Flint GL-AX1800 / v4.6.4. / Wireguard VPN-change with activated Kill Switch not possible

Technical Support for Routers
1

Hi Folks,

does anyone have the same problem?

I have the router GL-AX1800 and updated today to the software version v4.6.4.

Since then it is no longer possible to change an active Surfshark Wireguard VPN-server with activated Kill Switch (Global Options “Block Non-VPN Traffic”).

Changing the VPN server is only possible by
(1) Deactivating the kill switch
(2) Turn the current VPN server off and on again
(3) Reactivate the kill switch

The same is also necessary if the current VPN connection is interrupted and requires a restart.
No automatical reconnection takes place when the kill switch is activated.

Security Aspect:
However, if the kill switch is deactivated, all client connections are completely unprotected at the moment of the server change or server reconnection (because the kill switch could only be activtated after an established VPN connection).

It's hard to believe that such an important fact was actually overlooked in the new software version v4.6.4.

Is this a known problem or any solution for it ?

At the moment, software version v4.6.4 isn't any option, due to a massive security problem, at least for me and my GL-AX1800. I'm back at v4.6.2 - which is working properly.

Kind regards
Chris

3

For all those who should have the same problems:

I received an information from GLI support, that the behavior after the update is due to the fact that AdguardHome (ADH) was active during upgrade.

As a result of active ADH, a config entry, that is normally deleted during the upgrade was not deleted.

Solution:

  1. Log in to the router via SSH

  2. vi /etc/init.d/adguardhome (started the Editor and opens the document)

  3. Search for the entry “procd_set_param group explicit_vpn” and delete the complete line

  4. Save and quit the config with :wq

That's it. Hope it helps

2 Likes
4

Addition:
Even with this deleted line in the config-file, with the next Update to v4.6.6 I got the same problem with active Adguard Home.
For this reason, the above mentioned steps must be done again.
With the next update, I'll try to deactivate Adguard Home befor starting.

@GLiNet. Such behavior is really annoying

7

This is the same as DNS broken after update to v4.6.4 on Flint - #2 by mkdr

Will be fixed in firmware v4.6.8