[GL-AX1800] Apps on router including opkg, wget etc is trying to use VPN

Router: GL-AX1800
FW: v4.2.1

I have setup an OpenVPN client which is connecting to a remote server. When it is connected I cannot run opkg update or anything like this:

root@GL-AX1800:~# opkg update
Downloading https://fw.gl-inet.com/releases/v21.02-SNAPSHOT/kmod-4.2.1/arm_cortex-a7/ip60xx/Packages.gz
*** Failed to download the package list from https://fw.gl-inet.com/releases/v21.02-SNAPSHOT/kmod-4.2.1/arm_cortex-a7/ip60xx/Packages.gz

Downloading https://fw.gl-inet.com/releases/v21.02-SNAPSHOT/packages-4.1/arm_cortex-a7/glinet/Packages.gz
*** Failed to download the package list from https://fw.gl-inet.com/releases/v21.02-SNAPSHOT/packages-4.1/arm_cortex-a7/glinet/Packages.gz

Downloading https://fw.gl-inet.com/releases/v21.02-SNAPSHOT/packages-4.0/arm_cortex-a7/packages/Packages.gz
*** Failed to download the package list from https://fw.gl-inet.com/releases/v21.02-SNAPSHOT/packages-4.0/arm_cortex-a7/packages/Packages.gz

Updating database.
Database update completed.
Collected errors:
 * opkg_download: Failed to download https://fw.gl-inet.com/releases/v21.02-SNAPSHOT/kmod-4.2.1/arm_cortex-a7/ip60xx/Packages.gz, wget returned 4.
 * opkg_download: Check your network settings and connectivity.

 * opkg_download: Failed to download https://fw.gl-inet.com/releases/v21.02-SNAPSHOT/packages-4.1/arm_cortex-a7/glinet/Packages.gz, wget returned 4.
 * opkg_download: Check your network settings and connectivity.

 * opkg_download: Failed to download https://fw.gl-inet.com/releases/v21.02-SNAPSHOT/packages-4.0/arm_cortex-a7/packages/Packages.gz, wget returned 4.
 * opkg_download: Check your network settings and connectivity.

If I disconnect the VPN it works. I tried to enable/disable the “Services from GL.iNet Use VPN” multiple times but still the same.

In the VPN Dashboard what is global proxy set to?

I just ran it in LuCi seems to be working there.

src/gz glinet_core https://fw.gl-inet.com/releases/v21.02-SNAPSHOT/kmod-4.2.1/arm_cortex-a7/ip60xx
src/gz glinet_gli_pub https://fw.gl-inet.com/releases/v21.02-SNAPSHOT/packages-4.1/arm_cortex-a7/glinet
src/gz opnwrt_packages https://fw.gl-inet.com/releases/v21.02-SNAPSHOT/packages-4.0/arm_cortex-a7/packages

1 Like

Proxy Mode is set to “Based on the Client Device”, and I have couple of MAC addresses configured so only those 3 devices should use the VPN:

I did forget to mention I am on Snapshot Firmware 5-5-23 one was just released yesterday
I am assuming that you are on Stable Firmware 4-14-23 there are issues with how it does the poxy. So you could try the snapshot or wait and see if someone has a work around, you will probrably need to SSH into the router and manual change firewall rules and routes.

One thing you could try is when you make changes to save and restart the router.

Yeah I have stable 4.2.1 from here:

Where did you get v5.5.23 snapshot from?

5-5-23 is the compile date V4.2.2 it just got updated to 5-1-23 V4.2.3


It could also be Multi-wan mwan3 ping stuff if you are not using it you can disable it maybe make a difference.

Well, as a workaround I have changed the DNS of the WAN interface in LuCi to (instead of the one advertised one) and now the wget and stuffs work from the router. Unfortunately it is still routed through OVPN. @alzhao do you happen to have any idea why the apps on the router are trying to use the OVPN even if the “Services from GL.iNet Use VPN” is disabled?

This option currently only includes services developed by GL.iNet, such as goodcloud client, DDNS, rtty. openwrt’s own services, such as opkg, ntp, are not included.

Workaround for opkg to not using VPN:

sudo -g nonevpn opkg update
sudo -g nonevpn opkg install xxx.ipk

The following command is needed to force DNS query initiated by previous command to not use VPN.

uci set firewall.process_mark.extra='-m owner --gid-owner 65533 -j CONNMARK --set-xmark 0x80000/0x80000'
uci commit firewall
echo conntrack  >/tmp/dnsmasq.d/conntrack
/etc/init.d/firewall reload
/etc/init.dnsmasq reload