(Maybe adding the -verbose for few hours to see some details.)
Is there some good default for port min:max range?
(Except for the info 2x as wide as the amount of clients.)
What bothering me also is process of avoiding any VPN being possibly deployed on the router itself.
Because the traffic should use the ISP. There is no point nor is it for sure anyhow beneficial (possibly a lot of connections and also the lag VPN does add).
How to do that?
Does anyone have some config. tips for OpenWRT that could facilitate such setup.
I use 3.5x. It is now really 4x because I went from -capacity 12 to -capacity 9 and never made the change. In a previous post someone mentioned 2.5x just to be safe. I guess in case destroying a used port is not yet complete while the exact 2 ports are trying to be re-used for a new connection.
I started at 65534 and went backwards. I avoided using the last port 65535 just because so for you and 2x this would be 65525-65534.
I use -ephemeral-ports-range “65497:65534” -capacity 9 -unsafe-logging -verbose and I keep stats
What bothering me also is process of avoiding any VPN being possibly deployed on the router itself.
Don’t understand this. Do you mean someone compromising your system? Hmmm probably not wanting to have to use a VPN on your router.
With -verbose and -unsafe-logging you will see exactly which IP is connecting and all kinds of other stuff.
Have no tips for OpenWRT since I have only tried that one many years ago.