Feature Request Thread For Firmware v3


#1

Only post features here. If something is not working right, or as before, post it in the bug reporting thread here:

Feature Requests:

1. Let the user select 4 DNS options: #Johnex

  • Default DNS (no DNS change, use default from ISP)
  • Global DNS Change (overrides the DNS for all connections, VPN and without, as it is now)
  • Alternate DNS For VPN (the user can have their own DNS only while VPN is on. They can then pick Cloudflare or Google or any other they like, also used as fallback from option 4 if set)
  • DNS from VPN (get the DNS from the VPN server)

The 2 last DNS options would only be available if the user has uploaded a ovpn file, and would ofc check if the VPN client is enabled. On change, the ovpn file would be modified to include the extra config lines needed to change the DNS depending on the options. Either “dhcp-option DNS IP” for option 3, or calling up down scripts like it’s done here: AR750 as OpenVPN client, no DNS for far network for option 4 . If the VPN server does not give any DNS info, fallback to the option 3 if the user has set and alternate DNS for VPN, or fallback to default if not, but notify the user so that no leaks occur or any unwanted or unexpected DNS option.

The DNS page would show a dropdown only at first with the 2 options above, with Default selected. If the user selects to global override, 2 inputs for the DNS1 and DNS2 appear. If the user has configured their VPN, it would show all 4 options. Selecting option 3 would make the DNS inputs for VPN only. Selecting 4 would then let you use the DNS in the inputs (if set) as fallback. If unset, then use ISP DNS.

I think that would cover all the usages possible, and at the same time make it easier for the end user.

2. Mobile Tether Fix (change ttl packet to fool operators) #glitch

Network -> Firewall -> Custom Rules
Add first line:

iptables -t mangle -I POSTROUTING -o 3g-modem -j TTL –ttl-set 64

3. Disable MWan3 #glitch
4. Disable IPv6 #glitch

Network -> Interfaces
Delete Wan6

5. Disable GLHealth #glitch
6. VPN Ping And Reconnect #glitch

while sleep 30; do
if ! ping -I tun0 -c5 -w5 8.8.8.8; then
/etc/init.d/startvpn restart
fi
done

7. Persistent Mobile Data Usages #Johnex

I would love to see an option to have the mobile data persistent, saved over resets. It would then be possible to set the monthly data maximum, and show a percent used of that. Have the monthly total reset every 30 days, and also have a button to manually reset it. Usage since boot would also be shown as "this session used. This would be the same as mobile phones and some other mifi devices have.

8. WPA3 Support firmare v3+ #unlo

9. OpenConnect GL-iNet UI #Bark

10. WireGuard GL-iNet UI Done #Johnex

11. L2TP/IPsec: Add PSK Support #fritz

12. Finer OVPN File Purge Done #glitch

13. Support 802.11r /k/v #carrionlee

Seems like changing from wpad-mini to normal full wpad adds this support:
https://www.reddit.com/r/openwrt/comments/515oea/finally_got_80211r_roaming_working/
There is no default interface so GL-iNet would need to add it.

14. Allow Same SSID 2.4GHz / 5GHz In AP #carrionlee

Having the same SSID let’s the client choose the best channel depending on distance, RSSI and other factors like wall penetration (2.4ghz can penetrate wood and concrete better).

15. Cloud Administration #lucidtek

For managing devices behind double NAT

16. Expand On Modem Tools And Status #lucidtek

  1. More default AT commands
  2. Realtime dB signal status for aligning antennas to get best performance
  3. Modem Toggle On/Off

17. Mifi Modem Driver For All Devices #lucidtek

Have the same modem drivers the Mifi has on other devices, letting users connect modems via mPCIe to usb adapters.

18. Better Load Balancing/Failover GUI #lucidtek

19. Allow Priority Order Of Saved Stations #nopro404

Allow users to alter the list of Saved Stations, making Glhealth prioritize one available AP over another available depending on the order. Now the order seems to be as they were added.

20. VPN IP/DNS Filter List @zwoop

Let the user filter IP or DNS addresses so that some services such as Netflix can be accessed directly, while the rest goes into the VPN.

@alzhao @kyson-lok


GL-AR750s and Public Wifi, need a tester... you game?
GL-AR750S first impressions and development help
MIFI support Quectel EP06?
#2

How about:

  1. Mobile Broadband tehter fix -
    In Network > Firewall > Custom Rules add on first line
    iptables -t mangle -I POSTROUTING -o 3g-modem -j TTL –ttl-set 64

2: Disable IPV6 completely -
Network > Interfaces delete Wan6?

  1. Mwan3 disable

  2. GL Health disable

  3. VPN ping and reconnect script -

while sleep 30; do
if ! ping -I tun0 -c5 -w5 8.8.8.8; then
/etc/init.d/startvpn restart
fi
done

Glitch


#3

Added your requests @glitch :smiley:


#4

@glitch

  1. Not real understand why want to disable mwan3 and gl_health.
  2. If openvpn server down, reconnect script will repeat restart openvpn client. I don’t think is is a right way to do this.

#5

Can’t remember exactly why I disable Mwan3 but IIRC it’s because it pings Google, which I don’t like/trust.

Regarding Gl health - from the forum “This is the main culprit for constantly re-scanning and changing the “wireless” config, and causing disconnects and speed drops.”

Regarding VPN reconnect script - I am no expert but this was a bare-bones script example. Of course, you can add something like
"vpn_enabled=$(uci get glconfig.openvpn.enable)
if [ “$vpn_enabled” = “1” ]; then"

Glitch


#6

@kyson-lok maybe you can do some tests and see what is pinging google all the time in mwan3, and removing or fixing that would be a solution to @glitch issue, while not removing any functionality?


#7

@Johnex Yes, maybe it is friendly if mwan3 can be configured in gli gui. It means that user is able to change the ip address to ping.


#8

@glitch

Regarding gl-health, for 2.0 gui, you can choose enable or disable connect automatically.
Regarding vpn reconnect, there hasn’t a good solution. Because it will cause data leak.


#9

Surely not the case if you have “no internet if VPN is not connected” checked?

The idea of the script is because sometimes the VPN can be connected but freezes/blocks (PIA is notorious for this), so the script tries to ping through the VPN and if it fails, restarts it.


#10

I think default DNS and custom DNS is enough. VPN DNS should act as optional zone when creating a new vpn client configuration.


#11

@kyson-lok

There are lots of users already using the scripts to change automatically to the one supplied by the VPN, so im sure lots of people would want it, but don’t know its possible. There were also users wishing it was a GUI option, and not having to do it from command.

Another thing discussed in another thread is, setting the DNS manually while using a VPN might not be secure. A VPN provider might have to change their DNS ip at any time, and an attacker could then use that released IP as a rogue DNS and harvest requests.

For the end user the most secure is if the DNS should changes automatically to the latest IP while using the VPN :wink:


#12

Added “Persistent Mobile Data Usages” to first post :slight_smile:


#13

WPA3 support should be included ASAP


#14

Added to the list :slight_smile: Might not be for v3 though since it will come out in spec later this year…


#15

#16

@unlo v3 firmware doesn’t support wap3 at present. As far as I know the WPA3 standard is not even published yet and hostapd Git shows no trace of WPA3 yet either.


#17

Request for Firmware V3: An ‘OpenConnect’ VPN interface in the main GUI VPN section…

OpenConnect is faster, easy to tune, and it works very nicely all over China, (& everywhere else)…

Many top commercial VPN providers have increased their platforms now with OpenConnect capability.

GL-Inet V3 should consolidate ‘OpenConnect’ in the main VPN GUI now too.


#18

Added to the list :slight_smile:


#19

Wireguard has supported in v3 firmware.


#20

@kyson-lok Updated the status on the list :slight_smile: