List of current feature requests 2022

I got a nice one as request :slight_smile:

please make support for vpn policies for different network interfaces currently it has only hardcoded for br-lan and guests.

I did a look myself if its even possible but I made a small prototype:

expand for snippet
. /lib/functions.sh

ignore_iface_list="eth0 eth1 eth2 eth3 eth4 lo" #add wgclient/tun0 if something in the future changes.
iface_list=""

LoadInterfaceAwareness() {
	iface_list="" #empty the list first.
	echo "{vpnpolicy} == [Checking VPN Policy interface awareness!] =="
	config_load network # load the configuration
	config_foreach Populate_Bypass_interfaces 'interface'
}

Populate_Bypass_interfaces() {
    config_get devname "$1" 'device'
	config_get devgateway "$1" 'ipaddr'
	
	echo "{vpnpolicy} vpnpolicy" "test: $devname"
	
	if [ ! -z "$devname" ] && [ ! "${ignore_iface_list[*]}" =~ "$devname"]; # check if its null and also does not contain in our ignore list.
	then
		echo "{vpnpolicy} registering interface subnet $devname for vpn policies with gateway $devgateway"
		iface_list+="$devname"
	fi
}
example of kill switch
killswitch_update()
{
	# entry added by xize
	LoadInterfaceAwareness()
	# end entry
	
	killswitch="$(uci get vpnpolicy.global.kill_switch)"
	iptables -F ROUTE_POLICY 2>/dev/null
	[ "$killswitch" = 0 ] && {
		#iptables -A ROUTE_POLICY  -i br-lan -m mark --mark 0x80000/0x80000  -j ACCEPT 2>/dev/null
		#iptables -A ROUTE_POLICY  -i br-guest -m mark --mark 0x80000/0x80000  -j ACCEPT 2>/dev/null
        
		# entry added by xize
		for iface in $iface_list
		do
			iptables -A ROUTE_POLICY  -i $iface -m mark --mark 0x80000/0x80000  -j ACCEPT 2>/dev/null
		done
		# end entry
	}
}

basicly openwrt has a helper script ( /lib/functions.sh) to iterate through parts of the configuration, though I never got it to work when I presumely tried to edit the /usr/bin/route_policy script, so instead I hardcoded it, but maybe it can give others a idea, maybe the ignored interfaces can be part of ui or something? :slight_smile:

2 Likes

VPN policy for vlan, right? Planed to have this part. But vlan is generally very confusing and difficult to configure, especially mixed with other policies.

1 Like

Not only for vlan, but for different interfaces/devices other than br-lan and guests, but I think for this there needs to be some sort of blacklist of interfaces/devices to be ignored, I kinda tried this in my snipped code.

I think that would be super :+1:

Edit example:

Currently wlan0 and wlan1 and wlan1-1 devices have their own interface with dhcp on my setup in this case those interfaces don’t get policy routed I wish these get routed :yum:

1 Like

Yes. We plan to bind each interface to a vlan and do vpn policy based on vlan. Hope this is the correct direction.

3 Likes

How do you update to 4.0?

I don’t know if this is a feature request or a bug report, but addressing the current problem with Wireguard and Dynamic DNS should be high priority. It’s the only reason I bought this device. In short, wireguard connections fail when the target’s IP address changes - they are not reresolved. Due to GL-I.net’s custom way of handling this, the including wireguard_watchdog script fails.

1 Like

Is there a plan to add vlan management in the gl.inet webUI ?
I’m doing that in luci for now, but it would be nice to be able to create vlan’s from the main webUI.

6 Likes

Agree, this would be really nice addition indeed.

Hi,

possibility to set the wifi region from the gui, I know that via ssh or luciit is possible but the settings maybe vary between the different models and I have the impression that other settings are also modified by luci.

Thanks

3 Likes

Hi,
I know this post is out of context or order, Yet, the roadmap mentions, it will not allow us to create backups to configurations or firmware for 2022? that appears counterintuitive, if we are spending time performing tests in OpenWRT.

I’d like to see additional insight into the ports and how to protect them from attacks. Or how to install additional VOIP application in additional Asterix.

thanks,

2 Likes

Add 10GbE ports, Would love to have a router like the Brume 1 (or flint?) with upgraded ethernet ports to take advantage of higher speeds now being offered in the US (ie: 2.5Gbps, 5Gbps plans).

2 Likes

To get that speed the majority of people would have to update their cables to at least CAT6a and I can tell you for a fact that many new construction installs used CAT 5e to save money and are on a 8 year lifecycle.

4 Likes

FEAUTURE REQUEST
Some routers can work with VPN and TOR at the same time
Example:

1.- VPN → TOR → LAN
In this case the router make a VPN Connection client and later connect to TOR finally all clients connected to the LAN will use the TOR IP

2.- TOR → VPN → LAN
In this case the router make a TOR Connection client and later connect to the VPN Client finally all clients connected to the LAN will use the VPN IP

Other feauture is what For prevent IP leak with tor connection close all DNS Request with UDP Protocol and just accept TCP request.

1 Like

This is a more reasonable setup.

NO I want unreasonable, after VPN I need a AWS VPN before TOR and a proxy jump after. :rofl:
Keep up the great work

@panpan @alzhao

Anything new on the client bandwidth graph / quarantine feature?

Please consider assisting clients with a product that can host a network of Internet of things that need to talk to each other not guests and family or small business resources that need to be protected or isolated from these iot devices.

Great! In Spain there are some ISP offering 10Gbps over xgspon (Digi, Orange…). In others UE countries also it’s been suitable now.

1 Like

Client bandwidth graph There is no better solution to get it exact. The results are much better on Windows/MAC using professional software. So no development plans for now.

FEATURE REQUEST:

DNS Filter - Ability to override a specific client DNS servers, currently it’s only possible to override all of them.
I think it will be very useful, I use it constantly on a router from another company. For example you can put a family safe DNS for kids phones and a SmartDNS for the TV etc.

1 Like