I have a GLinet Travel Router BE-3600 and would like to ask about VLESS/TPROXY support.
I followed the v2raya setup instructions (xray-core) from their GitHub README and added my personal VLESS configuration. However, I encountered an issue when selecting the Transparent Proxy/System Proxy Implementation.
When I choose REDIRECT (which, as I understand, only supports TCP), the internet works fine - both from the router's SSH terminal and for clients connected via the router's Wi-Fi. However, when I select TPROXY, I encounter an error: I am still able to access the internet from the router's SSH terminal, but Wi-Fi clients are unable to connect.
Could anyone please kindly help me with this issue?
I have the same router (GLinet BE-3600, aka "Slate 7") and have also managed to install v2raya by following their official instructions on GitHub (cannot add a link). I have installed "packages for the nftables-based firewall4 (command -v fw4)" instead of "packages for the iptables-based firewall3".
My router is operating in a repeater mode (i.e., it connects to the main router via wifi to get access to the internet).
I cannot access internet at all (i.e., both in REDIRECT and TPROXY modes). Even worse, when I try to connect to my personal VLESS server in v2raya GUI, it seems that v2raya freezes and I have to reboot the router to be able to use Internet again.
Could you please clarify which instructions you have followed to install v2raya on your router (i.e., which packages did you install) and share "Settings" in your v2raya GUI to see whether I can reproduce your case?
I ended up purchasing Beryl AX (instead of Slate 7), because it is possible to install vanilla OpenWRT on Beryl AX. Slate 7 is on Qualcomm processor, so it is questionable whether it will support vanilla OpenWRT in the near future. I did not know that when I purchased Slate 7.
I downloaded the latest “sysupgrade” image of OpenWRT for Beryl AX from the official website - Making sure you're not a bot!, then installed it on Beryl AX.
Then I installed v2raya using their official instructions for OpenWRT.
For a strange reason I could not download some v2raya-related packages with my regular IP address, so I had to connect my Beryl AX to a EU VPN server first to make sure that all packages are accessible.
For the avoidance of doubt, the router should not be in a repeater mode, it should operate in a router mode (i.e., DHCP server on Beryl AX should be on and it should assign local IP addresses to clients connected to the router).
After the above steps are completed, v2raya works as expected. Moreover, podkop (see GitHub) also works just fine (although it is still beta and instructions do not seem to be available in English). I haven’t tried passwall2 yet, but you can give it a try (instead of v2raya).
The bottom line is that the above packages should work as expected on vanilla OpenWRT (not Gl.iNet’s customised OpenWRT).
I suggest that you install vanilla OpenWRT first, then make a simple set up of your network (just to make sure that your client devices can access the Internet), and then install various packages. But please not that these packages (e.g. podkop and passwall2) may conflict with each other, so better try one-by-one.
Good morning silent thanks for the extensive reply. It was working just fine on repeater mode as well prior the last v2raya update. Anyhow will do some more tests and let the forum know.
How did u manage to install podkop? Can you share your steps?
Thanks
You are welcome. Once you have vanilla OpenWRT installed, it is very easy to install podkop, just run the installation script from their GitHub page via SSH on your router (it is the only script on that page; this forum does not allow me to insert the relevant link).
But please note that it changes the settings in Network -> DHCP and DNS -> “Forwards” and “Resolv and Hosts Files”. So, if you turn podkop on, then disable its auto start and then reboot the router, you will not be able to access the Internet. However, podkop will revert these settings back if it is properly stopped. You just need turn podkop off in Services -> Podkop -> Diagnostics -> Stop Podkop (in that case the relevant changes will be reverted).
It is interesting that v2raya worked even when your router was in the repeater mode. But that won’t be the case in respect of podkop for which router should be in “router” mode.
If you try passwall2, please feel free to share the results as well.
Hi xnpu, as I am now running vanilla OpenWRT on BerylAX, I don't have the GL-iNet interface on this device, hence the confusion in terminology.
I have checked my Slate 7 and, indeed, in the GL-iNet's interface the router could be a "Repeater" under the Multi-WAN setting and, at the same time, a "Router" (i.e., "Create your own private network. The router will act as NAT, firewall and DHCP server") under the Network Mode settings. I was referring to the "Extender" mode (i.e., when the router merely extends coverage of an existing wireless network and does not act as a DHCP server capable of assigning local IP addresses to its own wireless clients).
Did you manage to get v2raya up an running on your Slate 7 (with GL-iNet's firmware installed, not vanilla OpenWRT)? As I mentioned above, this did not work in my case, so I had to switch to Beryl AX with vanilla OpenWRT.
I'm having the same issue. LAN traffic is not captured, no matter I use REDIRECT or TPROXY. I also tried Passwall with xray and the result is the same.
The xray connection works properly. DNS requests from the router itself go nicely go through it. But the firewall rules fail to feed it the LAN traffic.
I suspect the GL-iNet firewall is different from the vanilla OpenWRT firewall in a way that the v2rayA/Passwall firewall scripts do not expect.
i managed to install v2raya via precompiled packages, it connect but it leaks. I do not know hat happened but it used to work great just before the latest upgrade
I’ve been facing the same issue as you here with V2RayA in TPROXY mode on the Slate 7 (GL-BE3600). After hours of debugging, packet tracing, checking nft chains, tcpdumps, etc. I can confirm that the root cause is that the glinet firmware does not include full support for tproxy nor br_netfilter (even if the packages for tproxy or br_netfilter appear to be installed). And they are needed for v2rayA to work properly in tproxy mode. Those modules are either missing or stubbed out, and trying to manually install the correct versions via opkg is risky.
Also, no Vanilla OpenWRT is available for this router yet (sadly), and even if it was, I don't think that the touchscreen support would be included (which I don't want to lose).
I did manage to make V2RayA work in Redirect mode, which does handle TCP proxying as expected (and working). However, as stated by several of you, the DNS requests from clients are not captured in this mode, so unless you apply manually iptables/nftables rules to redirect UDP port 53 to a local DNS resolver (like V2Ray’s internal DNS), you’ll get DNS leaks.
Personally, I didn’t want to mess with low-level nftables on a stock firmware that does its own internal network zone management, so I decided to go with a much simpler solution, and I now run all my routing logic and proxy rules on another home router/server that I control fully, and from the Slate 7 I just connect via a native WireGuard tunnel to that network.
I was expecting that such a setup could be worse due to the additional hop, but I'm quite surprised at how fast it is, and much more simple to configure on the Slate7