GL-AR750S-Ext VPN Policies work but kill internet

I am using a new GL-AR750S-Ext and NordVPN. If I disable the VPN, everything works great. If I enable the VPN, everything works great. If I add a single policy (mac or ip based) the policy works, and that traffic is routed over the VPN, but all of the other devices on my network essentially become unusable. Websites will start to load and never finish. If I run a speed test, it looks like it starts fine, but then freezes and pops up a socket error message.

The whole purpose of this purchase was to route 3 televisions only through a VPN, and I am either missing something, or something is broken. I tried both the latest stable firmware and the test firmware with the same results. Any ideas?

3 Likes

Can you give an example of which website has problems? I can test the same.

I have the same experience. Policy just sends private subnet 192.168.80.0/24 over the VPN, but some other connectivity either stops or slows down immensely to unusable.

Firmware 3.100.
OpenVPN.
Only allow the following to use the VPN: 192.168.80.0/24

Routing is working correctly. If I traceroute from any of the Slate’s clients, they go through the correct routes. Ping times are also correct.

Issue: Google web pages will not load (drive/keep/gmail/maps etc). Speedtest.net does not run or produces erroneous results. Other sites do load completely normally. Strangely, a direct link to a Google Doc will load. Some pages only partially load - eg my bank - most of the page loads but not the buttons. Spotify does not load. Most of the Amex page loads. Accessing this forum site works fine.

RDP through the VPN works. RDP to an internet based host will see the host, connect, and then give me a black screen only.

dns over tls is on, dns rebinding is off. Override dns settings is on.

Visiting a website will use a lot of external resources. For example, if you visit YouTube, you may request resources from Google and Yaho. At this time, your strategy should include all resource websites, not just YouTube.

Huh? No idea what you’re trying to say.

I just tried and seems I have the same problem. I am investigating.

Can I know which service provider you are using?

Ok so +1 on this issue.

I am using Mac based policies however but the issue persists.

If i configure Mac 1 to use the VPN, and everything else on the network won’t it works but not as i expected. Certains domains such as amazon.co.uk and others do not load/work when on a machine with Mac 2 (never touches the VPN)

Pls try the latest beta firmware. This should be solved already.

I am running the latest 3.0.27 but the load average on my router is now sat around 4.5 which is very high.

When is the beta version likely to be pushed to GL.iNet download center

Since this contains 3.0.24 but no mention of 3.0.25, or 3.0.26

https://dl.gl-inet.com/firmware/ar750s/testing/
Pls try 3.104.

If you don’t open the UI the load may not be that high. Close your browser (tab), ssh to the router and check load again.

I have the same problem on the GL-AR750S-Ext router. I’m running the latest firmware (3.104) and the issue still isn’t fixed.

I’m using OpenVPN with TorGuard. When I set the Policy to only allow VPN on certain MAC addresses, the internet on devices which aren’t in the list become so slow that they aren’t even usable. Often times the internet speeds on non-VPN devices will drop down to 0mbps while the VPN devices continue working just fine with normal speeds. It seems like something seriously bad is going on, almost as though the router is having trouble distributing the traffic properly. Maybe a cache setting somewhere? This doesn’t appear to be an issue on the MT300N-V2 Mango. Could it be a hardware issue? Bad firmware? What’s the deal here. Other’s seem to have the same problem and the issue still hasn’t been resolved.

1 Like

Have you tried this firmware?

1 Like

Just tried it and it works perfectly. No problems now. Will you include this fix in the next official update?

Maybe it can be a check box to toggle function on or off if it has to stay for some people.

We will fix this in the 19.07 release.

2 Likes

What is the actual fix, dont see it mentioned anywhere… Is there any eta for the next release?

1 Like

when is the 19.07 coming out I will volunteer to beta test it

I can report that this issue is still present in the testing image “openwrt-ar750s-3.105-1014”

1 Like

@luochongjun could you please tell me the github repository and commit hash that you have used to build the image “openwrt-gl-ar750s-fix-policy.tar”? I would like to understand how you have fixed this issue in this image.

Hi. I have almost the same issue as corefocus. GL-AR750S-Ext router, firmware 3.104. When I set policy to not allow VPN for certain MAC addresses, internet speeds on non-VPN devices are very poor (0-1mb/s, so that streaming is impossible).

@luochongjun I see you posted a firmware link for corefocus to try, but when I click the link I am not able to download anything. Are you able to repost the fix for me to try?

1 Like