Fix for GL.iNet Plugins/Firmware Update Fails ("Failed to update repository list") when using AdGuard Home + ISP using CGNAT

Router
1

The problem:
Every time I tried to look at plugins or update the firmware online upgrade, the plugins page would throw an error: "Failed to update repository list, please check your network and try again." and the online upgrade wouldn’t be able to check for firmware updates.

The strangest part was that internet access for all my LAN clients worked perfectly. If you are experiencing this, here is the breakdown of what I reckon is happening and how to fix it via SSH.

When AdGuard Home is enabled, it takes total control over DNS requests (Port 53). However, the router's internal system processes (like the background cloud manager eco daemon or the package manager opkg) seems to bypass AdGuard and look directly at the raw system interface files for a DNS fallback.

If your ISP uses Carrier-Grade NAT (CGNAT), your router's WAN port is handed upstream DNS addresses in the 100.x.y.z range. If these upstream ISP servers drop packets, timeout, or conflict with custom routing splits (like a local Tailscale configuration :enraged_face:), the router's OS hits a total dead end trying to resolve the gli.net servers fw.gl-inet.com.

The fix:
To solve this, you need to explicitly tell the router's base operating system to use a reliable public fallback resolver specifically for its own background system tasks. This will not affect your AdGuard Home settings or any parental filtering rules you have active for your clients.

SSH into your router from your terminal app:
ssh root@192.168.8.1 ((Adjust the IP if you changed your default gateway).
If you’ve never connected via SSL you need to say yes to the fingerprint thing
[enter your router password]

Paste these three lines (or do it one-by-one, I’m not your supervisor)
uci set network.wan.dns='1.1.1.1 8.8.8.8'
uci commit network
/etc/init.d/network restart

Press Enter

Type opkg update and press Enter.

You should see the repository lists download. You can then jump back to your browser and refresh the list of plugins.

Hopefully you can enjoy messing around with plugins and doing online firmware upgrades, too.

1 Like
2

Hi

Thank you for your analysis and for sharing the solution.

For users who are not familiar with SSH, the same configuration can also be done through LuCI by following the steps below:

1 Like
5

It shouldn't conflict since CGNAT is only 100.64.0.0/16. So as long as you don't set a Tailscale IP to 100.64.x.x - all will be fine.

6

Thank you! This is much simpler!

1 Like
7

The CGNAT reserved range is 100.64.0.0/10 (RFC 6598). Only having /16 for this would be way too small. ISPs can have way more than 65536 customers :slightly_smiling_face:

1 Like
8

Damn, my fault! :face_with_peeking_eye: