Bugs for v3


#1

300m router using testing v3 have two problems to report:

First problem. v3 not function for OpenVPN client. After adding files and choosing file, it say connected but not connected.

Also VERY BIG PROBLEM I no see where it say “no internet if VPN no function” so almost I have major data leak problem!

Thank you. I hope this is helping to make improvements in final version.


#3

I do read docs but is true I only begin read v3 docs yesterday. I don’t understand everythings but I read.

What you mean “searched the forum”? I search this: https://forum.gl-inet.com/search?q=openvpn

Nothings there say about problem I have. If you think is very easy answer then why you don’t send link?

don’t seem to have a clue what you are doing.

I feel same about you. I know you trying helping but really is not very helping when you give replies. Always is reply but not anwwer. Thank you for try because is important we help each others but I think is better if you only help when you know answer.


#4

Maybe your OpenVPN client hadn’t established with server? Could you please take a screenshot of OpenVPN client status page?


#5

100% it say connected. But now this is not problem. I upload firmware second time (same firmware, v3 into v3) and now I not have this problem.


#8

I recognize this problem and will attempt to explain it:

I am using an AR300 as a WiFi access point. It is a wired ethernet client of my primary gateway router. WiFi is completely disabled on the gateway, and it does not have any VPN service configured because I want some devices on my LAN to have a low-latency connection.

The mode switch on the AR300 is set to “router” because I want the devices on this subnet to be isolated from several untrusted devices which are connected to the primary gateway for development and testing purposes. It is important to explain this network configuration because it relates to the issue which the original poster has reported:

I have been using the GLi 3.0 beta firmware for many months with no major problems, and the OpenVPN client was working in version 3.009. But I wondered why I never see any upgrade notice in the web interface. So I looked on the GL.iNet web site to see if there is a new firmware version. And so I found the new version 3.013.

I downloaded this and performed a manual upgrade from 3.009 to 3.013. After installing the new firmware, the OpenVPN client does not work. It connects to the VPN server, but I cannot view any web sites because DNS is broken (cannot resolve any host.) For example, this command should have worked – and it does work in previous firmwares:

> ping www.microsoft.com
Reply from 192.168.8.1: Destination port unreachable.

I tried all of the suggestions in the forum here: I installed version 3.013 twice. I cycled power. I pressed the reset button, restored the default settings, and configured the device all over again as if it was new. I tried changing all of the DNS toggle switches in the GUI. Nothing resolves the problem. I also believe it is related to the issue described in this thread:

Like the author of that post, I see two unusual messages in the connect dialog:

* Validating certificate extended key usage.
* Preserving recently used remote address.

The connection is established, the indicator turns green, then it turns yellow, and tries to reconnect. But the connection is not stable and it keeps disconnecting. In the Data received/Sent field, it always says “0KB”. So I searched through my firmware archive and found a copy of an older version, 3.005. I installed that and VPN works. Then I installed 3.013 again as a test, and VPN stops working.


For the next test, I replaced the primary gateway router with another AR-300. Once again, VPN is only enabled on the wired client AR-300 (not on the gateway.)

One thing I noticed immediately is that I could access the web interface on the gateway router from behind the access point router (which was not possible with my original gateway router running OpenWRT). However, the VPN still did not work.

While I was typing this post, I monitored the OpenVPN client log window, looking for errors. After about 30 minutes, the VPN client quit reconnecting and the connection remained stable!!! It must have taken 50 or 100 tries to establish a solid connection. So what we are seeing here is semi-random behavior which is very difficult to reproduce. It almost seems like a time synchronization problem. Regardless, there is obviously a bug in the VPN client that was introduced after version 3.009 was published. When I downgrade from 3.013 to an earlier version, the problem is resolved and the client connects immediately.

I do acknowledge that “DNS rebind protection” must be disabled for the VPN client to connect in this configuration. But that does not help in version 3.013.

My conclusion after all of this testing:

The original poster @ponzi1 is correct: the VPN feature is absolutely broken on firmware version 3.013 when the GL router is a client of the primary gateway. It only works properly when the GL router is directly connected to the modem by an ethernet cable. I have been using the same hardware & software configuration for months, and the VPN client worked fine until I upgraded from 3.009 to 3.013.

Another issue which complicates things is how all of the previous firmware images were removed from the repository, so the typical customer cannot revert to a working firmware image which has the features they need.:

https://docs.gl-inet.com/en/3/release_notes/

If I did not have a copy of 3.005 backed up on our file server, I could not have performed these tests and properly characterized this bug. Since I had to revert to 3.005, I must request that GLi re-publish the previous firmware images from 3.009 forward so I can determine which is the most recent image that works. I also want a clarification regarding whether it is permissible and compatible to retain the user settings between 3.005, 3.009, 3.013, and the next version (in which they will hopefully fix this bug.)

I would also recommend that future versions should preserve the previous firmware image so the user can easily revert to a known working version if this becomes necessary.


Bull crap.

I think you are quite the hypocrite, sir.


Trouble resolving DNS for my OpenVPN connections
#9

@kyson-lok pls check there is change of ovpn part from 3.009 to 3.013


#10

@rk47 Thank you for make much better explains than me.


#11

It is weird, I had tried by myself, I cannot reproduce this issue.

Could you please ssh to the router and run this command:

cat /tmp/resolv.conf.vpn

Show the content in here.

If you stop OpenVPN, all work fine, right?


#12

FWIW, I cannot re-produce the issue, either.


#13

@rk47 I no have problem with OpenVPN because I install 3.013 second time into 3.013. I having other problems (no internet on wifi only wired) but I not have OpenVPN problem.


#14

AR300 #1 - firmware 3.005
cat /tmp/resolv.conf.vpn

nameserver = 10.8.8.1
client IP = 10.7.1.2

(VPN service is working normally)


AR300 #2 - firmware 3.013

When OpenVPN client is enabled and it attempts to connect to the VPN service automatically at boot, the router web management session & SSH connection are terminated when the VPN connection attempt fails. After this I can no longer ping the router (request timed out.) Ping was working at boot time.

If I quickly press the “abort” button in OpenVPN Client before it connects and then issue the command

> cat /tmp/resolv.conf.vpn

nameserver = 10.8.8.1 even when VPN is disconnected !

When I press the “connect” button in OpenVPN Client, the web session & SSH connection are terminated and the router stops working until I cycle power. (ping = request timed out.)

It works if no VPN is configured.

I have two AR300s with different firmware and same configuration. Previous firmwares work fine - but 3.013 is definitely broken.

Thanks, I understand this… but 3.013 is still not working for me.


#15

Can you reproduce this? --I tested a bunch of VPN providers and found several that do not work. Below I give some examples. I include the provider name, providers VPN config profile name, and testing results on two different GLi firmwares. (3.005 & 3.013)

VPNgate 175673389

3.005: TCP works
3.013: successful VPN connection terminates browser access / cannot ping router *

CryptoFree ed255519

3.005: failed to connect
3.013: failed to connect

CryptoFree ed448

3.005: failed to connect
3.013: endless connection cycles

Cryptofree secp521r1

3.005: works
3.013: TCP broken, UDP has stable connection but no traffic flows (ping = request timed out)

ProtonVPN TCP/UDP

3.005: works
3.013: successful VPN connection terminates browser access & SSH connection *

VPNbook

3.005: UDP successful connection but no data flows (ping: connection timed out)
3.013: successful VPN connection terminates browser access / cannot ping router *