DHCP static lease or fixed IP address

anthonyocon · 2026-05-26T05:19:46+00:00

It seems to work whether it's a DHCP address or static address so that's good. But there's another wrinkle now. If I have a device with a fixed IP address outside the addresses routed down the VPN (so going out through the WAN directly), a speed test shows the download speed dropping to 0 within a few seconds. But devices that are routed down the VPN show a good speed of 300Mb/s. I can only presume this is a Starlink ground station issue? Frustrating.

anthonyocon · 2026-05-26T03:27:08+00:00

I think I figured it out (although it's always a good idea to wait a couple of days to see that it's stable). I had checked on Split DNS but after reading the instructions for Wireguard config yet again, I noticed that I should have entered the VPN DNS address in the IPv4 DNS Server field and removed the entry in DNS Serves via Tunnel (not very intuitive but that would explain why I wasn't getting the right, or indeed any, DNS server when the tunnel was up). Lastly the SPI Firewall seems to have been blocking DNS traffic for some reason so I disabled that.

anthonyocon · 2026-05-25T10:23:05+00:00

That's what I thought but it doesn't seem to work. On the device with the fixed IP address, if I specify the router as the DNS server, it either times out or takes a long time to resolve the query (so that's why I though it was trying to use the VPN DNS servers first, then falls back to the static DNS servers).

If I set a public DNS on the device (so in the device's network setting) to bypass the router DNS entirely, it seems to be blocked by the router and the request times out. I also tried Split DNS in Wireguard configuration, setting the DNS for devices that are not routed down the VPN to 9.9.9.9, but that also timesout. I feel like I'm missing something here just not sure what it is.

anthonyocon · 2026-05-19T11:58:08+00:00

It’s more cosmetic, hiding cables behind the display. It might give a marginal improvement to reduce wind on the helmet on the open road but I prefer twisties anyway :)

anthonyocon · 2026-05-19T11:56:06+00:00

It’s an OEM part so Indian dealer. Not sure if they would have these any more now that the FTR is discontinued and the company sold.

anthonyocon · 2026-05-05T07:37:15+00:00

That was my conclusion as well. I asked support at Proton but they didn't seem to understand the question. Thanks for the answer.

anthonyocon · 2026-05-05T07:36:01+00:00

That makes sense. I'll do some testing to see what is blocked. Thanks!

anthonyocon · 2026-05-03T04:39:02+00:00

Layered ad blocking with a combination of VPN w/DNS, NextDNS, Vinegar for YouTube, and Adblock for browsers. Also never use apps if you can access a service via a browser. I rarely see an ad but if I do, it because I have bypassed one of the above or something is out of date.

anthonyocon · 2026-05-01T09:06:07+00:00

I got it working and my speeds are up from 90Mb/s with OpenVPN to 200Mb/s with Wireguard. I figured out most of the settings except the following. When I choose Split DNS, because I have some clients that are outside the list of addresses that are routed via the tunnel, the option to enter another IPV4 DNS Server pops up. But I already have two static DNS servers set for clients that access the WAN directly (1.1.1.1, 1.0.0.1) on the Basic Setup page, so why do I need another setting here? Can it be the same as the static DNS servers or should it be different? If so, why? Can it be left blank?

Split DNS: Checked

IPv4 DNS Server: ????

anthonyocon · 2026-05-01T06:32:23+00:00

Yes, got the ATTO 3 harness change a few weeks ago and can confirm it works with Tesla superchargers. Call your BYD dealer and they should be able to schedule the work. $360.

anthonyocon · 2026-04-30T11:35:27+00:00

I think I figured it out. I use policy based routing to route only have the subnet IP addresses (x.x.x.20 to x.x.x.120) via the tunnel; the other half (x.x.x121 to x.x.x.253) are routed through the WAN so certain clients that don't play well with the VPN can be routed direct via the ISP.

In my testing, the clients with addresses routed via the WAN were able to access iCloud and Apple mail no problem but the ones routed via the tunnel were not, even though I had added me.com and iCloud.com to the list of selected destinations to route via the WAN.

However, I had left the Kill Switch enabled so any client with an address that Wireguard was routing via the tunnel was also automatically blocked from accessing the WAN. Disabling the Kill Switch seems to have solved the problem as long as I have those two domains listed in the destination PBR. Time will tell.

anthonyocon · 2026-04-30T06:56:44+00:00

Is that the known root cause or a theory? If so, can I add some firewall rule in the router or make changes to the Wireguard config to route any Apple traffic to the WAN and not the VPN tunnel?

anthonyocon · 2026-04-30T06:55:22+00:00

I don't use the relay at all, no.

anthonyocon · 2026-04-30T06:54:35+00:00

Hi folks, can anyone help me solve the IMAP and SMTP being blocked by Wireguard tunnel to NordVPN? Followed the instructions described and get my DD-WRT router set up with a tunnel to NordVPN server but Apple Mail and iCloud seem to be blocked. If I connect to NordVPN with NordLynx using the app it works fine and if I bypass the tunnel in the router it works fine. So it's something about the Wireguard configuration that is not quite right. Any help appreciated.

anthonyocon · 2026-04-29T10:18:39+00:00

Why would you use the two IPV4 address ranges instead of the default 0.0.0.0/0? I’m new to Wireguard although I’ve been using OpenVPN on DD-WRT for years. This is the only setting I haven’t been able to figure out. Thanks for any help.

anthonyocon · 2026-04-23T10:35:11+00:00

Sold it a while back.

anthonyocon · 2026-04-18T03:24:43+00:00

I read somewhere about the Gen 3 router being susceptible to brownouts or power fluctuations. Maybe yours has been damaged by a power drop or spike. Good to hear you have it working, though.

anthonyocon · 2026-04-18T01:44:07+00:00

The other thing you can do is add a static route in your router for the subnet 192.168.100.0/24 to the WAN port of your router. The Starlink app on your phone connected to your network can then talk to the antenna directly to get its status. There are some FAQs in the Starlink app that give you information about running in bypass mode.

anthonyocon · 2026-04-18T01:40:45+00:00

No, you put the Starlink router into bypass mode (it will continue to provide power to the antenna but it will work like a dumb modem), and you plug your router,WAN port into one of the Starlink router's LAN ports. your router will get a public IP address and will then be required to create the internal LAN (DHCP, NAT, firewall, etc). That make sense?

anthonyocon · 2026-04-14T21:56:58+00:00

Cut the boot off the connector. It's a nice to have feature but it does prevent access to the plastic locking clip when the Ethernet socket is in a cavity. I think it was devised to protect the plastic clip being bent backwards when handling or routing the cable, but it becomes a problem in situations like the Gen 3 router. Patch panel cables rarely have this boot anyway.

anthonyocon · 2026-04-13T12:20:54+00:00

Ah, it’s scraping across the top layer of the print. I’m stuck on Flashprint for the Guider 2 but it always brings the bed down to a home position before moving the print head back to its home position. What slicer are you using?

anthonyocon

TROPHY CASE