Flint 2 (GL-MT6000 ) - bug reports - collective thread

browserleaks.net

Should also be added.

Thanks, my bad I should have spotted that. I reset the router by flashing 4.6.0-op24 & wiping settins. I then enabled Adguard, configured VPN by adding the below domains to the PBR routing config. Override custom DNS is disabled. DNS Leaks still occur when the VPN client is off.

browserleaks.com
browserleaks.org
browserleaks.net
dnsleaktest.com
whatismyipaddress.com

image2561×1408 282 KB

image1920×1053 114 KB

I can see the lookups in Adguard

image1196×1295 79.3 KB

With Adguard disabled I can see the lookups leaking the ISP DNS

image2558×1406 258 KB

image1920×1051 111 KB

This situation should not be leaked, @hansome please test it.

Did you turn off VPN by UI? Could you export me a syslog by PM?

Sent you a private message

Firmware:
OpenWrt 21.02-SNAPSHOT r15812+1073-46b6ee7ffc / LuCI openwrt-21.02 branch git-22.335.71649-0ecaf74

4.6.0 beta 2

Kernel:
5.4.238

Initial tests regarding DNS leak (?), or any leak for that matter, does confirm when connecting to VPN via Flint 2 (GL-MT6000) my physical location is revealed.

The same browser on the same session on My IP Address - BrowserLeaks utilizing pfSense firewall, my location is not revealed, with the same VPN provider.

I had Adguard enabled at one point, yet I had disabled Adguard service on the Flint 2.

Where do I check on the router, logs, or so forth to know the cause of this?

Thanx

It could be I am misreading the charts, that is, the first server I am connecting to of the VPN provider's service is located at the same state I am in, even though the VPN supposedly connecting me to a different state server.

A DNS leak test shows no leak of IP is happening at https://www.dnsleaktest.com

Edit: I think this is the case, connecting pfSense to the same server that is offered (matching Flint2 VPN server), does reveal the state I do live in, at My IP Address - BrowserLeaks . So this could be just an indicator of the first server I am connecting too, rather than being a DNS leak.

Thank you

I'm not sure exactly what you're reporting. For the issue I'm having @hansome was able to reproduce it

I'm still wondering about updating from 4.5.2 to 4.5.8, is it recommended I do so? and should I toggle off the "keep settings" toggle and start fresh? Thanks.

You should start fresh since 4.5.8 uses different proprietary drivers.

The DNS traffic separation for mt6000-op24 firmware has been fixed. It only impacts the op24 version and domain/ip policy use VPN case. The root cause is our code is not robust enough to adapt to dnsmasq version upgrade.
It will be available in tomorrow's snapshot, and soon a release version.

Thanks for confirming that.

However I'm sure it does affect the normal stable firmware, after all I tried different firmwares to see where the issue was present in them. If it wasn't an issue on the stable firmware I wouldn't have posted here.

I can retest the stable firmware and get back to you on this.

I also tried firmware 4.5.8, it works as expected. Firmware 4.6 mostly addresses abnormal cases when custom DNS is used combined with VPN policy.

yep, looks like no DNS leak on 4.5.8 when adguard is off, unfortunately when turned on there is some leaks, maybe because this firmware doesn't have the additional setting for custom dns.

However I ran into the bug again where all traffic goes over the VPN when in PBR mode.

I'll try to do some more testing and troubleshooting and report that as a separate issue.

This is what initially made me test the other firmwares where I then found the DNS bug.

Edit: I reproduced an issue whereby all DNS requests seem to go over client VPN on 4.5.8 but I think this is intentional due to the lack of custom DNS setting.

Maybe firmware beta 4.6.0 will be for me now until the new version in snapshot or stable.

Hmm could domain resolving also be broken when the endpoint is a domain?

i was troubleshooting my own wireguard server but i came to the conclusion something isn't functioning right on my MT3000 with the OpenWrt 24 snapshot, when i use the client configuration on my phone with wifi off it works correctly, i guess the issue got introduced since the new dns option.

Though the behaviour is very strange when i look on the upstream router where the wireguard server is (which use plain OpenWrt 24), when i replace the portforward from wan with lan where the router firewalls zone resides the MT3000 connects, but the routing doesn't follow wan and its public endpoint ip, but MT3000 does say connected to my endpoint which isn't completely valid.

Atleast its good to know its not my routing of the wgserver or a closed port because my phone was able to connect through the mobile network with the vpn server.

Any idea what might be the cause?, if this bug is not related feel free to move this topic

It's not like a DNS issue. Can you give more details of your settings?

Ive been testing more it also happen on the mtk version, but i think its normal behaviour, my suspicion is that my old mt6000 firewall config was broken with corrupt nftables rules which allowed this type of behaviour.

so in my case it only works if i add these two portforwards on my mt6000:

Screenshot_2024-06-19-07-39-00-122_com.brave.browser1220×2712 178 KB

the second portforward applies when the mt3000 is connected local on my pcnet zone, on my peer status it shows a localised endpoint which on my previous config was not the case, though it is disabled on my dhcp settings on the mt6000.

this is how it shows on my peer status on my mt6000:

Screenshot_2024-06-19-08-06-16-330_com.brave.browser-edit1220×1195 93.1 KB

On the mt3000 (the wgclient) i had removed my ddns domain and used the isp ip though it would end up the same:

Screenshot_2024-06-19-08-09-54-245_com.brave.browser-edit1220×2712 211 KB

Screenshot_2024-06-19-07-56-43-597_com.appsteka.traceroute-edit1220×2712 150 KB

I see very strange localised nat reflection but i don't know exactly if this is intended by wireguard, if that portforward from pcnet is removed the mt3000 no longer can connect even though it had a wan ip assigned, it wants it to localise the endpoint upstream.

^ pcnets firewall zone only forwards to wgclient (mullvad).

I came to the conclusion its probably normal😋, ive been verfying this on my phone network aswell without wifi and the wan portforward works fine.

DDNS services in Luci don't run because uci -q get ddns.glddns.enabled returns nothing when using 3rd party DDNS providers or even when glddns is enabled.

Updated from the last week snapshot (probably from 6/Jun or 13/Jun) to Beta 4.6.0 (20/Jun), not using the option "Keep settings"

I uploaded the backup file on LuCi.

I can no longer save files in my shared folder.
I can save like 100Kb files but not this 46Mb file.

USB Flash Drive is formated using EXFAT and of course I have space available.

The error is always the same "Item not found".

Another problem on Beta 4.6.0 (20/Jun/2024):

My log is full of these errors:

Fri Jun 21 11:19:00 2024 cron.err crond[4215]: USER root pid 13181 cmd . /lib/functions/modem.sh;check_ip
Fri Jun 21 11:19:00 2024 cron.err crond[4215]: USER root pid 13182 cmd sleep 30;. /lib/functions/modem.sh;check_ip
Fri Jun 21 11:20:00 2024 cron.err crond[4215]: USER root pid 13442 cmd . /lib/functions/modem.sh;check_ip
Fri Jun 21 11:20:00 2024 cron.err crond[4215]: USER root pid 13443 cmd sleep 30;. /lib/functions/modem.sh;check_ip
Fri Jun 21 11:20:00 2024 cron.err crond[4215]: USER root pid 13444 cmd . /lib/functions/modem.sh;modem_net_monitor
Fri Jun 21 11:21:00 2024 cron.err crond[4215]: USER root pid 13705 cmd . /lib/functions/modem.sh;check_ip
Fri Jun 21 11:21:00 2024 cron.err crond[4215]: USER root pid 13706 cmd sleep 30;. /lib/functions/modem.sh;check_ip
Fri Jun 21 11:22:00 2024 cron.err crond[4215]: USER root pid 13969 cmd . /lib/functions/modem.sh;check_ip
Fri Jun 21 11:22:00 2024 cron.err crond[4215]: USER root pid 13970 cmd sleep 30;. /lib/functions/modem.sh;check_ip
Fri Jun 21 11:22:00 2024 cron.err crond[4215]: USER root pid 13971 cmd . /lib/functions/modem.sh;modem_net_monitor
Fri Jun 21 11:23:00 2024 cron.err crond[4215]: USER root pid 14235 cmd . /lib/functions/modem.sh;check_ip
Fri Jun 21 11:23:00 2024 cron.err crond[4215]: USER root pid 14236 cmd sleep 30;. /lib/functions/modem.sh;check_ip
Fri Jun 21 11:24:00 2024 cron.err crond[4215]: USER root pid 14490 cmd . /lib/functions/modem.sh;check_ip
Fri Jun 21 11:24:00 2024 cron.err crond[4215]: USER root pid 14491 cmd sleep 30;. /lib/functions/modem.sh;check_ip
Fri Jun 21 11:24:00 2024 cron.err crond[4215]: USER root pid 14492 cmd . /lib/functions/modem.sh;modem_net_monitor
Fri Jun 21 11:25:00 2024 cron.err crond[4215]: USER root pid 14746 cmd . /lib/functions/modem.sh;check_ip
Fri Jun 21 11:25:00 2024 cron.err crond[4215]: USER root pid 14747 cmd sleep 30;. /lib/functions/modem.sh;check_ip
Fri Jun 21 11:26:00 2024 cron.err crond[4215]: USER root pid 15000 cmd . /lib/functions/modem.sh;check_ip
Fri Jun 21 11:26:00 2024 cron.err crond[4215]: USER root pid 15001 cmd sleep 30;. /lib/functions/modem.sh;check_ip
Fri Jun 21 11:26:00 2024 cron.err crond[4215]: USER root pid 15002 cmd . /lib/functions/modem.sh;modem_net_monitor
Fri Jun 21 11:27:00 2024 cron.err crond[4215]: USER root pid 15251 cmd . /lib/functions/modem.sh;check_ip
Fri Jun 21 11:27:00 2024 cron.err crond[4215]: USER root pid 15252 cmd sleep 30;. /lib/functions/modem.sh;check_ip
Fri Jun 21 11:28:00 2024 cron.err crond[4215]: USER root pid 15506 cmd . /lib/functions/modem.sh;check_ip
Fri Jun 21 11:28:00 2024 cron.err crond[4215]: USER root pid 15507 cmd sleep 30;. /lib/functions/modem.sh;check_ip
Fri Jun 21 11:28:00 2024 cron.err crond[4215]: USER root pid 15508 cmd . /lib/functions/modem.sh;modem_net_monitor
Fri Jun 21 11:29:00 2024 cron.err crond[4215]: USER root pid 15759 cmd . /lib/functions/modem.sh;check_ip
Fri Jun 21 11:29:00 2024 cron.err crond[4215]: USER root pid 15760 cmd sleep 30;. /lib/functions/modem.sh;check_ip
Fri Jun 21 11:30:00 2024 cron.err crond[4215]: USER root pid 16008 cmd . /lib/functions/modem.sh;check_ip
Fri Jun 21 11:30:00 2024 cron.err crond[4215]: USER root pid 16009 cmd sleep 30;. /lib/functions/modem.sh;check_ip
Fri Jun 21 11:30:00 2024 cron.err crond[4215]: USER root pid 16010 cmd . /lib/functions/modem.sh;modem_net_monitor
Fri Jun 21 11:31:00 2024 cron.err crond[4215]: USER root pid 16262 cmd . /lib/functions/modem.sh;check_ip
Fri Jun 21 11:31:00 2024 cron.err crond[4215]: USER root pid 16263 cmd sleep 30;. /lib/functions/modem.sh;check_ip
Fri Jun 21 11:32:00 2024 cron.err crond[4215]: USER root pid 16522 cmd . /lib/functions/modem.sh;check_ip
Fri Jun 21 11:32:00 2024 cron.err crond[4215]: USER root pid 16523 cmd sleep 30;. /lib/functions/modem.sh;check_ip
Fri Jun 21 11:32:00 2024 cron.err crond[4215]: USER root pid 16524 cmd . /lib/functions/modem.sh;modem_net_monitor
Fri Jun 21 11:33:00 2024 cron.err crond[4215]: USER root pid 16773 cmd . /lib/functions/modem.sh;check_ip
Fri Jun 21 11:33:00 2024 cron.err crond[4215]: USER root pid 16774 cmd sleep 30;. /lib/functions/modem.sh;check_ip
Fri Jun 21 11:34:00 2024 cron.err crond[4215]: USER root pid 17022 cmd . /lib/functions/modem.sh;check_ip
Fri Jun 21 11:34:00 2024 cron.err crond[4215]: USER root pid 17023 cmd sleep 30;. /lib/functions/modem.sh;check_ip
Fri Jun 21 11:34:00 2024 cron.err crond[4215]: USER root pid 17024 cmd . /lib/functions/modem.sh;modem_net_monitor
Fri Jun 21 11:35:00 2024 cron.err crond[4215]: USER root pid 17273 cmd . /lib/functions/modem.sh;check_ip
Fri Jun 21 11:35:00 2024 cron.err crond[4215]: USER root pid 17274 cmd sleep 30;. /lib/functions/modem.sh;check_ip

I didn't notice these errors on Snapshot versions