My router doesnt allow that plus i dont trust routers managing my vpn connections.
Comment on Wireguard easy and third party von service.
B0rax@feddit.org 2 days ago
What router do you have?
For example with a Unifi router you can quite easily create a routing for that.
LetchLemon@lemmy.blahaj.zone 2 days ago
LetchLemon@lemmy.blahaj.zone 2 days ago
Im picking up what your putting down tho. Be so much easier if i could have a vpn service on a dedicated vlan then just link through with some wg configs but annoyingly my router puts wireguard ontop of the entire topography and messes up everything else.
BuccaneerScientist@discuss.tchncs.de 2 days ago
I know this don’t the solution you are looking for, but your router sounds like the crappy default one you get from your ISP.
In that case (since you already got this far) consider getting a better one, if not for this, then for the next time it limits your adventures.
I would suggest looking into OpenWrt if you go this route.
LetchLemon@lemmy.blahaj.zone 2 days ago
It definantly isnt a default isp router. And openwrt doesnt support the chip i have in my router as its a tplink enterprise router. I emailed them and they said they will look into implementing it into their omada ecosystem. Unifi dont really excite me anyway they have one hell of a cve and have to answer to the signal directive. Every issue with tp link has been. You need to have acces to the router physically to implement.
moonpiedumplings@programming.dev 2 days ago
Come on, this is not true and you know it. Finding a counterexample was easy:
anavem.com/…/tp-link-patches-critical-router-flaw…
Auth bypass + auth rce flaw. Literal remote code execution, instant own.
The problem with network appliances/routers is that they all have web ui’s, and management api’s or something of the sort. Web UI’s are extremely complex services, with lots of difficult to secure attack surface. In a router, that attack surface is now running as root (because it has to be, to manage linux (or freebsd, routers are usually based on one of the two) kernel routing and networking.
So literally every single network appliance and router has had it’s own critical vulnerabilities, even open source ones like openwrt.
The real solution here is to recognize that web interfaces are a security nightmare, and to either disable them or lock them behind ssh.
(Open)ssh, is known for having extremely few vulnerabilities, only 2.5 critical ones over it’s 25+ years of existence. That’s a big difference compared to some of these network appliances/routers with have 2+ critical vulns every quarter.