One feature that hopefully can get a quick turnaround would be the introduction of OpenVPN 2.6 (scheduled to come out 1 Dec), and specifically ovpn-dco, which at least in initial tests has resulted in massive performance improvements when connected to dco enabled servers. Given that the AXT1800 has substantially better AES-GCM performance compared to ChaCha20-Poly1305, OpenWRT might even be faster than Wireguard (again, when connected to a dco server).
The main hangup, unfortunately, is that dco won’t work on the 4.4 kernel without significant modification (but should on 5.4).
Actually when using kernel 5.4 and 64bit system on AXT1800, Openvpn is up to 600Mbps, same as Wireguard.
But as 64bit system has various problems, eventually not used for release.
Sad! Any chance we could make a test build in the infra builder and mess with it? (Maybe patch it?)
Is this a modem you’re planning to release?
I’d absolutely love to use OpenVPN with the full 600mbps speed! Really hope that a future modem will support it
It is just kernel upgrade and hardware acceleration for AES.
As most users use Wireguard which reach up to 600mbps already, the demand for openvpn is not that high.
Unless you actually want to use it in production
Wireguard is great for basic stuff, but once you start adding any more complicated routing, or have to manage hundreds of devices it becomes unworkable quickly.
Possible to get banip type of software to ban countries like Russia, China, Romania, etc. ?
I’d like to block those connections completely.
Also, a monthly WAN bandwidth tracker would be nice.
a way to send device name to nextDNS?
DNS-over-HTTPS or DNS-over-TLS?
I’m using nextDNS parent control feature, but for now, I can only block websites in general since I can’t send the device name along with the queries.
It looks like the feature is in recent routers for NextDNS.
This is on the GL-A1300 Slate Plus (also on the GL-MT2500 Brume 2):
I do not work for and I do not have formal association with GL.iNet
V2ray client would be highly appreciated! Could this be supported natively so it could work with a kill switch and glinet gui and not via luci?
A native speed test would be nice.
DNS Rebinding Attack Protection
I’m a developer, and I’m working with nip.io to allow me to work with subdomain on my machine, if I turn on the DNS rebinding attach protection, it doesn’t work obviously.
This option is disabled in firmware 4.x by default.
right, that’s what I do right now, but it would be nice not to disable completely, but to have just a set of domains that could bypass that feature (whitelist)
You’ll need to install NextDNS & luci-app-nextdns through plugins. After that just set it up in LuCi
strangely I don’t neither plug-ins when search, even after I hit update button on the top right.
I believe you’ll need to be running firmware V4
@Blobbie01 ah thanks! I don’t think the gl-inet team are not there yet for this for the Velica routers. I’ll have to wait. Thanks for you replies though.
It would be nice to be able to automatically download
txt/lst from the url ( VPN Policy Base on the Target Domain or IP)
With the ability to automatically update at a certain point in time!