GL-AR300M fw 3.019 and OpenVpn

Technical Support
#1

Hi,
yesterday I updated the firmware from 2.7 to 3.

With the old firmware I connected as a client to a vpn network, to remotely access my router, which does not have a static ip.
I uploaded the same .ovpn configuration file, but when I start the openvpn network, it doesn’t make me surf the internet anymore, but only to the vpn. What should I do?
Thanks

#2

Logs, screenshots etc pls.

At least need to know if it is dns problem or firewall problem

#3

Thanks alzhao,
I followed this guidee and it’s working now.
Why it might has potential data leakage?

#4

If you modify that shell script, it will enable traffic from lan forward to wan interface, so if VPN connection is lost, all data will cross wan directly, it means data leak.

#5

Kyson, just to be sure I understand, when you say “data leak” you only mean “data will no longer go through the VPN.” In other words, it reverts to being a normal router, allowing LAN to forward to WAN without using the VPN.

It seems there are (at least) two reasons people use a VPN:

  1. The user wants to do private Internet browsing and/or wants their browsing to originate at the VPN destination. They might be using a public VPN service. For this user, I can see how they would NOT want to go on the Internet without the VPN.

  2. The user needs to link two LAN networks across the Internet. This user probably controls the VPN server and client. Only the LAN traffic needs to be private so only the LAN traffic goes on the VPN. However this does not mean that LAN traffic will leak onto the Internet any more than if you use the router without the VPN feature.

#6

Exactly.

Yup, so we are developing routing policy function now, it can solve this situation.

1 Like
#7

Thank you for the fix.

#8

Blockquote
Yup, so we are developing routing policy function now, it can solve this situation.

Sounds promising. Please post an note here when that is ready.

I just thought of another situation where this is important: perhaps an employer asks the employee to connect to the corporate VPN from their personal device. The employee needs to access the corporate files, but the employee does not want their private Internet browsing to go through the employer’s server. Of course, the employee should turn off the VPN for best privacy, but maybe they forget, or they have a long-running task on the VPN and they want to do private browsing while they are waiting.

#9

Please refer this post by Alfie.

#10

Hi,
today I have installed fw 3.022 on GL-AR300M. FW 3 sure is more strong but, in my opinion and for my application it was not useful.

  1. second my opinion che cechbox in openvpn “if no vpn connection, no internet” is usefull.
  2. VPN policy is not complete and does not cover all conditions
  3. the thing that helped me is the guide made available: Openvpn configuration to avoid the default redirection (all through the VPN)
  4. fw 2.27 has a gui for sms. I know that in fw 3 is installed sms3tools but it is not symple to use it.
  5. sometimes login does not work. The gui does not recognize the password. Then with putty is necessary to restart the router and then it work.

In my opinion fw 3 is not a robust and complete version. But I love the same my GL-AR300M
Best regards

#11
  1. We had removed this checkbox, it will force all traffic passthrough VPN by default.
  2. The more conditions, the more complicated. It is hard to design a well experienced UI.
  3. emmm
  4. v3.x has gui for sms as well, but only show it for MIFI or X750. Because only them with LTE modem module
  5. Not sure why. I can’t reproduce this issue.
#12

Why? it is a option!!

What do you mean?

#13
  1. Because it is a way to avoid data leakage when you started VPN, if you don’t like use global proxy, you can try VPN routing policy, which I had mentioned above.
  2. It means “Yes, if you didn’t upgrade to the latest testing firmware which supports VPN routing policy, you can try it”.