system and is read only, I think its more complicated to expand the partition. There's probably a way you can get parted to work to increase the size of the partition, but not sure if its as easy as running resizepart command, but its easy enough to do so might as well try it out. Appreciate your input!

Thanks for watching @terryschevker5474! I have not tried using a RPi CM5 with a this carrier board, but it should just be a drop in replacement and work no problem. There wouldn't be much to make a video on, other than seeing the performance differences, and creating a custom build of OpenWrt that would work with this carrier board immediately on install (unless DF Robot has already created a CM5 compatible build), but that would be about it. So if you have a CM5, I recommend you try it out following this video, though, you'd need to figure out getting the OpenWrt build right. Essentially you can use firmware selector (first link) and include necessary packages (noted in the System and Drivers section in the second link) firmware-selector.openwrt.org/?version=SNAPSHOT&target=bcm27xx%2Fbcm2712&id=rpi-5 wiki.dfrobot.com/Compute_Module_4_IoT_Router_Board_Mini_SKU_DFR0767

Thanks for watching, it's unfortunate there were some things you didn't understand. Maybe I can clarify them for you. I said allow, likely because I'm used to that terminology from BSD networking, where I've spent more time writing firewall rules than within OpenWrt. Nonetheless, I would imagine most would understand that those words are practically synonymous, but to be clear, I meant Accept, not Allow. What is that I can clarify about forwarding? Input, Output (and Forward), are directions the traffic can move based on a zone, which is a collection of one, or many, interfaces. Input, into the zone, Output, out the zone, and Forward, interfaces within the zone. The outside box is the Zone, as you can see at the top of the outside box. The boxes labeled LAN1 and LAN2 are interfaces, not zones. LAN is the zone that you see in OpenWrt, created by default (which also is the name of the "lan" interface). I labeled my interfaces LAN1 and LAN2 to distinguish between zone and interfaces, but could have changed their names to be more specific and improve clarity. It's pretty clear in OpenWrt as the zones and interfaces are given labels of "zone" and "interface", but it can be easily misconstrued. Learning often comes with frustration and plenty of misunderstanding. Repetition, trial and error are the best teachers, but those experiences will certainly come with frustration. In time, through repeated experiments, the concepts will make more sense, and you'll be able to build upon that foundational knowledge.

@@DevOdyssey Thanks.

@BrianG61UK you’re welcome!

@@dperv27 thanks for watching and sharing! Since I made the VPN zone, I had to define the Input, Output, and Forward chain default actions. Of course I could make any rules that would supersede the default but I simply used that default to define my actions. In particular the Accepts are needed for tunnel to be established between both ends, otherwise they would simply reject the traffic. Or you can create a firewall rule to superseded the default action for each chain. Nonetheless I prefer a default drop / block action, as it makes you write intentional rules for your network, instead of just allowing everything. This is a good practice I take from my BSD networking experience (OPNsense mostly), and I’ll have to mess around with it more in OpenWrt. Glad you were able to figure it out!

@@Plainstreamer Прошу! Thanks for watching!

@@No-user-g4u thanks for watching! So you can use OpenWrt’s firmware selector to choice the right build of OpenWrt. Not only that, but you can customize it and get packages added and uci configurations too, where they’re applied on first boot. You can find the firmware selector below, where I’ve preselected Raspberry Pi 4. firmware-selector.openwrt.org/?version=23.05.5&target=bcm27xx%2Fbcm2711&id=rpi-4

@@douglasgoodman226 thanks for watching! You should have no problem creating a trunk in OpenWrt, I can speak from experience that I’ve created trunk ports to send to hypervisors in particular where I’ve connected my VMs to different VLANs carried in the trunk. Simply tag all the VLANs on the Ethernet port of your choice and you have yourself a trunk.

@DevOdyssey Thanks 👍

@ you’re welcome!

@LoskerAbdulov thanks for watching! Hope you found it helpful.

Can't guarantee that I will. If I get the time, I may look into it. Regardless, proxy providers use SOCKS5 protocol, so the process to connect one up should be very similar. This video might also be helpful. ruclips.net/video/tjiMyuLrejA/видео.html

You're welcome and thanks for watching @BenMDepew! Definitely! My R6080 that I used in making this video still uses the old, non-DSA method, and since I still use this router, this video is one I come back to double check my VLAN setup. Just the other day I was setting up non-DSA VLANs on my R6080, and following this video, it worked like a charm.

You're welcome, and thanks for watching @it-expat-china! Glad to hear it worked well. You're use case is a great example of using a client side tunneling configuration for the whole network. Usually in this type of setup, I'd do more of a site to site VPN, and not do a full tunnel, unless I had specific reason to tunnel internet-bound office traffic through my home network (i.e. ISP or VPN provider). Even in a partial tunnel, as in a site to site, the setup is pretty much the same, except you specify your network / subnet on the other side (i.e. private IPs), instead of just all 0's as shown above. If you'd hadn't see my Site to Site VPN setup video, it might be a good reference for you in the future, so I linked it below. ruclips.net/video/2dH-O0crThk/видео.html

@@DevOdyssey Technically I don't need a complete site-to-site VPN setup yet, but many thanks again for your kind reply. I'll certainly refer back to this video or the site-to-site one you just mentioned here in the future.

Just something to add here, the "gateway metric" values configured differently to WAN and Wireguard interfaces are the key difference maker in my case, obviously it is NOT optional in my setup because without setting up different values (weights), my OpenWrt router simply refuses to tunnel back to my homelab (of course, I might misconfigure other settings, but I don't know the exact root cause).

@@it-expat-china you’re welcome! And that’s certainly true, you don’t need a site to site VPN if you just want to tunnel your home network through your office WAN network and anything local behind it. If you don’t have a need to access anything on your local home network from your office, this configuration will definitely suffice. But hey maybe the site to site video will help in the future. Thanks for sharing your gateway metric usage. That’s interesting, and it seems to make sense. Since you’re running a full tunnel out, you can connect to your local homeland because it all goes over the VPN connection when instead you want to connect to your home lab, and not use the WireGuard VPN. You can use Policy Based Routing (pbr), also called split tunneling, to create separate rules to tunnel local homelab traffic through your local gateway, and everything else through the VPN. I’ll link the video I made on pbr below. You might be able do this with firewall rules, but I can’t say I’ve tried that. So long as the firewall rule lets you chose a gateway or interface for the traffic, then you should be able to do it. This is what I’ve done with BSD based networking, like OPNsense, and it works well. ruclips.net/video/FN2qfxNIs2g/видео.html

Thanks for watching @demil3618! Hypothetically, yes you can router all your traffic through TOR using this approach, but not without some caveats. Certainly I, nor should anyone, trust a free VPN. You also can't trust all paid VPN services too, as they definitely aren't all equal in how they protect your privacy or improve (if not decrease) your security. All you can do here is your diligent research on VPN providers, see if they've been audited, and if they release those reports to the public (let alone if they pass their audit) and see what information they take for signup, and where they are based out of. CISA actually published a report that raised caution on using VPNs, as VPNs "shift residual risk from ISPs to VPN providers", which is true, and thats not always thought of when anyone uses a VPN. To your point, you can truly never know what a VPN provider is doing when you tunnel your data through their network. You can only assume they are not, and trust in any reports done by third party companies to validate what they advertise. Anyway, to tunnel TOR through a VPN, you'd effectively have your VPN endpoint route the traffic through TOR. I'm not exactly certain on how that is done, but should be possible in theory. I don't know enough about accessing TOR at this moment to validate how this is set up. Looks like Mullvad has an article on how to accomplish this, except its with OpenVPN and not WireGuard. mullvad.net/en/help/tor-and-mullvad-vpn With all the hops in TOR, and the addition of a VPN hop, expect it to be very slow.

@@DevOdyssey Hey, thanks for your response! 👍 Meanwhile I realised that tunneling through TOR is the 2nd challenge after first of all getting a tunnel from clients to my home network set up. Trouble is that the WRT router is behind an ISP provided model/router (so one can keep own settings when changing the ISP). The firewall isn't letting any traffic through right now. Wondering if I need to open ports on the ISP modem too alhough the filtering should take place on the WRT device. Once this works, I'll hope to figure out a TOR VPN (would work for file access etc. not for streaming though).

@demil3618 You're welcome! So given your setup, if you have an outbound VPN connection to a VPN provider, you shouldn't have to open any ports, just as you don't open any ports when going to any internet website. The returning connection will simply go through the port opened when initiating the outbound connection. Do you see a handshake being established? I also assume WRT is the router that all your personal devices are connected to, effectively it establishes your home network. Can elaborate more on the "firewall isn't letting any traffic through right now"? How are you testing this and how does your home network topology look like? Once you get this working, you should be able to get TOR working as well. I assume it would be as simple as starting up a TOR browser and going to a TOR site, though I can't be certain if anything else would need to be configured on the VPN server side.

@@DevOdyssey Will find out and feed back. I usually don't use a VPN povider, don't trust them. Only exception is Proton VPN which seems to be independently audited. But the free options are a bit slow. So TOR it is (outbound) but Wireguard for inbound traffic from devices to my LAN.

@demil3618 Sounds good! I understand that. It's difficult to really trust any VPN provider, you really just have to take their word for what they day they do, in terms of privacy / no logging. You can always set up your own VPN server in a cloud provider, and while you can purge logs, prevent logging from an OS level, the cloud provider will likely see your traffic anyway. Nonetheless, if your WireGuard VPN is meant for inbound traffic, i.e. getting access back to your home network, then setting up a cloud instance can make sense if you are behind a CGNAT or don't have an public IP you control. With TOR being outbound, all your concern would be is to simply access TOR from your home network, which shouldn't be anything more than using a TOR browser. At least, this is the sense I'm making of what you've shared above.

You're welcome @martyb3783, thanks for watching! Appreciate the compliment😊

Thanks for watching, and yes you can set it up on your PC (assuming you mean Windows). I actually talked about it in the comment below, but you can follow the github link I shared. github.com/diladele/squid-windows I haven't tested it out, so I can't share any personal experience, but I assume it works the same. Keep in mind, squid is intended to be a proxy server, so installing it on your PC (client) doesn't really do anything for you, unless you are using that PC as a server, or if you're connecting that PC to an upstream proxy, something you don't actually need squid to do, unless you want to get granular about how you proxy your HTTP traffic.

I can't guarantee that I will make a video on that, but I'll look into it. I have plenty to learn with IPv6, and implement as well, as I've never implemented an IPv6 network, I've just learned about it through research, nothing too hands on. For any proxy type comments, they're better placed on videos where I talk about proxies and set them up.

You're welcome, thanks for watching! Glad it helped 😊

You're welcome, thanks for watching! Glad I was able to help you learn subnetting and subnet masks. I learned through content on the internet and then really only by doing it enough times for it to stick. And after learning it, if the CIDR isn't /8, /24, /25, /23 or /32, I'd need a reference to remember what the side of that network is.

Thanks for watching and the compliment @PaulMureev! Sorry to hear it's not working for you. Are there any errors you encounter that you can share? I might be able to help. As for IPv4 routes, you should be able to see them under Status -> Routing. To add additional routes, i.e. static routes, you can create them under Networking -> Routing.

Thanks for watching @MapleEmpire! Thats a good question. I'd assume that yes you can, but I guess it depends on how you'd think of it. The older routers I'm used to would often have an update section where you could upload an "update" file. Generally you'd find this file on the OEMs website, that you'd simply upload and it would "flash" a newer version of their firmware. But newer routers are more likely to just auto update, and you wont have to flash and newer firmware. So if there's no way they provide in the UI to flash firmware, you're not left with many options. Netgear has their own network protocol, NRMP that allows you to flash firmware without having to go through the UI, but I can't say thats the case for all companies that make routers. I haven't flashed OpenWrt, let alone stock firmware, on routers other than Netgear and GL.iNet. You should only have to install nmrpflash on its own, which you can do so via their github repo, but homebrew makes it easier to manage the software (update, delete it, etc). github.com/jclehner/nmrpflash

@@DevOdyssey Thanks for your detailed reply, i have a Netgear R6220 with corrupted firmware (failed ddwrt install), i am trying to fix it by just flashing the official firmware, your video and comment are really helpful, so thanks again for your guidance :)

@@MapleEmpire You're welcome! Ah I see. While I can't say all Netgear router's support NMRP, I imagine most would, so using it to reflash stock firmware is perfect, especially for a corrupted router from a bad install. NMRP should still work, even when the router has a different firmware, as you can see in my video above. Not sure if it will work on a corrupted install, but I have a high hopes and a good feeling that it will, and "unbrick" your R6220. Glad my video has been helpful, and out of curiosity, if you can let me know if you're able to "unbrick" your R6220 using NMRP, I'd appreciate it!

@ i followed your guide and was able to unbrick my router, it works just like before, thank you again for your help!

@@MapleEmpire you’re welcome! Thanks for letting me know it worked 😊

Thanks for watching @fakebizPrez! Ha, well the only thing I have against IPv6 is its IP structure versus IPv6. Reciting an IPv6 IP is not something anyone can really commit to memory, unless you are just really good at memorizing hex. IPv4 is easier to recite simply because its representation is numbers, at least the representation of number's we're used to as humans. Yes there's DNS, but we all know what happens when DNS doesn't work. Otherwise, its benefits are vast over IPv4. I just need to really dig in and learn IPv6 and get my hands dirty with it. All I've know is from what I've read, and the little I've interacted with it. I would love to learn it and better understand how to deploy it and make some videos on it when I feel more comfortable with it.

YES! It's horrible!

@@rpsmith Maybe IPv6 is just misunderstood 😆

Thanks for watching @Aryansamthaan! I'm not sure what you mean. Are you asking for me to elaborate on how to create more VLAN networks with the router on a stick topology shown in this video? It should simply be a repeat of what I've shown, for both WAN and LAN.

​@@DevOdysseyHow to create multiple ipv6 address (proxy server) using a single vps

@@Aryansamthaan The intent of this video has nothing to do with proxy servers, and is simply a matter of a network topology where a router has one physical ethernet port. This video really isn't the right place to get into discussion around proxy servers / proxies.

@DevOdyssey so sir do you have any video on proxy server on pc

@@Aryansamthaan Looks like you already commented on that video, my HTTP / SOCKS proxy video. I replied to that comment on that video, and would prefer to continue the discussion there.

Thanks @Kevin-t6d3p! 😊

Thank you @raphaelandrade4138 and you’re welcome! I appreciate the compliment 😊

Thanks for watching @slash64man! Thats a very interesting observation, thanks for sharing all those details, as they're particularly important here. If you are split tunneling the traffic from the machine that you are visiting Mullvad's website from, then yes it will detect that you are split tunneling, because, you aren't going through the VPN, its going out the WAN interface. That would indicate the split tunneling is working as expected, to my understanding of everything you've described. There is nothing else you would need to do, unless you don't want to split tunnel the traffic, then you simply need to change your split tunnel rule, or add a split tunnel rule depending on your configuration. If you are using WireGuard, and I assume you are because you're commenting on this video, then your default gateway would be WAN, and you would then need to add a split tunnel rule if you want Mullvad to think you're on its VPN.

@@DevOdyssey Thanks for the insight. It’s a little odd because other services, like Hulu, detect that I’m on a VPN correctly while split tunneling. The Mullvad check connection page also lists its own server in the box, but it still makes the box red. (My WG interface takes priority per the gateway metric). Like before in my first comment, the banner on mullvads main page seems to correctly identify I’m using the VPN though. What’s also interesting is that if I turn off LAN to WAN zone forward in the firewall setting (making all traffic go through WG) and only leave the WG Zone for LAN to connect to, the red box on the Mullvad page suddenly turns green and it thinks all is normal. However, I can’t find the change that would make the Mullvad connection check page act in this way considering when I allowed LAN to WAN zone forwarding for the split tunnel, the WG zone was still taking precedence. In both cases of zone forwarding, the connection to Mullvad’s site was going through the WG interface. While split tunneling, I only forced one device (a Roku) to go from LAN to WAN so that I could watch Hulu on it. Not sure how to explain the behavior of the red vs green vpn check on Mullvad’s page.

Turns out it was my IPv6 address leaking!

​@@slash64man You're welcome, thanks for explaining! I like the testing you've done, as it often takes a lot of tinkering to get at the root of the problem, when you're not very certain what the problem is. Its easy to miss the IPv6 portion, as if your ISP assigns you IPv4 and IPv6 IP addresses, you might not even know that you're connecting to websites over IPv6. You can certainly check what your IP is, and you may see an IPv4, IPv6 or both, but you don't necessarily know from the get go how you connect to a specific website when you have both IPs. Really you'd have to monitor the connection over a proxy to listen in and see how you connect to a certain website. I haven't extensively tested out what I mentioned above, so if you or anyone has more insight on how reliably know how you're connecting to specific websites, I'd be more than happy to learn. Proxying is really the best way that comes to mind to observe how it works. Nonetheless, glad you were able to resolve the leak!

Thanks for watching @chilidog73! Thats pretty cool, can't say I've heard of Every Proxy. What smart TV do you have, if I may ask? Most major ones I've interacted with do have a sort of proxy setting in the network settings, so just curious to see if you just might be missing it. Unfortunately, if there truly is not any proxy settings on the TV, the only way to effectively "proxy" it, is through a network configured VPN, that being, your network gateway configured as a VPN client. I've covered this in a few of my other videos, so feel free to look through my videos to see which works best, but at this point you'd truly need a router capable of acting like a VPN client. So if Every Proxy offers VPN services, that would be ideal, but if not, then there isn't much else you can do, other than find a TV that does have proxy settings that you can configure to work with Every Proxy.

Thanks for watching @tubeDude48! If I recall correctly, it's because you can't mount and resize the drive while its in use by the OS. Particularly, I used a squashfs image of OpenWrt, which is a read only image. So when you boot into your system, its booting from an overlay. Since that is read only, you can't actually edit it and resize the image. The base image of squashfs version has a preset size that when you boot into it, it will inflate to that set size. That's just a preset because of low storage sizes of routers, and very much expected. Also read only is better for these systems that don't really have the best flash storage, as the more writes to flash, the faster it degrades. Anyway, beyond that, this preset cannot be changed while you're booted into it, for reasons noted above. You need to do this outside of the booted system, as I've shown in the video, or in my building OpenWrt video, where you can create your own image, and give it a storage size that you know will be in your deployed hardware. You can see that video below. ruclips.net/video/m9uWM6QUnpM/видео.html

Thank you very much @familytamelo8140! You're Super Thanks is extremely well timed 😊. Honestly, it meant so much when I saw this, my first Super Thanks, on Thanksgiving day. I couldn't be more thankful for my audience and everyone who watches my videos, like yourself. Thanks for sharing feeling of thanks with me yesterday. I'll always remember it.

@DevOdyssey you, sir, produce top class content. I'm sure it helps lots of people. Please keep it up!

@@familytamelo8140 Thanks! Hearing that helps me to keep going. I look forward to creating more top class content more frequently into the coming year, you can count on it! 😎

Thanks for compliment @wznzgq1354! Thats strange, my initial thoughts are on http / https. Are you using http in your curl command? If so, try using https. Next, we go to DNS, of course. Are you able to try an "nslookup" on the ipinfo domain? If that doesn't work, then that could be your issue. Lastly, I assume you're trying to test this over the VPN. Have you tried creating other routing rules that route traffic over the VPN? for example, can you try writing a routing rule for pings over the VPN, and see if you can ping out through the VPN? All of these test should help determine if the issue is the VPN connection, if its the route rule, or if its the test itself.

Thanks for watching @kirilkirov2281! Thats strange, but my first guess would be that your version of OpenWrt and or the hardware you putting OpenWrt on may have not have that package available. Care to share what your OpenWrt version is, and what hardware you are using? Below is the link for luci-app-wireguard openwrt.org/packages/pkgdata/luci-app-wireguard While its release says OpenWrt 22.03, it hasn't been updated in awhile, and I'd presume this is just lack of updates, and not indicating that its on OpenWrt 23.05.x. I assume this field simply means when this package was initially released. As for the package you suggested, here is the page I found for it. openwrt.org/packages/pkgdata/wg-installer-client And I found the source here github.com/openwrt/packages/tree/openwrt-22.03/net/wg-installer As you see from the OpenWrt link, this is a community developed package, and in the github link, you see its simply an automation to help create WireGuard tunnels automatically, seemingly via RPC. Since I haven't tried it out, I'm not exactly sure how it works, but this isn't the same as what luci-app-wireguard gets you, i.e. a graphical interface to configure WireGuard tunnels. I'd do some research to simply see if you combination of OpenWrt and hardware has the luci-app-package available to it, and I'd refer to the architecture portion of the OpenWrt luci-app-wireguard package page.

Thanks for watching @ahmedtalaat27! I'm not sure I'd characterize it that way exactly. I'd say its simply a "Wide Area Network", a larger network that your home network (LAN), connects to, that provides you access to the internet (which really is a collection of WAN networks). Firewall abilities are built into the routers, including NAT, traffic shaping, and of course routing, but those themselves are not "WAN".

@DevOdyssey actually WAN on papers is different than these ports comes with these type of routers I figured out that the router through wan port only firewall can work if you change the mode to bridge you gonna use lan ports in this case dhcp is off⁉️

@@ahmedtalaat27 The WAN port is simply an ethernet port designated as a DHCP client, meant to be your "uplink" to the WAN network, i.e. internet. Firewall is designed to work on this network interface, as it exists between networks (Layer 3 in OSI). Of course this is with the stock firmware that comes with routers, and can be customized for additional functionality (such as creating more networks), by flashing custom firmware. If you change the router to bridge mode, it will simply pass the public IP through to the next device, acting as a bridge. DHCP would be off, firewall would effectively be off as well, it would simply do nothing more than pass a public IP to the connected device, typically, another router (and on it's WAN port too). Generally you'd want to use this mode, or if its called Access Point mode, if you want your router to act as a wireless access point or as a bridge (network switch). But in these situations, you're connecting the router to an existing home network, and not into the ISP's incoming WAN connection. You can watch a video where I go over this below. ruclips.net/video/WyUlzFO90KA/видео.html

Thanks for stopping by @boomerjrtv1268! Happy to hear you were able to accomplish it, and share your strategy. Using DHCP to only assign that range is really smart, as if gives you a "pseudo subnet" ability, at least in terms of what goes through a WAN or WireGuard VPN. Other's could use this strategy as well to "split" their network ranges into what should go through the VPN, and what should go through WAN. Could create subnets to also accomplish this but what you showed is a way you don't have to do that.

@@allezvenga7617 You’re welcome, thanks for watching!

Thanks for watching @Muriz26! Thats a good point, and often a misconception I fall into. Really I should have said "VLAN capable switch" cause in truth, thats al you need. Often, I see these sold as "L2+ or L3", and I make the association of VLANs being _solely_ L3. Though, I know there are different ways VLANs can be setup (on L2 or L3), often VLAN features are touted on "L2+ or L3" switches, i.e. managed switches, as opposed to "dumb" switches. Isn't the OSI model fun? 😅 Given what you've said, sounds like you have an L2 switch that handles VLANs for you no problem. Thanks again sharing that, I appreciate it.

@@DevOdyssey L3 is the network layer on the OSI model. Openwrt is capable of doing L3 addresses therefore you only need a managed switch that you could log into its GUI and set the perimeters like untag and tagged ports with the vlan assignments. TP Link c7 can act like a L2 device, the data link layer...

@@Muriz26 Well said. I was making the joke of OSI model because its just theory, and sometimes, different concepts don't fall into OSI layers well, and people contend what service or protocol can fall into what layer. Certainly, VLANs fall in L2. A managed switch is really all thats needed, and the biggest benefit really for an L3 switch is for routing at line rate of the switch. But most smaller home lab deployments don't really need that anyway, unless you just want to play around and learn, like me 🙂 I haven't used the TP Link C7 but it's definitely awesome it can do that, for anyone who wants to be cost conscious and have an inexpensive managed switch. My first VLAN and second VLAN videos go into that, in how OpenWrt can be used as a managed switch, although I only explicitly say that in the second video. But, I wouldnt recommend Netgear R6080 as a managed switch since the ports are only 100 MB/s. ruclips.net/video/5TtlAXeaGUM/видео.html ruclips.net/video/d3aYMqt-b_c/видео.html

Thanks for watching @RockyKarthik! So technically, the setup in this video should work for any router, primary or secondary. Therefore your setup should work too. Though in your case though, you can set up the TP Link Deco with not only the primary Orbi, but also any of the satellites. The satellites just act as access points, but they're connected wirelessly (i.e. mesh). With the TP Link Deco, you cannot wirelessly connect it to the Orbi's due to proprietary reasons. Maybe if you flash open source firmware on them all (OpenWrt), you could do it, but its more complicated. You will have to connect the TP Link Deco to any of the Orbis using an ethernet cable. As long as you configure the TP Link to be in access point mode, which should be easy, you'll be good to go.

Thanks for watching @kgoerbig! Yea that would be way easier haha. I did this just so I could try it out and see it working, since most learn it conceptually in school using software like packet tracer. Its cool to actually see it working IRL. A mini PC with faster, dedicated NICs is way better for networking. Heck I have one myself that I use for my OPNsense videos. If I ever downsize my homelab, I'd use something like that as my firewall, for its convenient form factor and fast networking. Though, personally I might skip to 10Gb for my LAN so I can edit videos off my NAS in the future.

I actually made it work, I followed both mullvad and the instructions on your other video. Thank you!!

@@Hree Thanks for watching! I'm glad you were able get it working, both the VPN and Policy Based Routing, and appreciate your follow up here. In general, you follow this video to get started. Then to get it working with Policy Based Routing, you have to come back into the peer configuration, and check off "No Host Routes". I'm not sure if that checkbox is the same in future versions, but what we want at the end of it is to not automatically create routes to this peer. Thats because the Policy Based Routing rules will create those routes, based on your rule criteria. Once thats done, you're good to go with Policy Based Routing. The only other caveat I'd say is WireGuard cannot be a default gateway because of how it works on a technical level. So when using a WireGuard tunnel, your WAN will be your default gateway. Best of luck in your setup!

The perspective of this video is from someone getting started on firewall rules. With that, I'd expect some fundamentals of networking to be understood, at least routing, ports and associated protocols. This information builds on top of that, with rules and zones. Without those fundamentals, its wouldn't make sense to get into firewall rules. If you had any questions, I'd be more than happy to offer my help and explanation(s).