We need a check box in the Admin page, where we set LAN / shared internet / etc. to disable 0.0.0.0/0 routes over the tunnel or air interface.
Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer
Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer
https://github.com/aredn/aredn_ar71xx/issues/238
https://www.arednmesh.org/content/ip-rules-nightly-build-509-303c509
Joe AE6XE
- Add another checkbox to ALLOW traffic destined to Internet that must pass over RF or over a Tunnel link. Disabled by default.
We are in a situation where we are linked by tunnel with other groups for dev purpose and some users activated "Allow others to use my WAN" without proper control methods. Some traffic is routed by tunnels to exit at their location without any control to restrict possible encryption over RF. Adding this checkbox would mititigate the risk of passing encryption over RF.
In our case we can confirm traffic only passed through tunnels but if the WAN exit point is not the tunnel node, it may pass over RF at some point. People don't want to get the trouble to setup VPN/Proxy/other solution... Having this new feature could allow local devices to access local WAN as usual. The possibility to allow RF/Tunnel WAN in case it might be needed for specific purpose by node owner would offer controlled flexibility.
Also for latop users, using both Wi-FI(Internet) and Ethernet(Mesh) connection at once, the Ethernet gateway will probably be used by default unless interface priority is manually adjusted, at least in Windows.