need advice for Netgear r7000 with VLAN and Wireguard

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Goto page 1, 2  Next
Author Message
Cold-Lemonade
DD-WRT Novice


Joined: 27 Mar 2021
Posts: 35

PostPosted: Thu Jul 28, 2022 15:04    Post subject: need advice for Netgear r7000 with VLAN and Wireguard Reply with quote
I am setting up my Netgear r7000 to act as my firewalled gateway to the internet with two VLANs, one that accessible from the outside via Wireguard. I'm going to connect an Ubuntu server to WG-accessible VLAN. (This server runs software for my ip cameras--it has two NICs, one connects to the r7000 and the other to an unmanaged switch to which the cameras connect.) The other VLAN is for IOT devices, like my smart TV.

I set up everything over a year ago using v3.0-r46466 std. Is there a better build to use now?

Any advice or suggestions would be much appreciated. The attached drawing shows what I trying to accomplish.



Drawing.JPG
 Description:
 Filesize:  26.24 KB
 Viewed:  2419 Time(s)

Drawing.JPG


Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12812
Location: Netherlands

PostPosted: Thu Jul 28, 2022 15:52    Post subject: Reply with quote
Your build is old , newer builds have patched security issues and other fixes, so upgrading is recommended.

If your build is before the big VLAN update then you might have to redo it using swconfig although this seems a simple VLAN setup and it might even be possible to use the GUI to do VLANS (I have set one port on my R6400 on VLAN3 with the GUI and bridged that to br1)

Anyway, coming from an old build, resetting to defaults *after* update might be a good idea (always put settings in manually, never restore form a backup (to a different build))

Not sure what you mean with a WG accessible VLAN, why would you restrict access, you are the only one which can have access (not that it is impossible to restrict access).

WG documentation is a sticky in the Advanced Networking forum, it looks like you need the WG Server setup guide

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Cold-Lemonade
DD-WRT Novice


Joined: 27 Mar 2021
Posts: 35

PostPosted: Thu Jul 28, 2022 16:42    Post subject: Reply with quote
Hi egc.

egc wrote:
Your build is old , newer builds have patched security issues and other fixes, so upgrading is recommended.

...

Anyway, coming from an old build, resetting to defaults *after* update might be a good idea (always put settings in manually, never restore form a backup (to a different build))


I am planning to download the most recent build -- i.e., 49567 -- and then flashing my router with it. It's been a while since I did this, but if I am remembering it correctly, this will install a fresh copy of this version of ddwrt. And then I can manually adjust the settings, etc., to create the VLANs and get Wireguard up and running.

Is the 49567 build the one you recommend?
blkt
DD-WRT Guru


Joined: 20 Jan 2019
Posts: 5650

PostPosted: Thu Jul 28, 2022 17:15    Post subject: Re: need advice for Netgear r7000 with VLAN and Wireguard Reply with quote
Cold-Lemonade wrote:
I set up everything over a year ago using v3.0-r46466 std. Is there a better build to use now?

r46446 (04/24/2021)? Newest build available, r49567 (07/27/2022), nvram erase && reboot after upgrade.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12812
Location: Netherlands

PostPosted: Thu Jul 28, 2022 17:36    Post subject: Reply with quote
@blkt said it all Smile

The newest build is fine but always have a look at the build threads for showstoppers

See the forum guidelines with helpful pointers about how to research your router, where and what firmware to download, where and how to post and many other helpful tips:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087

I am running build 49585 as we speak, testing ipset for WireGuard Smile
(that build is home made so not publicly available)

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Duxa
DD-WRT User


Joined: 16 Aug 2013
Posts: 191

PostPosted: Thu Jul 28, 2022 18:19    Post subject: Reply with quote
When you upgrade keep an eye on stability (10+ days of uptime), I and some others have had issues with recent builds where router crashes and reboots after 1 to 2 weeks of uptime.

Please report if your build is stable, I think all of us are looking for a stable one now.
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 9157

PostPosted: Thu Jul 28, 2022 18:41    Post subject: Reply with quote
deleted
_________________
ddwrt-ovpn-split-basic.sh (UPDATED!) * ddwrt-ovpn-split-advanced.sh (UPDATED!) * ddwrt-ovpn-client-killswitch.sh * ddwrt-ovpn-client-watchdog.sh * ddwrt-ovpn-remote-access.sh * ddwrt-ovpn-client-backup.sh * ddwrt-mount-usb-drives.sh * ddwrt-blacklist-domains.sh * ddwrt-wol-port-forward.sh * ddwrt-dns-monitor.sh (NEW!)


Last edited by eibgrad on Thu Jul 28, 2022 19:26; edited 1 time in total
blkt
DD-WRT Guru


Joined: 20 Jan 2019
Posts: 5650

PostPosted: Thu Jul 28, 2022 19:15    Post subject: Reply with quote
Duxa wrote:
When you upgrade keep an eye on stability (10+ days of uptime), I and some others have had issues with recent builds where router crashes and reboots after 1 to 2 weeks of uptime.

Please report if your build is stable, I think all of us are looking for a stable one now.

Others are not experiencing the same issue, however kernel, brcmfmac and ctf changes are included in r49567.
Duxa
DD-WRT User


Joined: 16 Aug 2013
Posts: 191

PostPosted: Thu Jul 28, 2022 19:20    Post subject: Reply with quote
blkt wrote:
Duxa wrote:
When you upgrade keep an eye on stability (10+ days of uptime), I and some others have had issues with recent builds where router crashes and reboots after 1 to 2 weeks of uptime.

Please report if your build is stable, I think all of us are looking for a stable one now.

Others are not experiencing the same issues, however kernel, brcmfmac and ctf changes are included in r49567.


Right, in addition to me Ive seen at least 4 others with stability issues with R7000 specifically (all along the same lines, router reboot). Im sure there are those that are having no issues (not sure why), but people dont typically come onto forums to share how awesomly everything is running. This is why I just made its like a PSA post, something to keep an eye on.

https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=332517

https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=332479

https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=331267

https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=332435

https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=332328
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12812
Location: Netherlands

PostPosted: Thu Jul 28, 2022 19:41    Post subject: Reply with quote
One unrelated R7000P a couple of hardware failures and some rogue wifi clients ( one rogue wifi client can bring a network down )

The R7000 and its brothers and sisters is the most used router on DDWRT, when there was something seriously wrong with it the forum would explode.

Not to say that the software is bug free, bugs crop up and are resolved (and crop up again) Smile

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087


Last edited by egc on Thu Jul 28, 2022 19:54; edited 1 time in total
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14102
Location: Texas, USA

PostPosted: Thu Jul 28, 2022 19:53    Post subject: Reply with quote
I have an R7000 that is on the current release that had an uptime of over 2 months. Second-hand device, came with no power adapter, had no loose parts inside case, and has been going strong since it came into my possession. Only mod besides non-Netgear PSU is the dual fan cooling mod because of location.

Periodic panic(?) loss of all network r49467 / r49392 R7000P (not an R7000, most likely user-induced)

R7000 - Odd issues with recent firmware flashes (more user-induced pain)

Unstable R7000 with DDWRT, solid with Stock Firmware (more perception nonsense, user-config induced most likely)

Diagnostics help R7000 (could be hardware failure, overheating, or bad PSU: no follow-up report back)

[SOLVED] Is my Netgear R7000 defective? (was not the router or DD-WRT, it was environmental / ISP infrastructure)

No further comment.

_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
blkt
DD-WRT Guru


Joined: 20 Jan 2019
Posts: 5650

PostPosted: Thu Jul 28, 2022 20:02    Post subject: Reply with quote
Duxa wrote:
Right, in addition to me Ive seen at least 4 others with stability issues with R7000 specifically (all along the same lines, router reboot). Im sure there are those that are having no issues (not sure why), but people dont typically come onto forums to share how awesomly everything is running. This is why I just made its like a PSA post, something to keep an eye on.

Pointless FUD irrelevant to r49567, which you should be testing uptime.

Duxa wrote:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=332517

Different model router R7000P, also Alozaros "my R7000 is rock solid..."
Duxa wrote:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=332479

shipracer verified not the same issue "uptime is good" ...
Duxa wrote:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=331267

trymion & Puppetnation missing since January, eolo June SFE disabled.
Duxa wrote:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=332435

Silence after power supply diagnosis...
Duxa wrote:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=332328

"My R7000 wasn't faulty" Zyxx finds ISP issue affecting neighborhood.


Last edited by blkt on Thu Jul 28, 2022 20:08; edited 1 time in total
Duxa
DD-WRT User


Joined: 16 Aug 2013
Posts: 191

PostPosted: Thu Jul 28, 2022 20:06    Post subject: Reply with quote
Well, I am glad there are explanations for all those. No explanation for my instability though.

How can I identify if its ISP caused? Because two models of Netgear router (r6300v1 and R7000) have same problem for me on DDWRT (crash with kernel panic within 2 weeks, Ive posted kernel panic dump previously), but both run solid with FreshTomato.

Maybe my issue is ISP as well?
Cold-Lemonade
DD-WRT Novice


Joined: 27 Mar 2021
Posts: 35

PostPosted: Thu Jul 28, 2022 20:53    Post subject: Re: need advice for Netgear r7000 with VLAN and Wireguard Reply with quote
blkt wrote:

r46446 (04/24/2021)? Newest build available, r49567 (07/27/2022), nvram erase && reboot after upgrade.


Yes, that was a typo -- I have r46446 (04/24/2021). Thanks.
Cold-Lemonade
DD-WRT Novice


Joined: 27 Mar 2021
Posts: 35

PostPosted: Tue Aug 02, 2022 1:53    Post subject: Reply with quote
Many thanks to all of you for the great resources found throughout the DD-WRT forum. I got my Netgear r7000 running DD-WRT v3.0-r49567 std (07/27/22) with a VLAN and Wireguard.

I have a couple of remaining questions that I hope someone can help me resolve.

1. I put port 4 on a separate vlan. This port connects to a cat6 line that runs to my tenants unit so that my tenant can connect to the internet. Is isolating this port from the rest of the local area network as simple as enabling "Net isolation" in this vlan's corresponding network bridge configuration? If not, how do I keep this vlan separated from everything else? I imagine I might need to add a couple of lines to iptables or something.

2. When I access the r7000 from outside the local area network using Wireguard, I cannot access other devices on the local area network. I followed the Wireguard server setup guide and disabled CVE-2019-14899 Mitigation. But I am still unable to see other computers on the local area network.

For example, suppose Wireguard assigns me 10.4.0.7 for my ip address when I connect to the r7000 router. I want to access a Raspberry Pi 4 running Home Assistant at 192.168.1.2. But I cannot see 192.168.1.2. I've listed "192.168.1.0/24" among the allowed ips in the "peer" section of my Wireguard client. What am I missing?

I would greatly appreciate your assistance.
Goto page 1, 2  Next Display posts from previous:    Page 1 of 2
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum