I already did with 4.6.0-op24 
On Flint2 MT-6000 it's being rock solid for my use
I assume you did this as a clean upgrade/install, without any keep settings?
Will Marble owners be able to test 4.6?
The DHCP issue was solved from one of 4.6.0x versions (i don't recall which version) and if you're using 4.6.2,.. it's will never show up,..
Although, when i had these issues,.. I sent my Exported Log to handsome's PM on May 30
unfortunately it has a VPN DNS bug, the fix was added to other releases but not the OP24 branch
The first release of the op24 was installed wipe clean because you know, different kernel and etc, after that I keep the settings with the following releases
That's why I always said "for my use"
1 Like
I would like to report an issue on Flint2.
I have set up Wireguard VPN client and conditional routing (split tunnel) with domain records. Which means that I have set up some domains that I want to be routed using the wireguard tunnel.
Once I enable the wireguard connection, it does indeed work for clients connected to the network, but the router itself stops resolving dns for its own use. For example I cannot update the packages list, or if I ssh to the Flint2 and try to nslookup or ping google.com, it will not work.
- Version 4.6.2
- Firmware Type release1
- Compile Time 2024-06-28 09:59:09 (UTC+00:00)
Same bug as I reported here: Brume 2 policy routing dns leaks - #19 by teleney (might need to scroll up a little) this was on the brume 2. I believe it's addressed on my Brume 2 now but obviously might need applying to your firmware too?
My way of making the router resolve again was to stop wireguard client, go to network > DNS. Change the DNS to any other setting than it is and click apply, then change back to "automatic" click apply - if you dont see the options then make sure adguard is disabled. Once you have adjusted the settings in the DNS then re-apply adguard home (if it was enabled) turn on the Wireguard client again and now your router should resolve / update packages.
If you reboot the router and the Wireguard client is enabled then the same problem will happen, you would need to repeat the same steps.
1 Like
Works for me. I use policy based routing with domains using Wireguard client and AdGuardHome.
root@GL-MT6000:~# nslookup google.com
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: google.com
Address 1: 142.250.178.14
Address 2: 2a00:1450:4009:826::200e
root@GL-MT6000:~# cat /etc/version.date
2024-06-28 17:59:09
root@GL-MT6000:~# cat /etc/version.type
release1
root@GL-MT6000:~# cat /etc/config/vpnpolicy
config policy 'global'
option kill_switch '0'
option wan_access '0'
option service_policy '1'
option vpn_server_policy '1'
config service 'route_policy'
option proxy_mode '3'
config policy 'vlan'
option private '1'
option guest '1'
config policy 'domain'
option default_policy '0'
option manual '1'
option domain 'browserleaks.com
browserleaks.org
browserleaks.net'
root@GL-MT6000:~# cat /etc/config/gl-dns
config dns
option mode 'auto'
option override_vpn '0'
root@GL-MT6000:~# cat /etc/config/adguardhome
config adguardhome 'config'
option enabled '1'
option dns_enabled '0'
root@GL-MT6000:~# cat /etc/config/wireguard
config proxy 'global'
option global_proxy '1'
config providers 'AzireVPN'
option auth_type '1'
option procedure '0'
option group_id '3207'
config providers 'Mullvad'
option auth_type '2'
option procedure '1'
option group_id '6174'
config providers 'FromApp'
option auth_type '1'
option procedure '0'
option group_id '5493'
config groups 'group_3207'
option group_name 'AzireVPN'
option group_type '1'
option auth_type '1'
option procedure '0'
config groups 'group_6174'
option group_name 'Mullvad'
option group_type '1'
option auth_type '2'
option procedure '1'
config groups 'group_5493'
option group_name 'FromApp'
option group_type '3'
option auth_type '1'
option procedure '0'
config groups 'group_1426'
option group_type '2'
option auth_type '0'
option group_name 'ProtonVPN'
config peers 'peer_2001'
option group_id '1426'
option name 'ProtonVPN Estonia #20'
option address_v4 '10.2.0.2/32'
option address_v6 ''
option end_point '95.153.31.114:51820'
option private_key 'REDACTED'
option public_key 'REDACTED'
option presharedkey_enable '0'
option allowed_ips '0.0.0.0/0'
option dns '10.2.0.1'
option persistent_keepalive '25'
option local_access '0'
option masq '1'
I had to reset the router to factory and set it up again in order for it to work.
But now thereās another thing. Even though dns resolution works on the router, if for example I do curl ifconfig.io (not on the domain-through-vpn list) on the router ssh it does show me the vpn serverās public ip. On clients selective routing does work correctly.
You need to do sudo -g nonevpn curl ifconfig.io
Why though? Shouldnāt selective routing apply on the router by default? Why does all traffic go through the VPN?
To avoid VPN leaks by DNS for example.
VPN is priority always.
1 Like
When you are pinging from the router, without an interface selected, it will select the best interface to ping from. In this case, the router says the VPN connection is the best path. It never does through the firewall or routing engine to do this, so all of that configuration is ignored. The router will act just like a computer would in that regard.
@yuxin.zou can you please consider adding many guest networks? At least 3?
OpenWRT supports this, just need to modify some files wich is not really good for most users.
Most routers like Tp-Link, D-Link, Asus, linksys has from 5 to more guest networks.
But you are only (or one of rarest) manufacturer that provides only one guest network!
Now your user can only own:
| 2,4 GHz | Main network | Guest network |
| 5 GHz | Main network | Guest network |
So one guest network per frequency!
It is not enough, especially that some devices still canāt use 5 GHz.
1 Like
Why should you need more Guest networks?
You can setup as many SSIDs as you like, if you are familiar with OpenWrt.
Please keep in mind that GL routers are home routers ... so mostly 1 guest network is enough for people.
Firmware: 4.6.2 Release 1 (28/06/2024)
Device: GL-MT6000 (Flint 2)
My Google Pixel 7 started to disconnect automatically on the DHCP Release Time, not extending the lease time (720 minutes).
Connected:
Sat Jul 6 21:22:15 2024 daemon.info dnsmasq-dhcp[9873]: DHCPREQUEST(br-lan) 192.168.6.171 46:cb:ad:0c:e8:ef
Sat Jul 6 21:22:15 2024 daemon.info dnsmasq-dhcp[9873]: DHCPACK(br-lan) 192.168.6.171 46:cb:ad:0c:e8:ef Pixel-7
After 50% of the Lease Time, Pixel 7 sent another DHCP request.
At this moment, the DHCP server should extend the lease time to additional 720 minutes.
Sun Jul 7 03:22:15 2024 daemon.info dnsmasq-dhcp[9873]: DHCPREQUEST(br-lan) 192.168.6.171 46:cb:ad:0c:e8:ef
Sun Jul 7 03:22:15 2024 daemon.info dnsmasq-dhcp[9873]: DHCPACK(br-lan) 192.168.6.171 46:cb:ad:0c:e8:ef Pixel-7
But, when the lease time is reached (720 minutes since the first connection), the device is disconnected, not respecting the request sent 6h ago:
Sun Jul 7 09:22:15 2024 kern.warn kernel: [527783.815747] 7986@C08L2,ap_peer_disassoc_action() 3645: ASSOC - 1 receive DIS-ASSOC request
Sun Jul 7 09:22:15 2024 kern.warn kernel: [527783.824163] 7986@C01L2,wifi_sys_disconn_act() 1002: wdev_idx=2
Sun Jul 7 09:22:15 2024 kern.notice kernel: [527783.830395] 7986@C08L3,hw_ctrl_flow_v2_disconnt_act() 172: wdev_idx=2
Sun Jul 7 09:22:15 2024 kern.warn kernel: [527783.837473] 7986@C13L2,MacTableDeleteEntry() 1938: Del Sta:46:cb:ad:0c:e8:ef
1 Like
I've encountered a nasty bug on adguard that freezes entire router (requiring manual power Off and On again).
I have a huge filter lists and custom rules. I got freezes When I unblocked few sites, kept on refreshing, scrolling down query log,..
The moment adguard starts showing progressing animation for long (after doing some or all above actions),.. All things gets frozen
4.6.2 dated 27,.. Flint 1
1 Like