GL-MT300N-V2 as "VPN-Box"

Dear all,

I just got a GL-MT300N-V2, which I want to use as wired OpenVPN client to place it between my network and a TV streaming box. To save power, the Router is to turn on/off with the TV and shall automatically connect to the VPN when booting. Moreover, to avoid difficulties, it shall only pass through internet when the connection to the VPN server is done (I use HMA UDP). When I received the Router, it had firmware 2.272 installed (I believe). In that firmware, there was a tick-box for the function of only connecting via VPN, but after upgrading to 3.012, this option has disappeared!? I guess I can still set it -or program it- in the advanced setup somewhere, but I am an absolute greenhorn, when it comes to OpenWRT. Could you please help? Are there any other settings I should be aware of for my purpose?

By the way, after upgrading the firmware I also seem to have some general difficulties connecting to the VPN service. It only works around every second time. The old firmware appeared to work better during my initial testing… Did anyone else experience this problem? Is there a solution? Can I install the old FW from somewhere?

Finally, I haven’t actually tested the TV setup yet, because I wanted to be absolutely sure the VPN connection was stable first, but when I was searching the forum for answers to the above questions, I noticed that the GL-MT300N-V2 is actually rather slow for OpenVPN. Is my idea of using it for TV completely unrealistic? If so, what would be a better (cheap + easy + secure) solution?

Thank you very much for your input and sorry if the topics have been covered already.

Best regards,

V<

When you updated from 2.27 to the 3.012, did you clear all settings?

If not, you might run into some unexpected results…

The 3.012 - the button behavior can be assigned… default is no function, and you should have a choice of using either Wireguard or OpenVPN as an on-off toggle

OpenVPN performance - limited because of compute horsepower - it works, but as you’ve observed, it’s not the most speedy thing - Wireguard is a much better solution there.

Thank you for the quick answer. I believe all settings were cleared when I upgraded the FW. At least I had to enter everything again. And I have assigned the OpenVPN to the toggle switch, but it seems that the “direct” internet goes through until the VPN connection stands.

Anyway, I have tried to understand what WireGuard is all about and it seems like a great option, but can I use WireGuard with “Hide My Ass”? How does that work? I would need a VPN server in Denmark.

MfG,

V<

The firmware v3.x, the “force vpn” option is enforced by default, so there is no such option now.

For connection problem, would you mind to post the logs shown on the vpn page?

Saving power is a bit of a misnomer as the router’s power draw is negligible but you could try powering the router using a USB port on the TV/streaming box. I do this with my set-up using 2 USB ports and a dual (2 >1) USB cable.
HMA is pants - get yourself a decent VPN provider.
You only need about 5 Mbps to stream, so the MT300N-V2 should be fine.

Thank you for the replies. I agree HMA is probably not the best service, but I needed one with a server in Denmark and easy access from all platforms (IOS, Android, Windows…). IF anyone has a better suggestion, I would be happy to hear.

Indeed the power-saving is perhaps a bit exaggerated, but I turn off the entire chain of devices anyway, so it would actually require additional wiring to keep the power to the GL-MT300N-V2 on. Moreover, I only have a certain amount of parallel logins to HMA (5 I think), so I might as well liberate one, when not in use.

As for the bandwith, I can confirm that I get 10Mbps, which seems to be enough for live streaming of TV.

Anyway, in respect of my problems outlined above, I was just running a few experiments like this:

I hardwire my laptop to the GL-MT300N-V2, which is hardwired to my normal router. And I disconnect all wireless connections (flight mode).

On the GL-MT300N-V2 I have installed a VPN UDP client configuration to a Hide My Ass server in Copenhagen, Denmark and I have configured the toggle switch to turn VPN on/off.

I then load this web-site to check my location: https://www.ipvanish.com/check-my-privacy.php (which is actually in Germany). In the OFF position it shows “Germany” and when I turn it to the ON position it says “Denmark” after roughly 30 seconds. So far, so good.

However, since my plan was to disconnect the GL-MT300N-V2 when not in use, I made the following test:

I leave the VPN switch in the ON position and kill the power to the GL-MT300N-V2. When I reconnect the power, I start continuously reloading the page https://www.ipvanish.com/check-my-privacy.php in my browser. For around 35 seconds, while the router is booting I have no connection, but then the page reloads and says “Germany”! However, after roughly 70 seconds, the connection is lost again and after roughly 105 seconds in total it reloads saying “Denmark”.

I suppose that indicates, that I do get “direct” internet before the VPN has connected. That shouldn’t happen, should it? In any event, that was I wanted to prevent, so I won’t get into trouble with my TV box from Denmark. Is there a solution to this or am I doing something wrong?

Anyway, today I luckily haven’t been able to recreate the other general VPN connection problem I had the other day.

By the way, in case someone wonders; HMA does not support WireGuard and has no plans to do so in the near future according to their customer support.

Best regards,

V<

NO, these leaks shouldn’t happen!
They didn’t occur in V 2.7 (or were fixed) but were re-introduced in early incarnations of V3. However, after I reported the leak (see: URGENT - NEW IP Leak (AR 750S) - #12 by glitch) they were fixed straight away (at least for the AR750S).
Can you upgrade to the latest test build and see if the leak persists.
If not, I posted a fix in this link (disabling Masquerading on the WAN interface):
Firewall Settings & Internet Kill Switch / Auto-Force VPN

Thanks Glitsch, unfortunately I am too unexperienced to make use of the workaround.

Anyway, I just received my second GL-MT300N-V2, which I upgraded to 3.012 and it shows the same behaviour, i.e. leaking between roughly 35-50 seconds after I connect power.

Best regards,

I cannot repeat your IP leaks.
Have you already clicked on the VPN connect button before re-booting and testing for leaks?
Maybe it is a cached browser page?
Otherwise, please detail your set-up and procedure for testing for said leaks.

I just tested again today and still have the same problems. I shot a couple of videos of the test if anyone is curios?

Best regards,

V<

Absolutely - please share

Ok, here yog go:

First two more or less indentical videos showing the two problems I have:

1. Leaking before VPN
2. Not relaibly auto-connecting to VPN on reboot (but manual connection works!)
   Dropbox - File Deleted - Simplify your life
   Dropbox - File Deleted - Simplify your life
   (see my post further above for an explanation of my test routine).

Then a video showing that hardware switch on/off actually works with auto re-connect (not always the case)
https://www.dropbox.com/l/scl/AABnV7OTRgK2qTL4lHuD6eOa8os_T6pKnhg

Just a picture showing FW 3.012 installed
https://www.dropbox.com/l/scl/AABMcJZBMGdlcOKW3oPhYW5IGorHb0Jl064

Here the OVPN file used

Have a nice Sunday!

Best regards,

V<

Tried to help out to see your videos, didnt wan’t to register to view them Vagn. But for someone interested in privacy you just leaked a lot of info with your links on a public forum.

Thanks for the hint. Actually I was thinking the same thing when uploading them. It is not that any of it is really “secret”, but better safe than sorry. I’ll take them offline.

Best regards,

Vagn

I tried to register but couldn’t pass the stupid, brainless, moronic captcha!
Now I finally succeeded and the videos are 404, LOL!

Yeah sorry for that; my bad. But I suddenly realised that there was possibly a little too much personal info in the videos to link them publicly. I’ll mail them too you later.
Best regards,

V<