GL-AR750S bugs & security issues

modumb · 2020-09-23T07:00:19.638Z

It has recently come to my attention that further development of the gl-inet app is unlikely whilst I had been expecting some coming fixes for glaring issues that had been pointed out in forum posts here almost a year ago.

Instead of getting frustrated for the gl-ar750s’ lack of fixes also, could someone please let me know if the following issues are on the roadmap for being fixed or not so that I can temper my expectations:

Custom DNS server → override DNS server for all clients - opens port 53 to WAN
VPN policies → does not work - will block internet for all clients exempt from policy when using mac-based policies. Will block websites altogether when using domain based policies. Seems to have different effects with wireguard and openvpn. Please do not suggest the vpn-policy testing firmware work-around - I want to know if this fix is coming to stable firmware ever.
Gl-inet wifi repeater → unable to stay connected to open (no encryption) networks when other open accesspoints with the same name are in range. The same network will not have problems if added by openwrt (which respects the mac address of chosen AP and does not try to roam constantly).
Default wireguard and openvpn firewall rules → automatically resets to accept/accept/accept instead or drop/reject/accept on each connection.
USB tethering with iOS14 → does not work

I understand that gl-ar750s has been dropped from openwrt tree, making development complicated. But I would be grateful to know if these issues are on the roadmap for being addressed or not.

thanks.

Mickey6Pack · 2020-09-23T15:11:32.576Z

Also confused, but let me add a dimension. When I go to the OpenWRT page, and select the GL-AR750s, it shows it is in support with the current release. 19.07.4

Screen Shot 2020-09-23 at 10.08.15 AM1000×147 16.1 KB

Screen Shot 2020-09-23 at 10.08.38 AM1016×579 84.3 KB

I think I am confused between the difference between the OpenWRT firmware releases/upgrades and the GL.iNet firmware releases.

What is the difference and when should which be used?

What’s the risks and differences?

brother · 2020-09-23T18:49:04.929Z

the builds you speak of from the openwrt wiki only support the 16m chip and not the nand. If that works for you, then you should flash through the uboot web console. The openwrt builds are part of a bigger project, but they are generic and you have to set everything up yourself by installing packages and drivers. The openwrt wiki is a good place to start, but if you want something easy, you should stay with the gl-inet builds. Hopefully they are working on getting full support again, but we haven’t heard anything from @al

Mickey6Pack · 2020-09-23T20:38:34.812Z

Thanks that helps a lot. Definitely want the GL.Inet versions. Don’t know why the statements are being made that the AR-750S is no supported, but clearly shows supported by OpenWRT

Johnex · 2020-09-23T21:06:57.188Z

As @brother said, it’s supported, but not in the way it should be. The NOR flash is only 16MB, just enough to fit the base system. The AR750s on the GL firmware uses the secondary 128MB NAND flash to store the data. This is the issue with the OpenWRT “vanilla” version, they have not implemented support for the secondary memory yet. Patches have been in place, but the OpenWRT team decided that the way GL creates the partition table on the device was not set up as they liked and decided to drop automatic builds until a fix was made. This is where the “dropped from the openwrt tree” comes from.

The OpenWRT team has been known to make decisions like this in the past, so much so that half the team decided to start their own project (what was called LEDE) where the team had more rational decisions. After LEDE and OpenWRT decided to merge back again, things have reverted back to being rocky. It is very hard for patches to be merged in now (just as it takes the OpenWRT team 6 or more months to just even look at the patch, then another 6 months of back and forth nit picking of things they want fixed before a merge).

phoronix.com

OpenWRT Gets Forked By Some Of Its Own Developers As LEDE Project

While the OpenWRT project is a very well known embedded Linux distribution primarily for network devices, a number of their own developers have decided to fork away from the project.

On top of that, the quality of the recent 19 release has not been up to par. As discussed in other threads, random crashes were introduced, so updates for the GL firmwares to 19 were put on hold until those issues were fixed in the OpenWRT end. There is no point in release a firmware that has known crashes, and causing confusion for users.

brother · 2020-09-23T21:06:58.692Z

if you use those builds, you will not have access to the nand chip, which means that the storage is limited to 16 megabytes. If that is okay for you, then there is no problem using the builds there. There may be also other problems that the gl-inet devs have not patched in the openwrt tree.

Thanks for the additional info @Johnex !! I did not realize this about the 19.0x release

Johnex · 2020-09-23T21:10:21.585Z

Yeah, random crashes, very hard to find, just in the vanilla openwrt made to work with the routers. So even before GL makes their changes on top of that.

Mickey6Pack · 2020-09-23T21:52:43.332Z

Thanks for educating the newbie really appreciate it

Astra · 2020-09-23T23:27:00.756Z

@modumb for your 1st point about custom dns server. Does the bug happen also when using the setting “DNS over TLS from Cloudflare”?

Also for your 4th point. I thought the recommended setting was Input(Drop)/Output(Accept)/Forward(Reject)

modumb · 2020-09-24T07:30:16.980Z

No idea… I haven’t looked into this in a long while.

I only noticed when I port-scanned the gl-ar750s from an outside wifi network and I am not sure if it opens up port 53 on all interfaces or just wifi… It’s hard to trust these “security” features at this stage.

Openwrt 18 or 19, these issues should be addressed.

Can we not have an official response?

Henry_Bruns · 2020-09-24T13:02:07.149Z

modumb:

It has recently come to my attention that further development of the gl-inet app is unlikely whilst I had been expecting some coming fixes for glaring issues that had been pointed out in forum posts here almost a year ago.

I addet a link to your post to the Short test of openwrt-ar750-3.104.bin buglist:

Short test of openwrt-ar750-3.104.bin - #20 by Henry_Bruns

Short test of openwrt-ar750-3.104.bin

Lets improve the products for happiness of customer an shareholder.

alzhao · 2020-09-24T13:16:21.089Z

Will push to release fix ASAP.

David · 2020-09-24T14:51:24.488Z

modumb in Point 3

I already said it a long time ago … I think that GL.iNet should add the option to select MAC in WISP in UI because it creates confusion of which AP the router connects when there are several APs with the same SSID around. When connecting from Luci, there are no disconnection problems.

And in point 2, VPN Policies with fw 3.104 no longer work for me since I also have Guests on 2 WDS routers apart from the normal network. I will open a new post.
Bye!