Does the GL-AXT1800 still have poo poo firmware?

Hi, I’m planning to spend £120 on a Slate AX in the hope of attaining the best VPN speeds possible but a particular Amazon review is rather off-putting. Could somebody please confirm whether these issues still persist or have been fixed? The review is from France and once translated reads as follows:

• TO AVOID! Unfinished product, non-compliant, very limited firmware

Reviewed in France on 2 August 2022

Verified Purchase

Slate AX GL-AXT1800 PROBLEMATIC, NOT COMPLIANT, it lacks a lot of features in the firmware VERY BUGGY!
Examples (WITHOUT LUCI):
Updating arm OpenWRT packets then crashes the router and impossibility to update all packets at once
Tethering recognizes Huawei keys in ios3 and does not route (of deja vu and reported on arm300 before)
No possibility of IP or MAC filtering for the vpn (wireguard tested)
No possibility of IP or MAC filtering for the vpn (wireguard tested) IP routing to change gateways
Firewall and port forwarding very largely incomplete
Mullvad and Nordnet VPN “in hard” and resuming the default login pass (serious?) , impossible to remove them…
Unit heats up a lot, I see a fan but it doesn’t turn on.
Power cable with usb 3.2 plug too short.
AdGuardHome error message “requires dns adguard” (that’s wrong!)
Sometimes impossible to connect to the interface, need reset
Lacks quite a few settings in the interface compared to the ARM-300
The only positive point is the very responsive and powerful cpu, in a beautiful dark gray body.
A little less powerful there is the hap3 from MIKROTIK but at least it works and knows how to make roads…
I suggest you wait until all bugs are fixed before buying.
I’m keeping the ARM-300 for now!*

On one hand, the firmware is better than it was on August 2, 2022. At the same time, it still leaves a lot to be desired.

I personally have a firmware build using the gl-infra-builder from a few months ago, and it’s relatively stable. That said, it’s still on a QSDK 4.4 kernel and… well, yeah.

Realistically, you can get between 200-300 mbps on a clean OpenWrt build using WireGuard for the A1300 see also (here).

You can get an easy 300mpbs on WireGuard and 150-180mpbs on OpenVPN using the MT3000 (which has it’s own firmware issues, but is in a race condition with the AXT1800 for clean OpenWrt support).

The AXT1800 will in theory give you ~600mbps over WireGuard, and tops out at the same 150-180mpbs as the MT3000 on OpenVPN.

In my mind the question would be whether you really need the extra 300mpbs that the AXT1800 offers. If you are purely concerned about speed, you’d be better off getting a low powered Intel appliance for not much more money that could likely easily handle 1gbps on WG or IPSec. There are a number of solutions that can do this if you’re not super concerned about power/size/weight. If you’re on the road, 600mbps is kind of overkill, IMO. I rarely stay anywhere that the 50mpbs you get on OpenVPN via the A1300 is actually limiting.

tl;dr - Unless you’ve got a GL.iNet router that’s got stock OpenWrt support, the firmware is going to be a crapshoot.

tl;dr (2) - If you really want the “best VPN speeds possible” you probably don’t want a low powered ARM device.

tl;dr (3) - If you are looking for a travel router, the functional difference between the A1300, the MT3000 and the AXT1800 is likely to be negligible in terms of VPN speed.

Thank you for getting back to me. It is all extremely confusing as my only involvement with non ISP routers is the MangoV2. When people talk about Luci and OpenWrt it kind of gets lost on me haha. The thing is I’ve got a 500mbps fiber subscription and am paying for the full 500 so ideally would like to use the full 500 or at least most of it otherwise it feels wasted. Is there any Amazon UK purchasable router you could recommend for brainlets with zero knowledge? I’ve looked through the options recommended previously but just want verification before I buy something. The way I control the MangoV2 is through the browser interface at 192.168.8.1 and the glinet app on my tablet so ideally I would want something similar to that, I don’t own a PC so can’t flash things or edit things which is also a restriction. Thanks.

Forgot to add: According to the confusing Amazon UK the A1300 can only do a maximum of 190 through wireguard but if you scroll down to the comparison against other models it claims the maximum wireguard speed to be 170, and that is by ethernet which I assume means an ethernet cable from the router into a computer? Unfortunately as I only have a tablet I can’t use ethernet. I would use ethernet to connect the VPN router to the ISP router but I don’t think that is what it means.
https://www.amazon.co.uk/GL-iNet-GL-A1300-Encrypted-Tethering-Pocket-Sized/dp/B0B4ZSR2PX/

I mean, if you don’t have a computer then I kind of question exactly how often you’re going to be really using 500mbps, and even if you did how different the actual experience would be from, say 250mbps. I have symmetrical gigabit service, and I hardly ever max it out (I can usually get 750-900mbps downloading games from steam, but other than that it’s really rare for me to have the connection over 400mbps for any length of time - and that’s usually pulling something from one of my data centers.

I’m a very-power user, and this is my hourly usage over the last month:

image2250×810 88 KB

This is with several servers, an offprem data backup, etc. If you’ve got 2 tablets, you’re not going to be “using the full 500 or at least most of it” much if any of the time.

Then there’s the question of whether you’re going to actually be routing all of that traffic over a VPN. Maybe you trust a for-profit VPN provider more than your ISP, but… I wouldn’t? There is basically no application around right now where you need 500mbps for streaming anything. 8K video is something like 100mbps, so unless you’ve got multiple streams going on, you’re probably going to be fine with less.

My father made basically this exact comment with his gigabit service. My response was basically, “Look, if you want to pay for less, pay for less. But there’s no way to effectively use 1gbps of traffic on a normal basis in 202[3].” Why do I not have 2gbps, which I could get for $10/month more? Because 1) I can’t use the 1gbps I have, which strongly suggests I wouldn’t use the extra gbps, and 2) I’d have to upgrade a lot of networking gear to take advantage of it, even if I could use it.

If you want something that’s really going to do sustained 500mbps-1gbps performance that just works, your best bet is to get some sort of pfSense or opnSense appliance paired with a Ubiquiti access point. But seriously, that’s overkill for almost everyone.

My general view on GL.iNet firmware at this point is that for the foreseeable future it’s going to be in a perpetual state of “we’ll fix that on the next release”. The trend line is usually in the positive direction, but they’ve also made some fundamental design choices in their software implementation of certain features that are going to make it really hard for them to easily fix certain things. I would not trust it in production. But if you live in a small-ish apartment, have a fast-ish internet connection, need to have VPN capabilities to providers that are reasonably easy to set up, and you can reset the thing every couple of days if necessary, it’s probably not a bad choice.

I didn’t expect for there to be any speed based differences dependant upon device type but that goes to show how much I know. Right now I can’t get even 30mbps through downloading on multi hop wireguard servers so even 250 would be massively different but I was just under the impression that maybe loading a news article would take 4 seconds on a router that can do 170 but almost instant on one that can pass 500.

I was just under the impression that the connection would always peak to its maximum speed possible to deliver data at its fullest limit in the shortest time.[1]

The government of my country has colluded with several agencies to trial a new dragnet surveillance method across most ISP’s and my VPN provider has been through a high profile international court case which ended in the judge agreeing that the service legitimately has no logs which could in any way help with any investigation. They secretly did an audit against the network and the client interfaces which also found that no data could be passed or stored even inadvertantly. I trust that more than people literally working with spies.

See [1]

Your father is a wise man There are slower subscriptions offered but as mentioned in quote [1] I always thought sites would attempt to deliver data at the maximum speed possible. If you load a 1080p YouTube video on your 1gbps connection would it load at the exact same speed you would get if on a 2gbps connection?

This is one of the worries, I’ve owned the MangoV2 for about a year and received the update available alert at the same time as everybody else, it installed and worked fine. I even installed Tor on it until I realised you can’t use Tor and VPN together. The ease of stability and lack of issues has perhaps made me unaware or the complexities behind making all this work and how it all goes together. The MangoV2 worked easily and was set up within 10 minutes but all the various warnings and complaints about higher speed models is disconcerting to say the least. Right now I am still unsure which device to buy. I know now I won’t get near the 500 capacity limit but I do not know which model would potentially get the most consistent speed and prove as user friendly as the MangoV2. It is just for home use with a few people, its not for commercial business or anything like that. Sorry for the biblical scroll worth of text. Thank you for helping.

So a couple of things:

Connection speed matters at slower speeds, but it doesn’t scale. A 5mbps connection will almost certainly load a page noticeably faster than a 1mbps one. But that’s not generally true for 50mbps vs 10mbps, and certainly not true for 500mbps vs 100mbps. Is my Porsche faster than my Volvo? Yes. Does it matter when I’m driving in town? No.

Consider this load of the BBC from my gigabit connection:

image976×1344 174 KB

A couple of notes:

1. The total data transferred on the front page was 4.2 MB (not much!)
2. There were 226 separate elements loaded, and
3. It took almost 7 seconds to fully load the page.

A gigabit connection could theoretically do that data transfer in 0.04 seconds. Even a 100mbps link could theoretically do it in under half a second. So what’s the deal?

Basically once you get past a certain transfer rate, a lot of other factors come into play when you’re talking about webpage loads. Query times, latency, rendering times … all of them start to matter much more to the total load time than your raw transfer rate.

Check this single element from that previous BBC load:

image786×984 74 KB

It doesn’t show the file transfer size in the screen, but it was less than 300 bytes. It took 0.2ms to transfer the 243 bytes, but 537ms to wait for the server to send it. And this is the basic story with web browsing. It doesn’t really matter how fast your connection is because you’re having to do dozens-to-hundreds of simultaneous loads where you may have to wait hundreds of milliseconds for the server just to process your request. (And add a hundred or so milliseconds if you’re using a VPN).

If you’re primarily streaming, looking at webpages, etc, I would seriously doubt you are going to be able to notice a difference between a 200mbps VPN connection and a 500mbps one. You would, probably, notice a difference between a 200mbps non-VPN connection and a 500mbps VPN connection - the 200mbps connection would feel faster, because you’ve eliminated a major portion of latency from the pipeline.

This is only true if

1. Every single node between you and the ultimate server you’re connected to has unlimited bandwidth available, which they never do and
2. If you are doing a few continuous sustained transfer, not a lot of tiny ones.

In other words, you’re much more likely to get high speeds when you’re downloading say, an OS update from Apple than you are when you’re loading a random webpage. In one case you’ve got a single file that is able to stream likely from a huge CDN, where on the other case you’re downloading hundreds of tiny files, each of which needs to have a connection established, has packet overhead, etc. If you’ve got a 100mbps connection, you can max that pretty easily. If you’ve got a 300mbps connection it takes a little more work, but it’s still relatively easy to do. Maxing 500mbps - especially over WiFi - is hard. You basically need to be connected to a major CDN and be downloading something big. Maxing 1gpbs is doable if you’re doing a speed test or downloading from Steam. Otherwise very difficult. Maxing 10gbps - not possible, even over close fiber (the best speedtest I’ve ever gotten over the internet on a 10gbps link was ~8.5gbps down and ~3.5gbps up, to a fiber provider about 30 miles away).

FWIW I tried just now from the datacenter. Results:

Download: 8611.21 Mbps (data used: 14.0 GB )
Upload: 3225.13 Mbps (data used: 3.8 GB )
Packet Loss: 0.0%

Um. Ok. All marketing aside, I think I’d set up my own VPS, but whatever.

Yes, for a lot of reasons. The only time it would be noticeably slower is if your connection wasn’t fast enough to keep up with the required data rates, in which case YouTube would throttle things down, likely reducing you to 720p. Put a different way, if the video stream is 25mbps, it doesn’t matter if I have a 1gbps or 2gbps link - it will buffer things up (maybe slightly more quickly), but I won’t notice any difference from an end use experience. If I were on a 5mbps connection I would notice a substantial difference, and in fact either 1) wouldn’t be able to play the video or 2) it would take a very long time to buffer.

So like I said, the only reason you really need 500mbps is if you’re going to be doing 2-3 simultaneous 8K Netflix streams while also downloading serious content on the side. Other than that for normal use, you’re fine.

If you really want to keep the GL.iNet firmware then I would look at either the AXT1800 or the MT3000. The MT3000 is going to cap out at about 300mbps, but as I’ve stated here I suspect in day to day use that is going to be more than enough for you, especially if you’re not doing a lot of heavy downloading (which I assume you aren’t without a PC. The heaviest download you probably encounter is an OS update from your tablet.) From there it’s kind of a crapshoot. A couple of months ago I would have said the MediaTek chip was a better choice, but I’m less sure at the moment. There is some work to get the QCA6XXX mainlined into OpenWrt which would substantially help things, assuming it’s done well. On the other hand, MediaTek stuff usually gets put in eventually, though we may be months from that.

A lot of it comes down to added features that are not complete, combined with legitimate stability issues in the case of the AX/AXT1800, combined with just general bugs. I personally would like to see them do a freeze and actually fix a lot of the issues before moving on to adding more features that only kind of work, but I’m not a product manager, at least not for GL.iNet.

I realize that for most people compiling your own firmware is a bridge too far, but I have very little confidence in the current GL.iNet overlay. They make great hardware, but the software. Shoo… different story.

@jdub makes quite few valid points for power-users and some of the “coin flip” features needed for those setups, but for everyday users, the convenience is usually stable for most “set it and forget it” uses with their firmwares.

You mentioned the GL app on your tablet, but if you have ever looked at the openwrt app vs the GL app, you can see how much work GL.Inet has put into their API to make most common tasks user friendly.

I agree that an x86 box with router software and gobs of RAM and a decent CPU can accomplish a lot of tasks with ease and is the preferred choice for > 1Gb connections and power users, but for a fairly easy to use travel router, I prefer the GL.Inet devices over most of the other small routers available on the market. The devs really have added a lot of polish to openwrt to make it very user friendly in their customized firmwares.

There are three places I would push back on this:

1. Under the hood the way things are packaged is a mess. Especially on the Flint/Slate AX. You’re looking at a vendor kernel based on a Linux kernel (4.4.60) that was released in 2017. The final revision of the 4.4 kernel was 302, and that was almost a year ago. The MT3000 is at least in a better position on a 5.4 kernel, but it’s still proprietary, closed source, and given the substantial amount of kernel washing that goes on, it’s hard to know whether it’s really something close to the 5.4 mainline kernel, or something with a million janky merges that just says 5.4 on the command line. This is where having real OpenWrt/Linux kernel support is super helpful. Whichever of the two routers gets it first will probably be the better pick.
2. The other issue is that I increasingly feel like the GL.iNet folks are backing themselves into corners in terms of how they’ve implemented things. It’s not that they’ve made wrong choices, exactly, it’s just that if you want to do anything that’s outside of their walled garden it basically doesn’t work. I personally see a lot of this in terms of how they’re trying to implement Tailscale. Basic functionality doesn’t work because of (defensible) choices they made months-to-years ago in the development of their own firmware. My fear is that these are going to keep stacking up.
3. There have been a series of real, legitimate bugs and issues with both the AXT1800 and MT3000 for travel router purposes, at least in their early builds. I’ve fought for literal hours to get them connected to a hotel network within a couple of months of their release. Things have smoothed out a bit, but I still don’t trust them, not really.

Again, if you’re using it for a home router and you don’t have a lot of changes you need to make, maybe a good choice. But I trust GL.iNet’s firmware less than @StubbedTail trusts their ISP.

Thanks for getting back to me again.

I understand that now, from previously having a 100mbps fiber subscription and getting buffering issues on 1080p YouTube videos and a fair wait for news articles to even load I felt that there was a transfer rate attempted to be retrieved faster than what my connection could pull. With a single hop wireguard VPN I could usually play 1080p videos okay with a download rate peaking around 8mbps and then around 3mbps throughout, but I don’t really like single hop VPN use because its using the same server which the ISP can see which means timing correlation can be used to still spy but with lesser accuracy.

In my own experience with a 100mbps fiber link and 2 chained VPN servers its not too bad on the BBC because they use a very minimalistic design but if you try going somewhere like DailyMirror or DailyMail it does take a while to load since it has embedded gifs and the whole page downloads at once rather than as your scrolling.

Yes my primary use will be browsing, watching full HD videos via YouTube & Dailymotion and live streams over Twitch TV. If I can get a VPN protected connection which does 200 then I will be satisfied with it being aware of my previously misguided understanding. I didn’t expect to get the full 500 with zero percent speed loss but rather that I would need the room of 500 to get speeds to at least a few hundred on speed tests meaning companies like YouTube (Google) probably won’t be the ones falling short and I should be able to receive the fastest they can respond to and transfer. I upgraded the fiber and will buy a faster router so from investments you obviously expect to see a beneficial change.

Speedy boi

I don’t know how to do that, which I’m sure doesn’t surprise you. Would that mean I’m broadcasting my home IP as a VPN or I’m using the company VPN but on my own server? If so I think it just puts liability on me dun goofing and saving data which they wouldn’t; and if they’re truly corrupt then won’t they still be logging everything anyway? The ‘Um. Ok’ bit makes me unsure as to whether you don’t believe what I said about the ISP spies or what I said about the VPN so here is evidence for both.
Evidence of ISP spying
Wired: The UK is secretly testing a controversial web snooping tool | WIRED UK
BBC: Home Office tests web-spying powers with help of UK internet firms - BBC News
Express: Is YOUR home broadband tracking EVERYTHING you do online? | Express.co.uk
ISPreview: Two UK Broadband ISPs Trial New Internet Snooping System - ISPreview UK
Evidence of VPN protection
ProPrivacy: Swedish Court rules OVPN doesn't have to hand over logs
TorrentFreak - Stage 1: The Pirate Bay: OVPN Wins First Stage of Information Injunction Battle * TorrentFreak
TorrentFreak - Stage 2/End: OVPN Wins Court Battle After Pirate Bay Data Demands Rejected * TorrentFreak
Provider - 56 full case files published for transparency: entire information injunction (in Swedish) https://files.ovpn.com/PMC-case.zip
Compairtech: ExpressVPN server seized in Turkey turns up no info in assassination case

Good, this is what keeps happening to so many videos I try to watch. If I set it to 1080p then it will play for 3 seconds and buffer for about 6. If I put it on 720p it plays fine unless its 720p 60fps in which case I can only play it through a third party site called 9xbuddy video downloader. I would expect Google to have better delivery speeds than 9xbuddy but I guess the connection the site uses is better as its entirely intended for downloads?

GL.iNet is the only non ISP router I’ve ever had so ideally I would like to stick with what I know but equally I would buy a different product provided its ease of configuration and use is as brainlet friendly as GL.iNet. 300 sounds good for me, is the MT300 okay in terms of firmware? I don’t know anything about self configured custom user scripts so when people say “enter command” I don’t even know where I’m supposed to type into a routers configuration.
Thank you again for reading what must have left you in physical pain from the gravity of knowing someone this stupid has successfully purchased an internet subscription.

Oh you

I’m not even going to let myself try it. The respect for the development team is immense, I just wish things could stay set as a standard rather than people requesting loads of new features with every update. The more a thing does the more there is that can go wrong

So you know, this is generally not a great idea unless you really know what you’re doing. You end up with a lot of packet fragmentation unless your MTUs are set correctly. And you’re also substantially increasing your latency.

I mean, it kind of comes down to a question of threat model, right? Mossad’s gonna Mossad, as they say. If the government really wants to spy on you, then they’re going to do it whether you’re using a VPN or not. And for the most part, routing all your traffic over a VPN looks suspicious and raises more red flags than if you just route what actually needs to be secure.

I get that there are a lot of people who think the Government/your ISP/The Man is super interested in checking in on their browsing behavior, but really, they just aren’t. As the former head of advertising at Meta once famously said, “Just because there’s a naked picture of you on the internet doesn’t mean that anybody wants to look at it.”

It means you run your own VPN server, basically.

Eh? I’ll have to try out the latest builds. I set it on a shelf after my last trip. I’m headed out again soon and will throw it in the bag and see.

The provider does all the complicated stuff, all I need to do is choose which country I want the entry server to be and which country I want the exit server to be. There is an option to alter MTU now that you mention it but I’ve always left it at default and had no issues. If I connect from a UK server to another country in Europe it tends to be okay in terms of ping and latency. Its only an issue if I’m in the UK and I set the entry server to Australia and the exit to Japan.

That is true to an extent but under certain conditions there are certain examples of real world situations in which you would imagine authorities would definitely get what they want but it doesn’t always work out. Look at the last example, it relates to the assassination of the Russian Embassador to Turkey. Russia and Turkey aren’t two very friendly countries to mess with and yet their physical removal of a server resulted in no evidence.

I would have to respectfully disagree with you there, have you seen how heavily Nord and SurfShark get shilled on YouTube? Before christmas I actually saw an advert for Nord on a TV commercial. Add in the fact that probably 50% of all British civil staff are working from home which requires them to use VPN to access the company network. I’d say that lots of Tor activity can look odd but if done within a VPN then the ISP can’t see and the VPN won’t log or care.

Please see the list of links provided, they do care and they are listening. Its a simple fact which is explained owning to new laws surrounding privacy. In 2016 they made new laws which have only recently been enacted.

They don’t know what they’re missing

I don’t like the idea of that, Turkish police can stay away and I’ll keep mailing physical cash to the VPN company.

That is much appreciated, once you’ve had time with it again I’ll base the next steps upon the outcome. Thanks again.

My point was really if you’re looking to get maximum throughput. What essentially happens is that when you tunnel traffic through a VPN, there is a certain amount of overhead that’s added on to every packet. If the overhead exceeds the maximum packet size, the routers along the way have to fragment the packet, which adds even more overhead. When you start double VPN’ing things, you run into this issue a lot, and your performance can degrade substantially.

Sure. And when I’m traveling, particularly in dicey places, I act very differently than I do at home. Considering your threat model doesn’t mean you just say “Wulp, I never need to worry about security.” It means you take appropriate measures to be secure when you need to be (including, sometimes, at home.)

Yeah, but just because they get shilled doesn’t mean they get heavily used. I don’t have a Casper mattress either.

Most corporate VPNs don’t full tunnel traffic - they only tunnel the traffic that needs to go to the corp. location. They certainly don’t tunnel people’s Netflix activity on their personal devices. The point is that if literally all your traffic is going through a VPN, that looks weird. And if you’re GCHQ trying to make decisions about who you want to look into, you start with the people who look weird. Like they might have something to hide. Like, I’m not a professional these days, but I do know how signals work.

Fair enough.

Yes it is noticeably slower to use two servers rather than one but I feel the added security and privacy outweighs the speed decrease and after getting a better router it shouldn’t be enough of an issue for me to care I think.

In the UK that sometimes is always. The investigatory powers bill means you have no privacy in any way and not being part of the EU anymore also adds vulnerability.

" NordVPN has not released its official client base count, but estimates say that it services over 14 million users."
https://earthweb.com/nordvpn-users/

No but lots of people do actually use VPN purely to access geolocked content on Netflix, streaming HD movies will create lots of data. And its hardly like VPN use alone is enough to be considered suspicious; and if it were to be then what could they do? They can’t get inside the encrypted tunnel and stealing the server won’t help them (especially considering they’re all RAM disk)

Like GCHQ staff? Gareth Williams is the best they had and look how he ended. Its probably the NCA “bRiTaiNs fBi” who are looking for people. GCHQ is much more interested in playing with Tor anyway, for their nasty habits. In the year 2022 44% of people had used a VPN, 41% had used one in the past week. So its a lot of weird looking people who they can’t do anything about.

No - my point is that there’s a big difference between using a VPN for, say, 50% of your traffic and using one for 100% of your traffic. One looks suspicious. The other doesn’t. It’s not odd in this day and age for people to use VPNs to, say, connect to work. It is odd for people to tunnel 100% of their traffic to NordVPN.

Anyway, I’ve done my bit to convince you, and you can make your own decisions like a big person. I’ll try to help where I can.

The better solution (if you’re going to insist on using 2 VPNs) is to set the inner tunnel MTU to be small enough that packets don’t fragment in the outer tunnel.

I guess that’s the vast majority of this sites user base done for lol.
From what the provider explains no outside source can actually tell how many devices you have if connected through a third party router. Apparently all the ISP will see is a network device is plugged into the ISP router, they can’t tell how many people are using that router. I don’t live alone so the ISP router gets a mix of other peoples devices and my one network device responsible for one VPN connection. Perhaps that is wrong but its what I’ve been told.

You have been very helpful and its all greatly appreciated, if I’ve come across like an anus in any of this then please be assured it was without intention

So would this mean setting the first hop to a lower MTU value than the second?

Your ISP can’t tell how many devices you’ve got on the downstream side of a router whether you’re using a VPN or not. They can tell what sites you’re going to, mitigated somewhat if you use DNSSEC. If you’re tunneling everything, they just see traffic to the VPN server.

But yes, if you’re living with other people, then their traffic will successfully mask your VPN traffic, to some extent.

Not exactly sure how you’re using first and second hop, but basically you want the exit node to have the lower MTU.

So if for example your router was connected to VPN1 and your tablet to VPN2 (through VPN1), you would want VPN2 to have a low enough MTU such that your tablet packets don’t fragment in VPN1, or cause VPN1’s packets to fragment over the internet. Exact numbers here vary depending on what VPN tech you’re using, whether you’re using TCP or UDP, type of connection, etc.

The VPN provider also provides DNS coverage, I check for DNS leaks daily but it always shows the VPN which seems right to me

Good, perhaps I should use other devices more heavily at the same time to provide more obscurity. Right now I am on the VPN with a tablet but a smartphone and Smart TV are connected to the ISP router. I remember talking about this with others upon the subject of correlation matching attacks.

Okay thanks for letting me know, all seems fine as is so I’ll leave it and if I do get the MT3000 pending your feedback then I’ll try changing MTU before complaining

I just installed the new beta (2-15) on my MT3000 and threw it in the bag for travel later this week. Using the mwan trick somebody posted re: IPSec I was able to actually get Tailscale to work. So assuming everything doesn’t crap out at the destination like it has the last two times I tried, I should be able to report back.

Custom firmware build is a giant mess, primarily because of trying to integrate MTK drivers, I think. Shouldn’t be an issue for you, hopefully.

Regardless of all the reported problems with the firmware, the Slate AX remains a marvelous piece of networking equipment as long as you know what you are getting yourself into and manage your expectations adequately. I would definitely not use it in any mission-critical way if lives depend on it but no one can deny that for an out of the box experience with its wide array of features including all the VPN support, multi-WAN, Tailscale, DDNS, AdGuard, remote management, drop-in gateway…etc. that mere mortals who have little knowledge in networking can use, then nothing even comes within a hundred miles of how excellent this thing is. That reviewer on Amazon can go and stick their review where the sun does not shine as one can criticise constructively but should also give credit where credit is due.