pmg

In the process of trying to set up DNS over HTTPS I have run into an issue with it switched on in an app (FIREFOX). I presume this is because requests are now encrypted and Duma OS can now not read the requests? but having dns over https on in firefox comletely bypasses Duma Adblocker meaning I can now no longer block specific domains which was a feature I really liked. So now I'm looking at setting up adguard on a device which is a real shame (adding another point of failure). I wish that duma os natively did DNS over TLS and DNS over HTTPS . I see a request was made about 4 years ago on the forums.

I'm not sure of the official way , but can tell you how I found a semi satisfactory cfg.With the caveat that really you should get an r3 to have 1gb all throuput all the time. On the qos page I use bandwidth allocation with devices with download/upload share excess both ticked. Turn on congestion set to apply ALWAYS then visit a bufferbloat site such as https://www.waveform.com/tools/bufferbloat then lower your download upload speed (I'm on 1 gig download as well but only 100 meg up) by an arbitary number at a time say 50-100meg and retest for bufferbloat (you might need to reload the page). Till you get bufferbloat very low . Once you have found that optimum number for me it was 450 down 75 up , change the congestion control to AUTO ENABLE. That way this throttling of your network only happens when you are gaming and when you are not you get the full benefit of your network speeds. IF you retest bufferbloat with AUTO ENABLE on you will probably get a bad result if someone is not gaming on your network at that moment as it will let your full speeds through so dont let that confuse. Hence me saying find the optimum value with congestion control set to ALWAYS then switch to AUTO ENABLE once found. If you had an r3 we could have congestion control set to ALWAYS.

I'm now wishing there was a proper access point mode for the R2 that would probably make me go for the r3 then. Could then put the R2 to use , the idea of it just being a spare doesnt really appeal.

@IrishNomad Online offline has seemed accurate from my experience ..... yes you can name the devices and if you give them a fixed ip it should be fine. I in truth finder it easier to manage from the AP in general though .

@IrishNomad It seems to identify some but not others ,so I actually think its more an issue with how the device broadcasts and the access point also identifies rather than the router. They are all there just not all correctly named.This is using ubiquiti U6-LR. @Netduma Fraser thanks for your earlier reply !

Sorry if I have missed the info elsewhere but what can the r3 handle in comparison to the r2 in terms of pps (packets per second) and qos up/down. I'm not actually interested at all in terms of the new wifi capabilities as I have access points for that. So really just trying to see the net benefits of the new r3 for me over the current r2 bar getting duma os 4 earlier. Thanks in advance

Hi Fraser, many thanks for that I have done as you said but just for that port 5353. I'll see if I get any more emails from them. As a side note port scan protection really does work when dmz is not enabled , when port scan is off it shows ports as closed but when its on its shows in stealth. Apart from it doesnt seem to work on the following ports for me 135, 139 and 445 not sure whether thats a bug ? or intentional that those 3 ports dont seem to be effected by port scan protection.

Hi Fraser , it was already in modem mode. I'd rather go back to my old set up of an edgerouter in front of the netduma if I have to put it behind another device in a router mode. I just came to the forums looking for a solution that avoided that. It would be good if we had a way of blocking ports on the netduma and dropping traffic from the outside so it looks like there is no response on them. Its impossible to achieve full stealth ports on the netduma , so someone can see a device is there if they ping certain ports. Image shows a port scan on the netduma sat behind the superhub in modem mode , and shows closed ports (blue) that are responding. (when no devices are in DMZ, ports 138 ,139 and 445 are still not in stealth but the rest are good). When using the edgerouter in front of the netduma its fully green showing all ports in stealth. Which is the preferred outcome. I was just trying out the new firmwares on the R2 , it used to crash daily for me in the past requiring a daily reboot when I was using the netduma to control my full network but does seem much improved now. I just have this virginmedia multicast warning issue now.

the superhub is in modem mode

If you look at any router security sites like https://routersecurity.org/checklist.php upnp is really not great from a security pov , if you visit something like https://www.grc.com/shieldsup you might see different devices have popped lots of holes in your network using UPNP. I am aware I am probably being over cautious 🤣 I'm just trying to stop myself from being hacked. To be fair I probably shouldnt be putting a device in dmz either mind you. Hence getting the virginmedia multicast email.

Just having exactly the same issue from virginmedia , I also presume its because my playstation is in dmz . I'd not suffered this in the past due to the fact the r2 was behind another router but now its directly into the virginmedia modem they have contacted me. bummer there is no solution , might have to revert to my old network setup

ping heatmap is not working for modern warfare 2 for me .....I get 43 failed servers all with NA/ms

ok thanks Fraser , will do. Would still like to see this as a feature request.

Hi , I would like to disable QOS but still keep the add blocker running , the network I am using has the netduma sat behind another router running a couple of subnets with QOS already running on that router , hence wanting to disable congestion control on the netduma . My main use of the netduma is the geo location fencing and the ad blocker for the devices connected to it. Is there a way to set this up ? as in disabling congestion control but still keeping the ad blocker running thanks