Posted: Thu Jul 28, 2022 15:04 Post subject: need advice for Netgear r7000 with VLAN and Wireguard
I am setting up my Netgear r7000 to act as my firewalled gateway to the internet with two VLANs, one that accessible from the outside via Wireguard. I'm going to connect an Ubuntu server to WG-accessible VLAN. (This server runs software for my ip cameras--it has two NICs, one connects to the r7000 and the other to an unmanaged switch to which the cameras connect.) The other VLAN is for IOT devices, like my smart TV.
I set up everything over a year ago using v3.0-r46466 std. Is there a better build to use now?
Any advice or suggestions would be much appreciated. The attached drawing shows what I trying to accomplish.
Joined: 18 Mar 2014 Posts: 12904 Location: Netherlands
Posted: Thu Jul 28, 2022 15:52 Post subject:
Your build is old , newer builds have patched security issues and other fixes, so upgrading is recommended.
If your build is before the big VLAN update then you might have to redo it using swconfig although this seems a simple VLAN setup and it might even be possible to use the GUI to do VLANS (I have set one port on my R6400 on VLAN3 with the GUI and bridged that to br1)
Anyway, coming from an old build, resetting to defaults *after* update might be a good idea (always put settings in manually, never restore form a backup (to a different build))
Not sure what you mean with a WG accessible VLAN, why would you restrict access, you are the only one which can have access (not that it is impossible to restrict access).
Your build is old , newer builds have patched security issues and other fixes, so upgrading is recommended.
...
Anyway, coming from an old build, resetting to defaults *after* update might be a good idea (always put settings in manually, never restore form a backup (to a different build))
I am planning to download the most recent build -- i.e., 49567 -- and then flashing my router with it. It's been a while since I did this, but if I am remembering it correctly, this will install a fresh copy of this version of ddwrt. And then I can manually adjust the settings, etc., to create the VLANs and get Wireguard up and running.
Joined: 18 Mar 2014 Posts: 12904 Location: Netherlands
Posted: Thu Jul 28, 2022 17:36 Post subject:
@blkt said it all
The newest build is fine but always have a look at the build threads for showstoppers
See the forum guidelines with helpful pointers about how to research your router, where and what firmware to download, where and how to post and many other helpful tips:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
When you upgrade keep an eye on stability (10+ days of uptime), I and some others have had issues with recent builds where router crashes and reboots after 1 to 2 weeks of uptime.
Please report if your build is stable, I think all of us are looking for a stable one now.
When you upgrade keep an eye on stability (10+ days of uptime), I and some others have had issues with recent builds where router crashes and reboots after 1 to 2 weeks of uptime.
Please report if your build is stable, I think all of us are looking for a stable one now.
Others are not experiencing the same issue, however kernel, brcmfmac and ctf changes are included in r49567.
When you upgrade keep an eye on stability (10+ days of uptime), I and some others have had issues with recent builds where router crashes and reboots after 1 to 2 weeks of uptime.
Please report if your build is stable, I think all of us are looking for a stable one now.
Others are not experiencing the same issues, however kernel, brcmfmac and ctf changes are included in r49567.
Right, in addition to me Ive seen at least 4 others with stability issues with R7000 specifically (all along the same lines, router reboot). Im sure there are those that are having no issues (not sure why), but people dont typically come onto forums to share how awesomly everything is running. This is why I just made its like a PSA post, something to keep an eye on.
Joined: 08 May 2018 Posts: 14242 Location: Texas, USA
Posted: Thu Jul 28, 2022 19:53 Post subject:
I have an R7000 that is on the current release that had an uptime of over 2 months. Second-hand device, came with no power adapter, had no loose parts inside case, and has been going strong since it came into my possession. Only mod besides non-Netgear PSU is the dual fan cooling mod because of location.
Right, in addition to me Ive seen at least 4 others with stability issues with R7000 specifically (all along the same lines, router reboot). Im sure there are those that are having no issues (not sure why), but people dont typically come onto forums to share how awesomly everything is running. This is why I just made its like a PSA post, something to keep an eye on.
Pointless FUD irrelevant to r49567, which you should be testing uptime.
Well, I am glad there are explanations for all those. No explanation for my instability though.
How can I identify if its ISP caused? Because two models of Netgear router (r6300v1 and R7000) have same problem for me on DDWRT (crash with kernel panic within 2 weeks, Ive posted kernel panic dump previously), but both run solid with FreshTomato.
Many thanks to all of you for the great resources found throughout the DD-WRT forum. I got my Netgear r7000 running DD-WRT v3.0-r49567 std (07/27/22) with a VLAN and Wireguard.
I have a couple of remaining questions that I hope someone can help me resolve.
1. I put port 4 on a separate vlan. This port connects to a cat6 line that runs to my tenants unit so that my tenant can connect to the internet. Is isolating this port from the rest of the local area network as simple as enabling "Net isolation" in this vlan's corresponding network bridge configuration? If not, how do I keep this vlan separated from everything else? I imagine I might need to add a couple of lines to iptables or something.
2. When I access the r7000 from outside the local area network using Wireguard, I cannot access other devices on the local area network. I followed the Wireguard server setup guide and disabled CVE-2019-14899 Mitigation. But I am still unable to see other computers on the local area network.
For example, suppose Wireguard assigns me 10.4.0.7 for my ip address when I connect to the r7000 router. I want to access a Raspberry Pi 4 running Home Assistant at 192.168.1.2. But I cannot see 192.168.1.2. I've listed "192.168.1.0/24" among the allowed ips in the "peer" section of my Wireguard client. What am I missing?