My GL.iNet Odyssey: From CGNAT Hell to Astrowarp Limbo… Any survivors out there?

Hello everyone,

I’m Emzeder, new here but already a “seasoned veteran” of the full GL.iNet frustration package. I’m a tech professional working in Canada, and my job requires secure remote connectivity from wherever I am (home, client site, airport, foreign hotel… you name it).

I thought I had a clever plan:

a Flint 2 permanently in my office (in repeater mode, behind ISP dynamic IP & CGNAT)

a Slate AX as my travel buddy everywhere.

Spoiler: the plan crashed and burned.

Since day one, WireGuard site-to-site was dead on arrival → CGNAT brick wall.

OpenVPN client/server? Same result → CGNAT says “nope”.

Tailscale? Blocked for reasons I still haven’t fully understood (even though I had it running fine on other devices in the past).

The Flint 2 and Slate AX combo quickly became two expensive paperweights.

I then followed GL.iNet support’s suggestion to test Astrowarp as my savior…

Big mistake.

The exit node on my Flint 2 and the Slate AX client setup initially connected but with a mind-blowing 660 ms latency(in my Canadian city, not Toronto!).

This made any Teams/Zoom call practically a time-travel experiment .

And then, after any reconnection or failover (which happens constantly with mobile usage)… Astrowarp simply refused to reconnect.

To be clear: both my local networks (ISP home and LTE data) have ~30 ms latency independently. Toronto promised a max of 246 ms… yeah, sure.

As a final desperate act, I tried an obfuscated VPN profile via NordVPN on my Slate AX → still blocked. Obfuscation? More like “illusion”.

So here I am, after 10+ days of wasted troubleshooting, countless CLI commands, factory resets, upgrading tailscale packages manually (don’t ask how many times), tweaking every setting, chasing logs full of “Operation not permitted” or “flag provided but not defined: -tun”, with zero working remote access solution.

At this point, even my routers have developed an attitude.

(I swear my Flint 2 silently laughs at me when I try something new.)

So I’m here, waving my little white flag to the community:

Has anyone survived this GL.iNet + CGNAT + exit-node + obfuscated VPN mess?

Any real-world workaround that allows remote access without 1-second latency or constant disconnections ?

I sincerely appreciate any help. If someone has the miracle configuration that works under these conditions, you will have my eternal gratitude.

Thank you!

I have a couple ar300m routers, running OpenWRT, behind cgnats, that I set up to connect on power up, via wireguard, to a cloud sever I get for free from Oracle. The Oracle cloud server has a static IPv4 address.

On this cloud server I redirect a few ports to send the traffic to each of my ar300m over the wireguard links. On the ar300m routers I run multiple VPN services including Wireguard, OpenVPN and SoftEther.

It was a real pain to set up, but has been stable for years now. This gives me 2 residential IP addresses, one for each ar300m, which I can't get with my cloud server.

Sorry but any manual settings for VPN server shall not work with CGNAT, as it doesn't has a global accessed address to build the connection. In this case you need the help of a 3rd cloud server, which can provide such global access and build a internal with the VPN server router.

Tailscale shall work with it as itself is based on the 3rd party cloud server. While by default the exit node is not supported, you can use it to build the internal network without problem. For this fail issue, you can sent out the system log or share the router to us. We will try to find the cause.

For the Astrowarp issue, please you share some more screenshots on the settings and send us your mac address in private message. We will check the disconnection and high latency issue.