It’s the latest firmware. I also downloaded the firmware again, verified the SHA-256, and reinstalled it.
I am seeing these connections in status, realtime graphs, under connections. Below the graph there is a list:
Network Protocol Source Destination Transfer
I am seeing some destinations that make sense, like my VPN IP. I am also seeing other things that make sense, like if traffic is being forwarded to the router so then it can be forwarded into the VPN. I am also seeing syncs with 123 ports for time server stuff. I am also seeing random stuff on there that is happening outside of the VPN that makes no sense to me. Connections to random amazon stuff, connections to hosting companies, all sorts of strange stuff that should be going through the VPN or not even going anywhere.
I can check to see if the IP addresses show up without Wireguard running, but I know the VPN IP address and that is not what these are going to. They are also showing up with multiple types of VPNs and VPN companies.
It’s possible that programs on the router are doing this to see if there are updates and so it’s connecting outside of the VPN, but I don’t even want this. I want all traffic to go to 1 IP, my VPN IP. The DNS requests can even go through the VPN IP too since the VPN doesn’t have a name that needs to be translated to a number. I don’t really even need to the time servers to not go thought the VPN.
Either many packets are being sent outside the VPN or the destination IP here doesn’t mean it’s getting sent outside the VPN. When I saw all these IPs, I at first thought I was hacked, but then once I flashed the SHA confirmed firmware and saw the same thing I didn’t know what to make of it.
It’s the latest firmware. I doubt it’s hacked.
And although I h ave devices that are connected, even if these devices are connected, all the traffic should go through the VPN so I don’t think my devices could be corrupting the router when they connect if all traffic is supposed to go through the VPN. It’s possible my computer is infected. I did have an issue with upgrading but I just don’t see how that could infect the router and let connections to the router exist outside the VPN. I am perplexed on this.
I will do some tests here. If you have any thoughts on this, please let me know.