Firmware 4.1.0 release 2 VPN blocking repository

Bug Report
Flint Firmware 4.1.0 release 2
Wireguad Client running
AdGuardhome doing DNS

Gl.iNet repository will not update when vpn is active and running. Have Global options in VPN dashboard set.

VPN policy is set:

Repository will update without vpn active. I think there is a firewall rule, firewall zone that needs to change that is blocking

Your policy is based on client device. This works fine, as long as you don’t enable the VPN kill switch. Then the devices not connected to the VPN have no internet access. Could this be the issue here?

Its possible. I have client device for the occasional time I need to not us a VPN. Even if I change the VPN policy to auto detect it still does not work. Everything should be using the vpn. The router should be using the VPN to access the repository and I’m not sure why it gets blocked.

I think it is something to do with looking up the repo as IPv6

1 Like

Access the Terminal by SSH & run this:

opkg update
opkg install kmod-ipt-nat6
cat << EOF > /etc/firewall.nat6
iptables-save --table="nat" \
| sed -e "/\s[DS]NAT\s/d" \
| ip6tables-restore --table="nat"
uci -q delete firewall.nat6
uci set firewall.nat6="include"
uci set firewall.nat6.path="/etc/firewall.nat6"
uci set firewall.nat6.reload="1"
uci commit firewall
service firewall restart

This will enable IPV6 for VPN (if ur vpn config supports it). Still not sure why it doesn’t happen by default.

IPv6 is not supported as far as I know (SurfSharkVPN will check there was a update a couple of days ago) and it not selected anywhere I have checked.
So I need to not create IPv6 tables but need it to use IPv4 or tell it to use

This might be the issue some other people are having with Cascading VPN and S2S

Thank you Blobbie01

I don’t think I want to recreate the ipv6 firewall, but tell it not to us ipv6 and instead us ipv4.