Captive Portal, VPN Speed on Slate


#1

I just bought a Slate before a trip. The setup at home went perfectly. I was particularly impressed by the handling of PIA’s bulk ovpn zip file. Upgraded to 3.007. Successfully tested both Ethernet and WiFi WAN.

At a conference room, I used Ethernet and shared the Wifi with four coworkers that day. This worked fine.

I connected to the hotel Wifi that night and could not initially get Internet access. VPN was not connected, and when I connected it Internet access from multiple Wifi clients worked fine. he next day, I needed to also manually connect to OpenVPN server in order for any Internet from the LAN to work. Might this be a bug that a configured OpenVPN client not connected does not allow un-tunneled internet access? Is there an option to auto-connect or not?

I then tried to connect to the airport’s Wifi, which uses a captive portal. I previously had DNS rebind and Override DNS setting both enabled, so I disabled these and clicked Apply. With all four DNS settings turned off, I tried my laptop, phone, and tablet, and none of them gave me the captive portal window. I rebooted the router and confirmed DNS settings were all off – same issue.

Captive portal while the clients were directly associated with the airport’s Wifi worked fine. I did not attempt MAC cloning. I bet it would work, but did not see the diagnostic value in trying, since I am not interested in this workaround ongoing.

What else can I try to get captive portal working?

My last issue is that while I can get ~200mbps without an OpenVPN tunnel, my speeds drop below 15mbps with the tunnel up. Turning off VPN on the router and instead using a software client from my machines to the same VPN server still provide close to 200mbps.

Is this degree of speed degradation expected using OpenVPN?


#2

#1 OpenVPN issue.

In order to avoid data leak, the router’s LAN can’t access the Internet if OpenVPN is enabled but it is disconnected.

#2 Captive portal issue.

If you have enabled VPN client, it won’t pop up the authentication page, so you have to disable VPN.

#3 OpenVPN speed issue.

15Mbps with OpenVPN is already very high speed, because of CPU is limit. If you want to get high speed, you should use WireGuard instead of OpenVPN.


#3

Very agree
For example, OpenVPN is 15Mbps WireGuard can reach 50Mbps or even higher, and the connection switching is very fast.


#4

Thanks for your reply.

In order to avoid data leak, the router’s LAN can’t access the Internet if OpenVPN is enabled but it is disconnected.

So if I want to use VPN when possible, what should the configuration be? Other than purging all the loaded profiles, it is not clear to me what you’re suggesting. Except for captive portal, I am able to access the internet fine without the VPN client active.

If you have enabled VPN client, it won’t pop up the authentication page, so you have to disable VPN.

What in the UI equates to “disabled”?

15Mbps with OpenVPN is already very high speed, because of CPU is limit. If you want to get high speed, you should use WireGuard instead of OpenVPN.

I hear you. I know there is a lot of processor overhead with OpenVPN, but for a $70 router, I would hope to be able to get faster speeds. It is still early days for WireGuard, so it is not a viable option yet for us.


#5

In the SSr vpn there is a choice of black and white list txt
That is to choose through the list vpn or ordinary internet channel selection.
But the status quo can only be achieved with an external switch.
Then you can only expect that vpn is high speed.
I think that as long as it can reach 20-30Mbps connection, the Internet is not a big problem.
15Mbps is really a little slower


#6

Questions 1 and 2 are the same:

Login to GL UI > VPN > OpenVPN Client > Disconnect.

You might also be able to do this with the switch but I have never tried this.


#7

In all cases I mentioned, the OpenVPN client page showed the Connect button available. I assume this means I was disconnected.

@kyson-lok mentioned “OpenVPN is enabled but it is disconnected.”

I am still not clear what the distinction is to be enabled but disconnected. Do you mean if you’ve clicked Connect but the tunnel has not yet been established? If so, the issues I describe are not that scenario.


#8

My reading of this is that once you have clicked “connect” the VPN is enabled, whether it connects or not.
So, for example, if you are connected and then simply pull the power plug, then the VPN will still be enabled at next reboot.


#9

Yes- I had this very problem and thought my Slate was misbehaving. It wasn’t 'till I’d explicitly disabled the VPN (which was running, but because the captive portal wasn’t allowing traffic thru I couldn’t go anywhere).


#10

It’s just one of the reasons that I think the old “ForceVPN” option was better than this compulsory auto in the new firmware.


#11

Is there a consistent indicator in the UI to determine whether I have VPN disabled? In all the captive portal tests, the Connect button was available (not greyed out and not selected) in the OpenVPN Client page and in the Internet page, the VPN icon showed with an X by it. I had just pulled the plug on the router from a previous session, and VPN was running at that time, signified by the checkmark by the VPN icon. Does the X mean VPN is disabled, or just that a tunnel to the VPN server could not be established?

How can I be sure I have taken VPN out of the equation?


#12

The icon is grep means OpenVPN is disabled.


#13

First we are fixing the VPN leak problems in current firmware.

Then we will develop a portal auto detection daemon to solve the portal problem.