Slate 7 (GL-BE3600) No Internet, DNS Repeater Issues

Routers VPN, DNS, Leaks
1

I've travelled with my new Slate twice now and have had no success. Both hotels had capitive portals, but once connected (even in public hotspots mode) the captive portal will never load even though it looks to route to the correct url (comparing phone login vs router). I always get a "No internet" page with "DNS_PROBE_FINISHED_NO_INTERNET". I've tried google, neverssl, IP route of hotels, etc but the captive portals never load for me.

I'm home now but to test I wanted to repeat my phone's hotspot to test. I was able to get internet using ethernet on my home network and tethering, but when repeating the hotspot, it says I have internet but nothing ever connects. Just the DNS error listed above.

I have VPN, AdGuard, and all DNS options disabled for testing so I am not sure where the issue is. Any ideas?

2

1.Please let us know your network topology and the model numbers of the devices in your network.
2.Please SSH to the router, and execute the commands:

#1
logread -f&
#2
iptables-save -t nat
ip6tables-save -t nat
ps | grep dnsmasq
cat /tmp/resolv.conf
cat /tmp/etc/dnsmasq.conf.cfg*
#3
cat /tmp/resolv.conf*
cat /tmp/resolv.conf.d/*

And send us the results of the execution.

2 Likes
4

Hi,

Please also tell us this result:

curl -v www.neverssl.com
5

Here is the output of the commands you requested. Let me know if I need to do anything else.

root@GL-BE3600:~# logread -f&
root@GL-BE3600:~# iptables-save -t nat
# Generated by iptables-save v1.8.8 (nf_tables) on Tue May 20 11:05:27 2025
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Tue May 20 11:05:27 2025
root@GL-BE3600:~# ip6tables-save -t nat
# Generated by ip6tables-save v1.8.8 (nf_tables) on Tue May 20 11:05:39 2025
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Tue May 20 11:05:39 2025
root@GL-BE3600:~# ps | grep dnsmasq
 5283 root      2092 S    {dnsmasq} /sbin/ujail -t 5 -n dnsmasq -u -l -r /bin/
 5286 dnsmasq   3248 S    /usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf.cfg01411c
 5299 root      3236 S    /usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf.cfg01411c
29563 root      1268 S    grep dnsmasq
root@GL-BE3600:~# cat /tmp/resolv.conf
search lan
nameserver 127.0.0.1
nameserver ::1
root@GL-BE3600:~# cat /tmp/etc/dnsmasq.conf.cfg*
# auto-generated config file from /etc/config/dhcp
conf-file=/etc/dnsmasq.conf
dhcp-authoritative
domain-needed
localise-queries
read-ethers
enable-ubus=dnsmasq
expand-hosts
bind-dynamic
local-service
filter-AAAA
cache-size=1000
edns-packet-max=1232
domain=lan
local=/lan/
addn-hosts=/tmp/hosts
dhcp-leasefile=/tmp/dhcp.leases
dhcp-script=/usr/lib/dnsmasq/dhcp-script.sh
script-arp
resolv-file=/tmp/resolv.conf.d/resolv.conf.auto
dhcp-broadcast=tag:needs-broadcast
conf-dir=/tmp/dnsmasq.d
user=dnsmasq
group=dnsmasq


dhcp-ignore-names=tag:dhcp_bogus_hostname
conf-file=/usr/share/dnsmasq/dhcpbogushostname.conf


bogus-priv
conf-file=/usr/share/dnsmasq/rfc6761.conf
dhcp-range=set:lan,10.6.9.100,10.6.9.249,255.255.255.0,12h
enable-ra
quiet-ra




root@GL-BE3600:~# cat /tmp/resolv.conf*
search lan
nameserver 127.0.0.1
nameserver ::1
cat: read error: Is a directory
root@GL-BE3600:~# cat /tmp/resolv.conf.d/*
# Interface wwan
nameserver 10.41.75.234
root@GL-BE3600:~# curl -v www.neverssl.com
> GET / HTTP/1.1
> Host: www.neverssl.com
> User-Agent: curl/8.6.0
> Accept: */*
> 
< HTTP/1.1 200 OK
< Date: Tue, 20 May 2025 18:07:44 GMT
< Server: Apache/2.4.62 ()
< Upgrade: h2,h2c
< Connection: Upgrade
< Last-Modified: Wed, 29 Jun 2022 00:23:33 GMT
< ETag: "f79-5e28b29d38e93"
< Accept-Ranges: bytes
< Content-Length: 3961
< Vary: Accept-Encoding
< Content-Type: text/html; charset=UTF-8
< 
<html>
	<head>
		<title>NeverSSL - Connecting ... </title>
		<style>
		body {
			font-family: Montserrat, helvetica, arial, sans-serif;
			font-size: 16x;
			color: #444444;
			margin: 0;
		}
		h2 {
			font-weight: 700;
			font-size: 1.6em;
			margin-top: 30px;
		}
		p {
			line-height: 1.6em;
		}
		.container {
			max-width: 650px;
			margin: 20px auto 20px auto;
			padding-left: 15px;
			padding-right: 15px
		}
		.header {
			background-color: #42C0FD;
			color: #FFFFFF;
			padding: 10px 0 10px 0;
			font-size: 2.2em;
		}
		.notice {
			background-color: red;
			color: white;
			padding: 10px 0 10px 0;
			font-size: 1.25em;
			animation: flash 4s infinite;
		}
		@keyframes flash {
		0% {
			background-color: red;
		}
		50% {
			background-color: #AA0000;
		}
		0% {
			background-color: red;
		}
		}
		<!-- CSS from Mark Webster https://gist.github.com/markcwebster/9bdf30655cdd5279bad13993ac87c85d -->
		</style>

		<script>
			var adjectives = [ 'cool' , 'calm' , 'relaxed', 'soothing', 'serene', 'slow',
							'beautiful', 'wonderful', 'wonderous', 'fun', 'good',
							'glowing', 'inner', 'grand', 'majestic', 'astounding',
							'fine', 'splendid', 'transcendent', 'sublime', 'whole',
							'unique', 'old', 'young', 'fresh', 'clear', 'shiny',
							'shining', 'lush', 'quiet', 'bright', 'silver' ];

			var nouns =	  [ 'day', 'dawn', 'peace', 'smile', 'love', 'zen', 'laugh',
							'yawn', 'poem', 'song', 'joke', 'verse', 'kiss', 'sunrise',
							'sunset', 'eclipse', 'moon', 'rainbow', 'rain', 'plan',
							'play', 'chart', 'birds', 'stars', 'pathway', 'secret',
							'treasure', 'melody', 'magic', 'spell', 'light', 'morning'];

			var prefix =
					// Choose 3 zen adjectives
					adjectives.sort(function(){return 0.5-Math.random()}).slice(-3).join('')
					+
					// Coupled with a zen noun
					nouns.sort(function(){return 0.5-Math.random()}).slice(-1).join('');
			window.location.href = 'http://' + prefix + '.neverssl.com/online';
		</script>
	</head>
	<body>
	<noscript>
		<div class="notice">
			<div class="container">
				⚠️ JavaScript appears to be disabled. NeverSSL's cache-busting works better if you enable JavaScript for <code>neverssl.com</code>.
			</div>
		</div>
	</noscript>
	<div class="header">
		<div class="container">
		<h1>NeverSSL</h1>
		</div>
	</div>
	<div class="content">
	<div class="container">

	<h1 id="status"></h1>
	<script>document.querySelector("#status").textContent = "Connecting ...";</script>
	<noscript>

		<h2>What?</h2>
		<p>This website is for when you try to open Facebook, Google, Amazon, etc
		on a wifi network, and nothing happens. Type "http://neverssl.com"
		into your browser's url bar, and you'll be able to log on.</p>

		<h2>How?</h2>
		<p>neverssl.com will never use SSL (also known as TLS). No
		encryption, no strong authentication, no <a
		href="https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security">HSTS</a>,
		no HTTP/2.0, just plain old unencrypted HTTP and forever stuck in the dark
		ages of internet security.</p>

		<h2>Why?</h2>
		<p>Normally, that's a bad idea. You should always use SSL and secure
		encryption when possible. In fact, it's such a bad idea that most websites
		are now using https by default.</p>

		<p>And that's great, but it also means that if you're relying on
		poorly-behaved wifi networks, it can be hard to get online.  Secure
		browsers and websites using https make it impossible for those wifi
		networks to send you to a login or payment page. Basically, those networks
		can't tap into your connection just like attackers can't. Modern browsers
		are so good that they can remember when a website supports encryption and
		even if you type in the website name, they'll use https.</p>

		<p>And if the network never redirects you to this page, well as you can
		see, you're not missing much.</p>

        <a href="https://twitter.com/neverssl">Follow @neverssl</a>

	</noscript>

	</div>
	</div>

	</body>
</html>
root@GL-BE3600:~#
6

It seems that the BE3600 is able to resolve DNS normally based on the commands you provided.

Could you please confirm whether the device was only connected to the relay network when you ran these commands, and that all other network connections were disabled at the time?

Also, may I ask if your phone was still unable to access the internet while running these tests?

7

Hmm, that is odd. I'm not sure what else to say. I can't seem to get anything on repeater working.
If I repeat my phone hotspot, while on the Slate wifi I get nothing on any page I try to navigate to (shows DNS issues on Chrome/Safari). If I connect directly to the hotspot wifi network I have no issues. The phone also has no issues with the internet.

I also had the repeater connect to my usual home wifi and had the same issues. Direct wifi connection have no problems, connecting to the Slate where it is repeating my wifi and I cannot connect to anything.

Then as a reminder, once connected the Slate admin site doesn't have any errors showing up. From the admin page it looks like it can connect to the internet just fine. This is what I was experiencing as well at my hotels when I was travelling earlier.

8

Thanks again for your detailed feedback. To further investigate the issue you're experiencing with repeater mode, we’d like to gather a bit more information to narrow down the root cause.(you can repeater connect to your usual home wifi for test).

When you have a moment, could you please help us check the following:

  1. IP address assignment:
    When your phone is connected to the Slate's Wi-Fi, does it receive a local IP address (e.g., 192.168.x.x)?
    If so, please try to ping the Slate’s admin IP address (usually 192.168.8.1) to confirm it’s reachable from your device.

  2. DNS resolution test:
    While connected to the Slate's Wi-Fi, open your browser and visit:
    :point_right: http://1.1.1.1
    This helps us determine if the issue is limited to DNS resolution.
    Please take a screenshot of what you see and share it with us.

  3. Wired connection test:
    If possible, could you try connecting your laptop to the Slate via Ethernet?
    We’d like to confirm whether the issue also occurs over a wired connection.

These steps will help us better understand whether the problem is related to DNS, routing, or device connectivity. We really appreciate your time and assistance in helping us troubleshoot this.

Looking forward to your update.

9

Hope this helps:

  1. My laptop has a given IP, confirmed through "Clients" and the network settings on the Mac to be the same. I am able to ping the router, and as an FYI I overrode the default IP to be "10.6.9.1" and my IP assigned was "10.6.9.104". My home router shouldn't have any conflicts either if that matters, my local IP range is 10.4.x.x
  2. Navigating to http://1.1.1.1 doesn't show any immediate error, but is stuck loading without any navigation. Eventually I got a "This site can't be reached. 1.1.1.1 took too long to respond". And additionally navigating to www.google.com gives me a "No internet. DNS_PROBE_FINISHED_NO_INTERNET" error.
  3. Wired connection did not work either. I plugged in a USB ethernet adapter, plugged it into the LAN port, I got a new IP but I am still having the same issues navigating to the sites above. Again, from the admin "INTERNET" page the repeater is connected to my home wifi and is green without any errors, so from the routers perspective I should have internet (aligning with the ssh commands I did before).
10

Hi,

May I confirm something status for interfaces:

  1. If connect the BE3600 WAN port to primary router via wired cable, does the clients Internet work? But if connect via the repeater, not only the primary router WiFi but also the phone hotspot, both of them did not work?
  2. When connect BE3600 to the primary router via repeater, please disable the VPN, ADG, and check these in the clients (Windows, CMD):
route print -4
ping <BE3600 router LAN IP>
ping <primary router LAN IP>
ping www.google.com
ping 8.8.8.8

Also, please PM me the issue syslog.

  1. If reset the firmware of BE3600, how about the clients Internet situation when repeater connect to primary router?