It has been tested a lot
Sorry if Im wrong but I donāt think it proves anything. As shown in screenshots it is only connecting through LAN and not WAN as everything is within the same local network regardless of repeater. At no time I am connecting my client from outside the āupstream routerā network. And I had to change DNS to upstream router address. So if Anything it proves to me that we have not proved anything. sorry if I am missing something here.
That also does not address why DDNS is not working
using another closed source service like tailscale is not my idea of internet; and I donāt want to slow down my traffic unnecessarily just to access to IOT devices sometimes.
Dual VPN would be a good workaround but apparently not available on spitz AX. I think that is a real shame when spitz is the router in your lineup that would benefit it the most being constantly behind CGNAT on LTE and starlink situationsā¦ I opened a feature request.
So to resume; VPN server which is kinda useless (at least for 99% of spitz users I guess), DDNS not working; IPV6 breaking all DNS and apparently barely supported; no dual VPN for a flagship travel router, from a previous post openVPN with NORD not working either; I can only make vpn work with wireguard and mullvad. I had a spitz before and it worked fine with nord before upgrading to AX. That is all I discovered so farā¦ Im not very impressed.
if CGNAT is such an issue and GL is making LTE travel routers for lets say prosumer level then it seems fitting to give a solution to that or workaround that is NOT closed source or relying on external providers. Again dual/multi VPN would be acceptableā¦
I donāt know if it is me but everything I try fails out of the box.
I really hope GL takes me seriously because I am not joking hereā¦ I would not recommend your product at the moment. The only reason why I keep it is because it is the only 5G router with multi wan that I know of (ok I did not do much research either but being a previous spitz customer I upgraded to AX naturally). And for those basic needs 5G multi wan needs; they are fulfilledā¦
Yep, because the test was to detect if an issue on the router itself was part of the problem. Itās not, so it will be CGNAT. Differential diagnostics Ć la House M.D.
CGNAT does because the device will push its own WAN address to the DDNS server. This WAN address isnāt the true one - so thatās why DDNS does not work.
*sigh*
Somehow youāre right, but somehow youāre also fundamentally wrong. You could also take out a costly mobile contract for companies that guarantees you a static IP. Then the problem is solved immediately.
The router is just a tool, the customer has to create the basic requirements. With the integration of Tailscale and Astrorelay, solutions have been integrated that help.
IPv6 does not break DNS, but itās still some kind of experimental, yes. However, this is also since not all software and devices can cope with IPv6 yet. Of course, you must also address an IPv6-capable DNS for IPv6.
Well. As you mentioned previously: You.
Thatās not a bad thing, you donāt have to be able to do everything directly. But then you have to deal with it, get friendly help, read documentation and talk to people. OpenWrt is the way it is for a reason - because of the Linux idea behind it. And thatās why itās always a bit of tinkering.
I meant VPN not DNS; my bad; it says as warning when you enable it; it is a fact.
Honestly while I sometime appreciate your feedback; Im just going to give up because you seem to just defend GL for whatever I say. I donāt know what your game is since apparently you are not GL staffā¦ I donāt want to have to constantly justify myself for simple feature request to GL staff and not you.
On dual VPN; Im not fundamentally wrong; you are.
I am just asking for a product that is well rounded; at the moment it is lacking and not up to what it could because of some āsimpleā software updates that already exist in other GL product that also use openwrt so donāt tell me it would be the end of the world to take multi vpn to spitz AX.
Again you are wrong: the router is not just a tool; it is a product; a product advertised for a use case; and using it in its advertised use case shows it is lackingā¦ Go to the spitz AX product page you will see a big RV !! In reality it only works in very few circumstances that have nothing to do with its primary use case and it is very sad when it is actually possible to provide workarounds or GL could be more open and put a warning before buy that many feature will not work if you have CGNAT.
So if I resume your answers: asking me to buy another expensive gl router, then take a costly mobile contract with static ip (that does not even exist here), telling me is not bad not to be able to use openvpn, telling me I am wrong because I ask for working/workarounds on travel features for a travel routerā¦
Your suggestions and constant protection of GL really makes me doubt who you areā¦ Im not sure what your game is here but it is not helping. Helping would be to push GL to do the right thing and provide features needed for the use case of the product they sell. Sounds to me you are here to protect GLā¦
I am a client; I bought a product; I use it and find out it is lacking; it is not me asking for unrealistic demands; it is GL not providing a product up to the task they advertise when I know they know how to do it because of other products they sell having the needed SOFTWARE featureā¦
Donāt worry, I would even protect Cisco or any other company.
Itās not about the company or the product, itās about the technology.
The technology works the way the technology works. Youāve been shown solutions that you donāt accept - then in the end you just have to say: Iām sorry, I canāt help you. And that probably applies to everyone else too - you canāt help if the way - as you would like it to - simply doesnāt work.
I donāt want to argue with you because I couldnāt care less whether youāre happy with the product or not. Because, even if you might not believe it, Iām not being paid for my time here. Thatās why Iām ending this conversation for myself at this point.
I hope that you can find a solution to your problem.
you cannot indeed. only GL can help by updating their software to at least provide a workaround with dual VPN so I can create access point with my own WG server hosted on a vps. I donāt want to use closed source third party providers; I think that is a very valid argument.
You donāt seem to understand the difference between technology and product advertising/clear marketing. I did not know about CGNAT before buying and not many people do. I see a big RV with VPN, DDNS advertising on the product page and I just trust the company. There is no * or warning anywhereā¦ Now after asking and understanding more I ask GL (not you) for a software workaround; nothing wrong with that.
- The root problem is CGNAT. That would be the case regardless of the equipment manufacturer.
- I sent you a HOW-TO on running vanilla OpenWrt on a Raspberry Pi so you can try PBR.
- OpenWrt on RPi will also give you access to a more up to date Tailscale daemon.
- Headscale is the F/OSS alternative for self-hosting Tailscale networks (ātailnetsā).
- CGNAT dictates Headscale would have to run on a VPS.
- LowEndBox.com should be helpful sourcing an appropriate VPS.
- < something about death & taxes here >
Thank you for the detailed how to; I will look into that. loving number 7 btw :))
In the end Im looking for a lean solution.
Full IPV6 support (starlink works with ipv6 apparently) or dual VPN seem to be (for me) the leanest but this is relying on GLā¦ Maybe one day soon hopefullyā¦
OpenWRT on pi + headscale on vps seems to be overkill for my needsā¦ I am not an expert also; looking quickly at the video there seem to be a big learning curve here; not sure if and when I will find the time and energy.
At the moment I think I will try to go for a simple WG server (docker if possible) on an existing VPS (so I donāt have to pay more) and a pi client attached to the spitz connecting to my WG vps server acting as an entry point to my lan. Still not sure if possible; if not Iāll look into your solutionā¦
I really hope GL gives me a native dual VPN or full ipv6 solution or bothā¦
1 Like
That RPi really is your āsecret weaponā in all this. Apologies it took so long for me to notice.
For your consideration. Firezone runs in Docker though Iāve not tested it.
Thank you; Iāll dig into that 
1 Like