Why do you want to reconnect the device to a different Ethernet port to use another vpn?
If you need a VPN failover, i.e. one device can use the first VPN, when the firmware vpn fails, the device will use the 2nd vpn to connect, this has already been implemented inthe current firmwware v4.8. Don't need to reconnect cables.
Hi, sorry for the delay responding, has been a bit manic these past few months. To answer the question, there are so many reasons why this is useful feature it's difficult to count them, it would be great if I could just setup the router and then very rarely ever need to log in again. 99% of my time with gl.inet routers is spent logging in to change the VPN connection (or unplugging one gl.inet router and plugging in another differently configured gl.inet router because I'm too fed up to have to do so yet again), it would be great and a lot less stressful if I had 4 VPN connections from the same device, one to each LAN port and it would be very rare that any one of them wouldn't be suitable to force me to login and change things. Since I specifically want to move individual devices (cabled) between VPN connections this can only be achieved with a VPN per LAN port (or multiple routers which quickly starts to get silly).
Or as another basic real world scenario you might be able to better understand - imagine you've helped out a friend/family member by setting up a VPN router for them, there may be scenarios where the VPN connection you configured (or specific VPN server you chose) does not connect properly (near uncountable reasons why this may be like VPN server error/VPN credentials expired/specific service they want to access is blocked via the assigned VPN IP address etc etc - the cause is irrelevant at this point, only that there is a need to change the VPN connection). Now at this point do you:
A) Want a phone call to try and guide a non technical user through changing the VPN settings whilst probably out of the house in the middle of something important and not even able to see the GUI to know the names of what they need to click on to do so (if they can even work out how to log on to the router - non technical user remember, just think of how many hours of your life are disappearing here!) OR
B) They move a cable from LAN1 to LAN2 to use a different VPN server/VPN provider/VPN region etc, everything starts working in seconds and no phone call is ever needed
Personally option B sounds great in comparison, I like to help but I DO NOT want to spend my free time doing utterly pointless time consuming IT support, no-one does. With each LAN port giving a different VPN connection and 4 LAN ports for a Flint that's 4 chances of success vs 1 as we currently have.
I also have many physically cabled devices and if I want to connect a specific device to a different VPN service it's so much easier to do so and know exactly how things will route when all I have to do is move a cable, with a switch attached to each LAN port I could easily move many many devices around as I want in seconds without ever having to log on to the router.
Many many more situations where different VPN connections assigned to specific LAN ports would be useful but you get the idea, no point adding more to the list or this post will get very very long!
Hi, This image looks ridiculously complicated to achieve what was a very simple ask (and the idea of trying to support this over the phone for family is already giving me a waking nightmare) but at least as a trial I’d be willing to give it a try, from that image I have absolutely no idea how I’d need to configure it though.
Can you please give detailed step by step guidance for how I’d achieve what is shown in my mock up image two posts above yours, specifically that if a single physically network cabled device was moved between the 4 LAN ports the internet traffic for that device would behave as listed:
LAN port 1: French Internet via NordVPN connection (OpenVPN),
LAN port 2: UK Internet via ExpressVPN connection (OpenVPN),
LAN port 3: USA Internet via PIA Chicago connection (OpenVPN),
LAN port 4: USA Internet via Mulvad Texas connection (OpenVPN)
Ps It’s important the internet kill switch is enabled at ALL times for ALL LAN ports regardless of if the VPN service is enabled or disabled, for blatantly obvious reasons no-one wants leaks if the VPN connection is turned off whilst making changes to the VPN configuration (for example a change of VPN server, change of VPN password etc). I need the safety to know the kill switch actually is a kill switch and won’t start leaking like a sieve unless cables are physically removed when configuring this. At no point should my VPN router ever leak traffic outside of a VPN.
I only mention this as I’m sure I remember reading some disturbing posts a while ago that the kill switch behaviour was changed and now doesn’t work properly so internet can leak past the VPN, worse yet such VPN leaks were configured as the default behaviour when VPN was disabled, hopefully I’m mistaken (or the old behaviour was wisely restored soon after)?
Appreciate the help with this, looking forward to trying it out
Hi, What is the current status of this? I have a spare Flint AX1800 and happy to load beta firmware if not quite finished for public release, would be good to see what has happened since June. thanks
v4.8 does not allow each port with a different vpn yet. It is just a vlan feature needed. We need to add a sepearte vlan to each lan port. Then it is not so difficult to set each vpn to one lan port.
Hi, Now we’re into February any update for when we are likely to see this major VPN usability and functionality improvement?
v4.8 has been around for a very long time so I’d hope v4.9 is nearly ready for some end user beta testing, I’m very eager to test this feature with my spare flint (AX1800) if I can get a beta firmware.
Has been a very long time coming but I’m still excited to try this out, the sooner I don’t need FOUR routers to do the job one Flint could easily manage the better!
Hi @ad-d, if I was in your place I wouldn’t push that much. I have multiple
GL-inet devices around, on my boat for travelling etc and I know other users also use these devices with VPN functionality . I guess there are not a lot of users using multiple VPN’s at the same time (and the I prefer WireGuard instead of OpenVPN.
So altough it is your use case it can be a special one. Give the Development team time to think about a solutionwhich Will fit the need (your need).
Hi, I’m not trying to be pushy so sorry if it came across like that. There has been a long running ask from many on the forum (well before I created this thread) for VLANs in the GUI, gl.inet have previously stated that those are coming in v4.9 and a while back that v4.9 was having final tweaks etc applied if I understood correctly, it didn’t seem unreasonable to ask for a status update even if the news isn’t positive. I appreciate VLANs need some thought to implement which is why gl.inet have been working on it since pre 2024 but VLANs are certainly not a special case (must be the most often asked request on any future feature thread) and my specific use case is hardly unique either, I have at least 10 friends that keep asking me if this is live yet whenever I see them (none on the forum so lucky me gets to be spokesperson!).
Once VLANs are added with v4.9 I’m told it will be easy to achieve what I asked along with much more so I’m understandably excited to try that out, carrying around multiple gl.inet devices and hotswapping between them is something I’d understandably love to avoid.
Fingers crossed v4.9 is indeed coming soon and I’d love to beta test it on my flint to help out if I can.
VLAN functionality is already being worked on and may be supported in a later v4.9.x subrelease; it will not be available in the first v4.9 release.
If you want each LAN port to use a different VPN tunnel, you can go into LuCI and unbridge some LAN ports from br-lan, then create multiple br-xxx and bind the corresponding LAN ports to them. Create a separate zone for each br-xxx in firewall, and you will then be able to select those interfaces in the VPN policy interface list in the GL GUI.
So if I unbridge some LAN ports and make a few other changes in LuCI each LAN port will appear in the gl.inet GUI so I can create a VPN per LAN port via the gl.inet GUI? This sounds very interesting and whilst I'd love to see this all handled in the friendly gl.inet GUI I'd be very interested to give this a try in the meantime.
I'm not really sure what I'd need to do in LuCI to make this happen, could you give some step by step instructions (ideally with a few screenshots so impossible for any misunderstanding) for each part?:
'unbridging LAN ports from br-lan',
'creating multiple br-xxx and binding the corresponding LAN ports to them',
'creating a separate zone for each br-xxx in firewall'
I'm very interested to try this if I can work out what I'm meant to be doing, once I've tested that it works as hoped I can arrange a few working sessions with my friends and help guide them through as well, I know most will be too scared to mess with the 'inner workings' of the router and will need to wait for eventual v4.9.x release but there's at least a few like me that would want to jump straight in!
So I can assign different IPs to the same device depending on what LAN port it is then plugged into so it knows what VPN service to use? I didn’t think such a thing was possible.
Even if it is possible it still sounds like many extra steps (having to pre-configure multiple IPs for every individual device in advance) so not really the direction I’d like to go in. Thanks for the suggestion though.
No, I wasn't thinking you were activating a VPN for a device by which LAN it was plugged into. I was thinking you would assign all the devices plugged into a LAN port a unique IP in a range, and turn on or off a particular VPN for that range in the GUI.
I rarely move wires, but I usually always assign a manual IP address for each of my devices. Then through the GUI I can turn on or off a VPN profile and direct a device to one VPN, or another, or none at all.