[support]

Devices on your ISP router are on the WAN side of the pcWRT router. Therefore, any traffic going to the 192.168.1.x address space is considered Internet traffic by the pcWRT router. You have several options:

1. If possible, remove the ISP router and place all devices on its LAN to the LAN VLAN on the pcWRT router.
2. Keep the ISP router, but move the servers on the 192.168.1.x network to the LAN VLAN on the pcWRT router.
3. If only specific devices need to access your file share, you can keep the network setup unchanged but use Access Control to block access the file share from unknown devices.

[support]

WireGuard is not necessary. But if you have it, it affects the Internet traffic only.

Can you share more info on your setup? I’m guessing you have a computer with a shared folder on the LAN. Another computer connected to the Guest WiFi trying to access the shared folder on LAN.

What are the IP addresses for the computers? Are they on different subnets? Is the guest computer accessing the share by IP address, like \\192.168.10.123\shared-folder?

[support]

You can pass arguments to bind the outbound connection to a specific interface. For example, traceroute -i wg1 1.1.1.1 will trace through the VPN connection, curl --interface wg1 http://myip.dnsomatic.com/ will show your public IP address through the VPN.

[support]

You’re right. Connections initiated directly from the router do not go through the VPN, but devices connected to the router will use the VPN (if the VLAN the device is connected to is configured to use VPN). Why do you want to work from the router instead of a computer connected to the router?

[support]

What’s your hardware model and firmware version?

[support]

Give the device a name on the Status page. Then you can create a profile under Access Control and assign the device to the new profile. Select White List for URL filter mode but don’t add any domains to the white list box. Check “Enforce Access Control” for the profile.

You should be able to see all blocked requests coming from the device when you view logs from the Access Control page.

[support]

If your device is connected to a VLAN other than “LAN”, then you’ll be redirected to a 10.x page without the login form. That’s what I said before, only devices connected to “LAN” are able to log in the router.

1. You can’t disable WiFi on LAN. If you are not using WiFi on LAN, then just set a very complex password for the SSIDs and disable SSID broadcast.
2. If you want to restrict devices on a VLAN to Internet only with no internal network connectivity, then you should untick all boxes on that row. For example on your X1, you should untick all boxes with source X1, including to destination X1.
3. You can leave all boxes on the LAN row ticked, which means when you connect a device to LAN, it will be able to communicate with any device connected to other VLANs (including LAN itself). So your device connected to Port 3 will be able to view CCTV footage on X2. But that also means anyone plugging in a device to Port 3 will be able to see the CCTV footage if the CCTV feed isn’t password protected.

[support]

You may need to replace the router if the degradation is hardware related. I.e., if configuration tweaks cannot restore performance.

For WiFi, you may want to play with the channel and transmission power to see if you get better performance. Higher power usually yields better performance but that’s not always the case. Sometimes higher power brings more noise and degraded performance.

[support]

@bambina Additional info for Question 2. You can leave Port 3 on LAN. But you can restrict router access to selected devices or users (could be proxy or VPN users): check the “Restrict router access” box under the Administration section on the System Settings page, then add the devices and users that are allowed to manage the router. Don’t lock yourself out!

[support]

1. If you want all VLANs to be isolated from each other, then only the diagonal boxes should be checked (i.e., source LAN -> destination LAN, etc.). If you further want client isolation, i.e., no cross talk between devices on the same VLAN, then you should uncheck the diagonal box too.

2. It’s preconfigured such that devices on LAN can access devices on other VLANs, but you can untick the boxes from LAN to other destinations so that LAN cannot access other VLANs either. By default settings, only devices connected to LAN can manage the router. If you are concerned that someone can gain LAN privilege by connecting to Port 3, then you can assign Port 3 to Guest (for example).

[support]

Yes, WPA3 is now supported on the AX1800. You can choose your preferred WPA mode per SSID.

[support]

Site Closed happens when you add a Calendar to restrict access to a site. For example, if you add a Calendar to allow Tiktok between 5:00pm – 7:00pm, then when your kids try to access Tiktok outside the time window, they will get Site Closed. More info here: https://www.pcwrt.com/2015/12/how-to-set-internet-access-time-limits-in-pcwrt/

[support]

First of all, do not tag any ports unless you’re connecting another router (with a tagged port) to the ports you’re tagging.

There are 5 preconfigured VLANs on the router, they are named: “LAN”, “Guest”, “X1”, “X2”, and “X3”. By default, “LAN” has the highest privilege and it can initiate communication to any other VLAN (thus all boxes with source “LAN” are ticked). And, only devices connected to “LAN” can log in the router management console.

In your case, assign Port 1 to X1, assign Port 2 to X2, leave Port 3 on LAN. Only computer connected to Port 3 can log in the router. No tagging!

Create SSIDs for Guest, X1, X2, X3 as you need, but you have to keep the SSIDs for LAN as they cannot be deleted. You can have up to 4 SSIDs per band, so you can’t run all SSIDs on both bands.

[support]

@strima We just released a fix for AP mode upgrade (v2.8.1). Follow the steps below:

1. Put the AP router back to Router mode
2. Change the LAN IP address of the router to be different from the main router (e.g., 192.168.11.1 if the main router has 192.168.10.1).
3. Connect the WAN port of this router to a LAN port on the main router
4. Click the “Check for updates” button on the System Settings page to upgrade
5. After upgrading, change the operating mode back to Access Point

You should be able to directly upgrade in AP mode after upgrading.

[support]

@strima Upgrade in AP mode is broken. We’ll fix this in the next release, coming in the next few days.

[Author]

Posts