Disappointed that VPN client & server cannot be active together

Hello,

Just a quick feedback about the need I wanted to cover in buying a GL-inet router.

Until recently, I was running a pi-hole on a raspberry pi wired on my ISP router. It was nice, but I also wanted to benefit this DNS sinkhole when I’m not home, so I installed a Wireguard server on this raspberry pi, and all my mobile devices had a VPN tunnel to my home to benefit from the pi-hole. But to complete this security & privacy package, I also wanted an upstream VPN connection for all my home internet traffic.

That’s when I heard about Openwrt, and GL-inet routers that were proposing:

• A wireguard client, so I could route all my home traffic through a VPN service, but also
• AdGuard Home, an equivalent of pi-hole
• A wireguard server, so I could completely replace my raspberry pi with this router.

And then I bought a GL-AX1800 Flint. And started to configure it to put my plan in action. And what a disappointment when I discovered that I couldn’t startup the VPN client while the VPN server is up ! While it’s exactly what I needed to do and what I bought it for !
Meaning that the raspberry pi will have to stay on duty, at least to be the wireguard server the router refuses to be when an upstream VPN connection is active.

For now I’m still wondering whether the investment was worth it. Is it something that could change in the future, or am I the only one wishing VPN client and server at the same time ? (and my own sinkhole DNS in between)

So you could buy another Flint, Beryl or BrumeW to solve you issue or spend $300+ on a Netgate, Protectli vault and run Pfsense.

You are not the first to ask for this. As an example see: VPN Client and Server at the same time on GL-MT300N-V2 - #2 by alzhao

@alzhao who runs things at GL iNet replied this feature should be in the 4.x firmware. Unfortunately the 4.x firmware release and features have been talked about in this forum for about 18 months and we are still patiently waiting for the first general beta to be released.

Looks like the ATX1800 might be the first 4.x device…

Just post a screenshot here

image1367×894 47.5 KB

AXT1800 and AX1800 will be the first to have 4.x firmware.

As some functions has total redesign so bugs apply.

Do you have an estimated release date for 4.x on the AX1800?

Next week we will push firmware 4.x for AX1800 to snapshot.

This looks promising ! I’m happy to learn that this is in the roadmap ! I’ll stick with my Flint then, patiently waiting for this 4.x firmware.

I may not go for a snapshot release though, what’s the usual timeline between snapshot/beta/stable ?

It is beta7 now. It needs more than 10 beta at least.

Hell yes!!!

Very excited for this😄

What OpenWRT version will V4 run?

Firmware v4 start from Openwrt 21.02

Seems it is better that I can post a beta firmware here.

It has many bugs though. The 3.214 firmware of AX1800 is much stable.

Changing from 3.x to 4.0 Beta:

Download the img file and upgrade in your 3.x firmware. Do NOT keep settings. Otherwise it does not boot.

You can also use uboot mode to change to 4.x or change back to 3.x.

You do NOT need to report obvious bugs because we are on that now.

Woh, it’s working great for me so far. Very stable, and wireguard seems to have been optimized a bit!

Used to get 400mbp/s average on wireguard, now it’s 580mbp/s!

Great job, looking forward to beta testing further😄

There are a lot of updates available for plugins (43 in my case).

I tried updating them all, and, obviously, had to reset using uboot😄

Are there any packages I should update, and a list of packages I shouldn’t?

For me it got worse,from 540Mbps (3.213) to 250-300Mbps with this beta8 (Local speedtest)

Will you be posting updated firmware here also, or will those be uploaded to the firmware website?

I need to use luci-app-openvpn and luci-app-vpn-policy-routing for multiple openvpn client tunnels. Those don’t seem to work. I can upload an openvpn config and start multiple instances. When i try to add a new unmanaged interface (e.g. tun0, tun1) tun0, tun1 do not appear up as addable in the luci app. This was with the beta 4 v8 firmware.

Yes. Firmware will be updated. I will either post here or put in download website.

sounds like kmod-tun wasn’t compiled. Look in plugins to see if you can find kmod-tun and install it then reboot router.

For anyone having trouble with the beta, it looks like downgrading through uboot doesn’t work.

Was able to downgrade using LuCi though, just select the force option.

Back on V3.213 for now, because the VPN policy on beta V4 didn’t work for me either.

kmod-tun was installed, so not sure what the issue was🤷‍♂️