GL-MT1300 (Beryl) Kill Switch bypassed on ethernet - Help!

Help, I’m stuck!

I have a GL-MT1300 (Beryl) connected by Ethernet to the WAN & LAN with OpenVPN and Kill Switch enabled. I’m not sure what firmware it has because I can’t log in to the modem.

Here’s what happened:
The status light was slowly pulsing blue and I didn’t know what it meant. I ran a speed check to double check that VPN was working. It wasn’t!!

Now the status light is still slowly pulsing blue and I can’t connect to the router via w-fi to admin it.

Why did this happen? Does kill switch not prevent ethernet traffic from WAN to LAN when something happens?

What do I do now? It’s been pulsing for over an hour, so I don’t think it’s an update. I’m tempted to reset the router, but I want to understand why this happened and make sure it doesn’t happen again.

Thanks for any help. I’m traveling and pretty desperate to figure this out.

This is why I’m worried that the Kill Switch doesn’t apply to ethernet traffic: VPN internet killswitch leaks - #7 by alzhao

The pulsing blue means that there is no connection to the internet. There’s a document here that explains what the LEDs mean. So maybe the kill switch did exactly what it was intended for; when you lost the the VPN connection it stopped traffic to the internet. Or maybe something else–I’m not sure of the relationship with the LED.

I don’t follow what you mean by “connected by Ethernet to the WAN & LAN” or “log in to the modem”. Maybe you have a cable connecting the WAN port on the Beryl to the LAN on a cable modem? That would be right. But not being able to connect to the Beryl via wifi kind of defeats the point.

My suggestions are, in order, (1) reboot and see if you can connect or get to a white LED. If not, (2) reset and start over, first without OpenVPN and kill switch and then adding them back. (3) download 3.203B4 and try that. That firmware works fine on my Beryl, but some other versions have wifi problems with the proprietary driver–its being worked on.

1 Like

Thanks for the reply. The strange thing is that it’s pulsing blue and I can connect to it via wi-fi or ethernet (LAN) and use the WAN connection to the non-GL router.

The problem was/is that the kill switch failed and is allowing traffic through wi-fi and ethernet. I didn’t change anything on the GL router. I want to understand what happened.

The only clues I have are that the light is currently pulsing blue, I can connect to it via wi-fi and ethernet, but I can’t connect to it via a browser:

The GL router is connected to the internet via ethernet to the non-GL router.


If you can connect maybe you can SSH into it and figure out via CLI, but that is beyond me. If you can’t get to the admin interface, my advice would be to reset and start over, and then take it step by step to see if you get locked out again.

1 Like

The pulsing blue mean no Internet. The router use ping to detect Internet. So if you network disable ping this could cause problems.

If you cannot access the router, need to know what exactly you configure, e.g. vpn, vpn policy etc.

1 Like

Thank you all. I figured it out thanks to your comments. I had the ethernet from the external modem plugged in to the LAN port on the back of the Beryl instead of the WAN. !! Doing so bypasses the Kill Switch if you have it that way when the router is powered on !!! I’ve attached a diagram to help others avoid this user error (and maybe to inspire an software / hardware solution from the manufacturer).

I couldn’t connect to the admin panel because it seems the Beryl was just acting as an ethernet coupler for the external modem. That and the pulsing light were the big clues.

1 Like

Oh lordy. The killswitch wasn’t the half of it. If you hooked it up that way you were in a bad place.

The modem runs a DHCP server, and was handing out addresses to devices that were asking for one. Let’s say the modem was at, and was handing out addresses in the 192.168.1.xx range, including as a default gateway.

At the same time, the Beryl was also handing out addresses in the 192.168.8.xx range, with as a default gateway. Having two DHCP servers on one subnet is a very tricky thing. Your laptop probably was pulling a 192.168.1.xx address from the modem, and lucky you to have anything. When you tried to log in to, your laptop didn’t know that subnet, so it forwarded the request to the modem, and the modem didn’t have a route to that address, and the address wasn’t routable, so it died. Your laptop had no route to the Beryl, even though it was physically connected. But it did have a route to the internet through the modem, bypassing the Beryl, the VPN, the kill switch and every other thing.

Then, the Beryl is, after all, a router. If its wan port was connected to the modem, that would pull an address in the 192.168.1.xx range. It’s light would turn white because it had a connection to the internet. Your laptop now would pull an address in the 192.168.8.xx range, and everything would be fine. But because it had no connection through the wan port, it had no internet connection, thus the pulsing blue. But also, your VPN client would never start, never mind never connect. The Beryl was just sitting there wondering why no one was at home. The best you could hope for is to use the Beryl that way as an access point, where it would then pull a 192.168.1.xx address itself.

There is no software/hardware solution needed. If by chance you got the Beryl DHCP answer, you would have been able to log into the admin interface and it would have told you there was no WAN cable plugged in.