Flint stable firmare 4.1 and VPN client/server

the Flint is my home router. I am trying a configuration with fireguard both as client and as vpn server.

The VPN client is configured for routing traffic only for a single device in the network.

At the beginning everything works fine, however once the VPN client is turned on I have consistent internet downtime in the whole LAN: every ‘x’ minutes (I would say random but difficult to say) all the network devices lose connectivity and their packets are not routed anymore. This happens both on device connected wirelessly and devices connected via a LAN cable to the Flint.

In the logs, I see frequently at random times (between 30 secs and 3 minutes) the following lines (always the same):

Sun Jan 22 15:13:58 2023 user.notice route_policy: default_policy=0 mac_list=LISTOFMYMACADDRtoUSEVPN
Sun Jan 22 15:13:58 2023 user.notice route_policy: vpn_dns_via= dns_via= manual_dns=
Sun Jan 22 15:13:58 2023 user.notice wireguard-debug: USER=root ifname=wgclient ACTION=KEYPAIR-CREATED SHLVL=2 HOME=/ HOTPLUG_TYPE=wireguard LOGNAME=root DEVICENAME= TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin PWD=/

Did anyone experience this?

Are you running Cascading? I think you need 4.2 beta or snapshot to do this on the Flint or Slate AX.
:gl_emoji_dizzy:I do not work for and I am not directly associated with GL.iNet :gl_emoji_shacking:

1 Like

Not sure what you mean by “cascading”: if it is the device doing VPN server and then going inside the vpn client, the answer is no.

The device to be routed via the Flint vpn client is an AppleTV connected via wifi to the Flint.
The devices experiencing the problem are other devices in the LAN not using the VPN server at that moment.

Should I try in any case the 4.2 beta?

  1. Block Non-VPN TrafficIf this option is enabled, all traffic from client devices trying to be sent out of the VPN tunnel will be blocked, which will effectively prevent VPN leaks due to client DNS settings, dropped VPN connections, client apps requesting by IP, etc.This feature is also know as VPN Kill Switch. It is designed to prevent your data from leaking to the web. Most VPN providers offer a Kill Switch feature that automatically disconnects your computer, phone, or tablet from the internet if your VPN connection drops. The Block Non-VPN Traffic feature on GL.iNet rotuers can handle more ways to compromise, including the following six scenarios:
  2. DNS Leak
  3. IPv6 Leak
  4. WebRTC Leak
  5. Dropped VPN Connection
  6. Programs Started Before VPN
  7. Application Specific Leaks
  8. Allow Access WANIf this option is enabled, while VPN is connected, client devices will still be able to access WAN, e.g. accessing your printer, NAS etc in upper subnet.vpn dashboard allow acdess wan diagramAs shown above, if this feature is turned on, your device will have access to devices in the upstream subnet, such as printer and NAS.The main scenario is to give clients access to devices in the upstream subnet, but there is no way for the router to distinguish between the upstream subnet and the Internet, so if the traffic in the client device is accessed directly through IP, there may be a risk of leakage, so this option and Block Non-VPN Traffic are mutually exclusive.
  9. Services From GL.iNet Doesn’t Use VPNIf this option is enabled, services on routers that usually require the use of a real IP will not use VPN. Including GoodCloud, DDNS, rtty.The main purpose of this is to use VPN Client and GoodCloud / DDNS at the same time. It is recommended to turn on this option if you want to use GoodCloud, otherwise the stability of GoodCloud will be affected by the VPN status. If you want to use DDNS, you must turn on this option, otherwise DDNS will point to the IP address of the VPN Server.