Flint GL-AX1800 Craps the bed with VPN and Adguard Running

Ok this is not a one off problem… This seems to repeat itself until I need to revert the firmware and start all over again.
I purchased the Flint speciifically to run OpenVPN with Nord and Adguard for my home. The side benefit was that I could tether it to my phone if my ISP goes down.

The problem.
It seems that I can turn the VPN on and off with no issues when I first set it up from factory. Then I turn on Adguard and only use the disable protection button on the management page if I need to bypass that once in a while.
However after a few days the router will NOT allow me to disconnect the VPN. I click disconnect and it fails and then just give an abort button which does nothing. A reboot and even a power cycle wont clear this. Also the internet is blocked at that point… I I was using the TCP VPN at the time. I did try and fire up the UDP version and that worked but again… I could not shut it down once it was enabled.

Adguard does the same thing… I cannot shut it down at all. Once its in this state I have to revert the firmware… This is a huge issue as I cannot trust enabling these features again until they are solid…
I cannot believe nobody else has run into this…

I am typing this after a complete firmware revert :wink:

Afterthought… Wonder if I should use Wireguard instead of Openvpn. Supposedly much faster??

When doing a revert try doing it in LuCi

When you revert(do a clean revert don’t transfer any settings) go and install LuCi(Don’t set up anything or bare minimum ). Log in to LuCi go to software and update list and update. Once list are updated reboot using LuCi reboot option. After reboot log back into LuCi check that adguard home is 0.106.3-1(current approved package for GL-iNet) you do not want Adguard home 0.104. You also don’t want both of these packages installed, a problem that some times occurs. Once you verify adguard 0.106.3-1 is installed log out of LuCi and go back to the GL-iNet UI and update package list again, when complete reboot using GL-iNet option. Manually put in you configuration(don’t use a saved archive)

Issues I have found:
A revert from GL-iNet UI does not always clean things out correctly
When disconnecting wait for a confirmation message (will be a little pop down saying success)

General good practices:
When doing a firmware update don’t transfer setting
Restart you router once a week
When using NordVPN disconnect for a minimum of 15 minutes so that what little information about login and duration is cleared from NordVPN server
Make a archive every time you make a change can save some headarches

Sorry you having issues hope this helped

Thanks so much for jumping in here… you rock.
So I added Luci back and logged in and went to the software section… There was no option to update… See Screen shot… I can update in the GL interface.
That being said, The revert was fairly simple for me. There are no real settings to transfer or save other than for me to rename my wifi
Adguard is already at .106.3-1 and once I fire it up it offers me an upgrade to.107.2. in the settings menu

The VPN actually hangs on disconnect… and so does Adguard. This is the main issue. Once they are in a hung state, nothing brings them back other than a firmware revert…
Adguard mutiple reboots and keep trying to turn it off and it keeps coming back turned on. The Service that is… I have learned to use the Settings menu to disable protection. But even once its disabled I cannot go back and turn off the service anymore.

I agree with the idea of waiting 15minutes for the a VPN toggle. But simply trying to turn off the VPN by clicking disconnect fails and then gives me an abort button which does nothing.
At that point I have no recourse but to Revert.

Going to try the Luci Revert next time to see if anything changes. Not sure why it would be different unless its more than just another GUI.

If you do not mind logging into SSH, you can try the following to stop OpenVPN and AdGuard:

/etc/init.d/startvpn stop

/etc/init.d/AdGuardHome stop

Its been years since I did SSH. Can I just add it to the bottom of the boot script? I copied and pasted the current default script below.
Also I look in Startup and it clearly shows Adguard enabled. I never enabled it. Just factory at the moment. Also in the Flint main applications I click Adguard and the toggle for enable Adguard is disabled. Almost like they conflict with each other

autoupdate=$(uci get glconfig.autoupdate)
[ -z “$autoupdate” ] && {
uci set glconfig.autoupdate=service
uci set glconfig.autoupdate.time=‘04:00’
uci set glconfig.autoupdate.enable=‘0’
uci commit glconfig
}
samba=$(uci get glconfig.samba)
[ -z “$samba” ] && {
uci set glconfig.samba=service
uci set glconfig.samba.read_only=‘yes’
uci commit glconfig
}

/usr/bin/glautoupdater &
#(sleep 15;/usr/bin/gl_health) &

VIXMINI should turn of system led after boot is successful

if [ “$(cat /tmp/sysinfo/model)” = “VIXMINI” ]; then
echo 0 > /sys/class/leds/vixmini:blue:power/brightness
fi

if [ “$(cat /tmp/sysinfo/model)” = “microuter-N300” ]; then
echo 0 > /sys/class/leds/microuter-n300:blue:power/brightness
fi

killall uqmi

traffic=uci get glconfig.traffic_control.enable 2>/dev/null
if [ “$traffic” == “1” ];then
uci set tertf.general.cleartraffic=‘1’
uci commit tertf
fi

(these are all long shots but maybe fix it)

I thought for sure all that would have solved it. Sometime the repository takes a little bit to show a update(if it has one). Try a hard reset pin whole button in the back maybe. I don’t think its recommended to do a power cycle (30-30-30) but i could be wrong about that. Perhaps try loading original firmware 3.206 then 3.207 then 3.208 with either local upgrade or Uboot (familiarize yourself with the steps before taking them) enable crash log and when everything freezes restart the router and see what is written in the log.

https://docs.gl-inet.com/en/3/troubleshooting/debrick/
https://docs.gl-inet.com/en/3/tutorials/firmware_upgrade/
https://dl.gl-inet.com/?model=ax1800

I meant to manually run the 2 commands when they hang and, hopefully, you will not have to reboot and revert the firmware.

By adding to the rc.local startup script, it may at least clear the problem after reboot, but I suggest you test them out manually before modifying that script.

That is strange! Can you check for a file /etc/config/AdGuardHome or /etc/config/glconfig and see if it contains a line “option enable ‘1’” for AdGuard? If so, you can try editing the file and setting the value to ‘0’. A complete router hard reset should clear out AdGuard.

You are not alone. I have experienced the exact same problem and precisely in the same way you have described. A router reset fixes it and as long as Adguard and WireGuard VPN are always running, then the router is working as expected but trying to turn any of them off is a no go. I haven’t reported as I was really hoping that a future firmware update might fix.

Sorry to hear that but glad its not just me being an idiot… LOL
hopefully there will be an update to address it soon.

1 Like

I assume I need to Putty in to find this file? Is there is good free putty utility I can download for windows?

You can used PuTTY or WInSCP:

https://www.putty.org/

https://winscp.net/eng/download.php

They are good free utilities to have when working with and troubleshooting these routers.

Just loaded a Putty app on my phone but cannot log in. Keeps saying unreachable.

Do I need to enable anything on the router to accept access? There is a section in Luci that refers to SSH.

You can check the settings in LuCi → System → Administration → SSH Access. The defaults should work: Port=22, Password Authentication=Enabled, Allow root logins with passwords=Enabled.

In PuTTY, make sure to use SSH connection protocol, Port 22, host IP address of your router.

Ok I used another app and also remembered to log out of the router from the browser.

Got in and here is the glconfig file. No reference to Adguard. Just Adblock. Hmmm

You can run the following in SSH to confirm that AdGuard is running:

ps | grep -i adguardhome

If it returns the AdGuard process, then run the following if it can be stopped:

/etc/init.d/AdGuardHome stop

ps | grep -i adguardhome

Really appreciate your help… I also just loaded the windows version of putty. I have not run some of these commands in like 20 years… had to look up what the states meant… LOL

Ok this is what was returned… Interruptible sleep and Stopped?

So if I look at this correctly… The “BASE” process is actually up and waiting for me to click the radio button to enable Adguard… Then once its running I need to go to the settings page to actually enable and or disable protection.

At this time I have not actually started the Adguard. I will experiment more when I dont actually need my internet for work…

This looks like AdGuard is not running.

The “grep -i adguardhome” process is your command itself. I think you ran the command twice, with the first time as “grep -i adguardhome” without “ps |”, which is cut off at the top of the screenshot that you stopped in the background with ^Z.

Where do you see AdGuard enabled in the Startup script?

Yes you are correct… If I type the command without the PS it just hangs there. So I control Z out… and added the PS

What makes me believe Adguard is running is this page that displays when I click on Adguard.

The AdGuard page shows up for me also, but Enabled has not been turned on.

In this case, the main problem is being able to disconnect OpenVPN, so test the following command in SSH when the next time it happens:

/etc/init.d/startvpn stop

I think it does some “cleanup”.

This sounds vaguely familiar that it may have happened to me once. I think I turned off “Internet Kill Switch”, ran the above command and rebooted, but cannot remember clearly.

No that page is showing that the Adguard home package is installed and ready to run on your router.(The toggle switch will be to the right and green if it was on) You can unistall by disabling in GL-iNet UI Adguard home, go to plug-ins unistall Adguardhome and gl-agh-stats