4.0 and VPN policy

alzhao · August 15, 2022, 1:14pm

Maybe the same problem. Will fix both.

i7bar · August 15, 2022, 2:40pm

if ones uses adguard then he/she can/should define a custom dns server for a client using vpn as explained in the following post:

https://forum.gl-inet.com/t/slate-axt1800-openvpn-adguard-home/23173

emaba · August 19, 2022, 7:29am

Hi @alzhao. Do you have any updates on the issue?

alzhao · August 19, 2022, 10:01am

Yes. Can you try the snapshot? It should have fixed that.

alzhao · August 19, 2022, 10:06am

I mean 4.0.2
https://dl.gl-inet.com/?model=axt1800&type=beta

emaba · August 19, 2022, 10:19pm

Great! I just tested it, and it’s working!

antifascista · August 20, 2022, 6:46am

It’s working now!
Thanks

antifascista · August 20, 2022, 1:41pm

Another issue is blue led not working.
On kernel 5.4 blue led is working and showing wan activity.

alzhao · August 22, 2022, 7:55am

LED status:

Blue: System booting
Blue flashing: No Internet
White: Normal Internet

antifascista · August 22, 2022, 12:46pm

Hi alzhao,
I refer to small blue led in the left. On kernel 5.4 it’s blinking by wan activity…

alzhao · August 23, 2022, 6:33am

It should not. Otherwise it is not configured well.

antifascista · August 23, 2022, 7:07am

Strange for me too but in kernel 5.4 firmware small blue led blinks by wan activity like luci configuration.

LupusE · August 23, 2022, 9:07pm

A little offtopic, but I’m too tired to create a new post, right now.
I’ve tried Kernel 5.4 the first time, today. And my Slate AX is happily blinking with the beat of my WAN traffic … I can’t say if it is blue or white, but is is blinking.
I do agree: I think it is configured in the image. I haven’t kept my settings while downgrading from 4.0.2 (I don’t think it is a downgrade, but the ‘Update dialog’ says so).

Bilou · August 26, 2022, 12:19pm

same problem noticed on slate ax running latests 4.0.2 release

alzhao · August 30, 2022, 9:34am

Do you have more details? Because the other guys said it is fixed.

Bilou · August 30, 2022, 9:59am

It’s working however it does not seem stable over time: for unexplained reasons (happened again last evening) VPN traffic will no more go through without clear reasons and device will become unstable / unresponsive. It does not happen with Brume with the very same config in terms of vpn config, policies.
Only way to solve it is to reboot (unplug) the router as GUI or Luci access is no more possible either. My internet line (500 Mbps fibre) & ISP is of good quality and not causing the VPN to stall.

I have even put a script in etc/config directory call from the crontab (lucid “scheduled tasks”) to test the VPN traffic availability and if I cannot ping google through the vpn interface (“wgclient” on slate ax), I will retry again and then trigger a reboot.

script:

if [ “$(ping -I wgclient -q -c 3 -W 1 8.8.8.8 | grep ‘100% packet loss’ )” != “” ]; then
logger -t WIREGUARD_Reconnect WIREGUARD Tunnel has got NO internet connection, RETRYING IN 60S
sleep 60
if [ “$(ping -I wgclient -q -c 3 -W 1 8.8.8.8 | grep ‘100% packet loss’ )” != “” ]; then
logger -t WIREGUARD_Reconnect WIREGUARD Tunnel has got NO internet connection, REBOOTING IN 20S
sleep 20
reboot
else
logger -t WIREGUARD_KeepAlive WIREGUARD Tunnel is alive, Google ping OK
fi
else
logger -t WIREGUARD_KeepAlive WIREGUARD Tunnel is alive, Google ping OK
fi

alzhao · August 30, 2022, 10:38am

Thanks but you mentioned a totally different issue.

When this happens, what is the LED status? Does the device has crash log?

Bilou · September 6, 2022, 8:18am

I have reset the SLATE unit, it’s running 4.0.3 release 1.

I have reinstalled my VPN configuration and settings around it.
I have waited for the problem to reoccur. Router did no crash as such, however I noticed after many hours, all http traffic was failing.
I ssh’d into the router and tested under terminal with ping external IP address or domain name, and it still worked.
I restarted VPN using command /etc/init.d/vpnpolicy-apply restart then service was back to normal with VPN and it’s domain policies working fine.
Looking at system logs, it seems Wireguard wgclient went down at some time during the night, I don’t know why, but when it came back up, traffic was not stable. ping works but not http calls (browser or apps)
I have the system log available but cannot upload it (only images) ? attached the extract when it went down in the middle of night and restarted.

my config steps:
Using GL.Inet GUI

I have put my VPN wireguard client config (Mullvad)
I have added a list of domains in VPN policies to be excluded from VPN traffic.
I have declared a host name pointing to the router: “router”
I have installed opens-sftp-server plug-in to access router via sftp

Using sftp:
3) I have installed a proxy wpad.dat file in Slate www dir, to use a Mullvad proxy within the VPN (Disney+ filtering to allow auth…).

Using Luci,

I have added a DHCP option 252 in the LAN DHCP advanced settings config for the proxy: 252,"http://router/wpad.dat for the client to auto discover the mullvad vpn proxy config
I have also set custom DNS to the LAN interface, applicable outside vpn.
I have put a script in etc/config that test every 10 mins (in crontab) the link via a ping through the wgclient interface

alzhao · September 6, 2022, 12:55pm

Can you check if the router’s time are correct when this happens?

It seems such problems may be caused by time.

Bilou · September 6, 2022, 3:15pm

I have checked and router’s time is correct in the router, UTC+2. Africa Johannesburg
Same configuration than in the Brume router that works fine. My VPN connects to France.