ER7206 V.1 1.2.3 Beta Firmware (Bugs, VPN Feature Upgrades and Requests)
Wireguard is the most exciting feature in the router now. Fixing of bugs is always welcome. Firmware works fine for the most part. Thank you very much. There is little to no reply coming for any support query raised for ER7206. We have to figure things out ourselves.
Issues with router firmware with Wireguard:
Infinite Internal Loop - Permanent Disconnection
If one accidentally adds 0.0.0.0 as Allowed Address in Peer, the entire internet access will try to go through this peer and not use WANs which it needs for internet.
There should be error checking or catch for this or not allowed.
Router will disconnect from internet on this infinite internal loop. For SDN controlled routers, this may not allow any control from outside the router or router based login as obviously post-adoption this feature is disabled by default. This may require a hard reset and re-uploading settings in the router.
Please fix the bug. One reset is enough.
DNS Entries for Connections - MultiWAN and Wireguard, LAN, VPN Connections
For MultiWAN routers adding DNS should not be limited to two entries. On Computers all Ethernet and virtual connections apart from network settings *allow* an array or index of DNS by a "string" input (e.g. using in Windows OS Powershell or CMD for netsh or Set-DnsClientServerAddress commands). Some DNS also have IPv6 entries. We can do it outside the router on any machine-based Wireguard and OpenVPN server. Once Wireguard server is inside router, it is only bound to connection defaults i.e. DNS of the WAN connection through which handshake was done.
In OpenVPN the user configuration files can allow routing at the user-level but in Wireguard client side configuration does not resolve in router's Wireguard server.
Being limited to two entries while real-world/external examples Wireguard supports an array means many DNS entries of other connections would not resolve.
1) Convert DNS input to as a string (comma separated array) input for all connection definition LAN, VPN, Wireguard, OpenVPN, L2TP, PPTP.
DNS Caching should cache which connection+DNS allowed an *intranet* based name/IP resolution and store working routes in its table. Configuring IP to WAN based routing rules is a head-ache. ISP support are not well-versed or supportive in MultiWAN /Multi-ISP DNS as each intranet individual server name, route has to be investigated. It took me two months to set things together inspecting every IP address and tracert-ing routes.
Allow option for split tunneling so that only intranet based data goes through VPNs if enabled. It is easy to put all load on VPN router in user configuration files editing Allowed IPs.
Server Configuration File / Peer Configuration File
Allow downloading and uploading of Server and Collective or individual Peer configurations. Having the ability to turn off one peer individually is a super convenience. Having the ability to upload configurations would be an appreciated feature. It would also allow existing setups to be moved on router or replicated using a different listening port as a backup if machine based Wireguard server fails.
Wireguard Outbound VPN Load Balancing
Wireguard Server on external machines with ICS over LAN with Load balancing on router enabled requires handshake with one port and allows outbound data to be transferred through any WAN connection as available. Incoming socket is fixed, outgoing socket is free to choose or load balanced. This is its super power for streaming content using the VPN. Wireguard on router is connection- or domain- specific as identified in the DNS entries it uses. There is no load balanced outbound encrypted traffic from router's server.
Why is it needed?
Some WAN connections have Upload speed limits and this would allow taking advantage of MultiWAN setup to the fullest. Now inward/outward traffic flows through same socket although it is not limiting in Wireguard like other VPNs.
The context help has a few mistakes in spelling.