I am not following at all where the 192.168.128.252 address is coming from.
It showed up on the GLiNET Admin Page (see picture above), just above the gateway. I am hazarding a guess it’s the IP assigned by the Wi-Fi I am repeating?
elorimer said:
I am not following at all where the 192.168.128.252 address is coming from.
It’s the remote LAN address that the Slate AX is connected to (i.e. the Slate’s WAN address)
But then how can the gateway be 192.168.0.1?
Probably because they have it configured as a /16 or something (even though they probably shouldn’t).
The ping shows 100% packet loss to the default gateway. If it really is /16 then that AP is trying to handle 16,000 devices. Something is very wrong.
Perhaps turning off the VPN entirely, and doing a tracert to 8.8.8.8 would show what is going on.
Okay, I connected my Beryl to a wifi hotspot outside the house, and my OpenVPN client connections to my home server worked perfectly, both for accessing the lan and the internet in split and geolocating modes.
I’ll have to wait on a 4.0 device to look at this again.
Here it is, hope this means something to you :-). I had a few tries, never used tracert before and my fat fingers struggled with iterminal on the iPhone, hence the aborted attempts…
I tested it again at work today btw no joy.
I will take the SlateAX to a coffee shop at lunchtime and see if I can run it off a battery and get some joy out of it. The snapshot FW was recommended by GLiNET for an issue I was having with it constantly rebooting when connected in repeater mode to 5G networks, it fixed that issue I think, although does not affect this scenario anwyay, as it connects at 2.4GHz.
p.s. re the 16,000 devices, the Wifi is at an Airport, do you think this is by design i.e. trying to cater for masses of people?
k.
Thanks elorimer, appreciate you doing this test, I will do my own at a new hotspot, as noted below.
Are you going to wait for their “new” travel router or go with the “hot” Slate AX? At first glance (and this may be slightly unfair), looking at the number of models and the comments here, it seems they seem to going for planned obscelence faster fixing than the S/W 
k.
Ok so I tested it at lunchtime, two different Wi-Fi hotspots, one with and one without a captive portal … and both Work!!
So it seems like the Airport Wi-Fi has some other setup or routing which prevents OpenVPN over the Slate AX; noting that it doesn’t prevent it over a direct connection to that Wi-Fi …???
No Biggie, but if that TraceRoute I did above can tell us (GLiNET) what it is the Slate AX OpenVPN implementation is “not” doing, that the OpenVPN implementation direct from phone manages to do (to make the up/down connection work) it’d be a good step forward.
k.
No Biggie, but if that TraceRoute I did above can tell us (GLiNET) what it is the Slate AX OpenVPN implementation is “not ” doing, that the OpenVPN implementation direct from phone manages to do (to make the up/down connection work) it’d be a good step forward.
It’s possible that the issue isn’t actually related to the the particular implementation at all.
Spitballing:
As elorimer noted, it’s odd that your router got a 192.168.128.X address, but the gateway was 192.168.0.1. This seems to imply that particular network is configured as a /16 (meaning all 192.168.X.X addresses). Again as elorimer notes, there’s no good reason to do this, but some admins like to space out their address space, even though it’s not great practice (I actually run a /18 at home and work).
If that’s the case, then the network you were connecting to would be a superset of all the other networks you’re trying to connect to, and it’s very possible that things got weird. The screenshots you posted later seem to show a more sane architecture (192.168.100.0/24), which lies outside any of the networks you’re going to be connecting to.
As a sidenote, this is a large part of the reason I always change the LAN IPs on travel routers to some random /24 or /25 in the 10. space. You’re far less likely to connect to a network where that is going to be an issue. Many years ago when I started using travel routers, I ran my home network in the 172.20.X.X space, which coincidentally is the address space that a large hotel chain uses for their guest WiFi at many of their properties. Moving to something random (e.g. 10.45.45.0/24) makes this a non-issue.
According to that tracert, from the Slate Lan, you went to what is likely the default gateway on some other router (192.168.0.1, which we saw before) and then to another private ip address (the 172.16. address) and then out to the internet. No tunnel at all.
Hi elorimer I’m a wee bit confused surely there’s no Tunnel because I turned it off for the test as you advised above ?
k.
@ jdub thank you but I’m going to have to go away and do some serious reading before I can even begin to grasp the meaning of this discussion about /16 /18 / 24 etc, at the moment it’s just a thousand yard stare😄. Thanks l
k.
I’m a dope. Yes, that was the point, and it shows the default gateway was 192.168.0.1 and out the internet like we imagined. I thought it might explain where the 192.168.128.252 came from, but whatever that is didn’t interfere with things.
I don’t think it really comes into it, but the /24, etc notation is a way of describing the mask that is used in defining the subnet. If the mask is 255.255.255.0, then the first three numbers of the net have to match to be reachable; thus 192.168.1.xx. But this is just a convenient way of describing what is actually a 32 digit long binary number, divided into four groups of 8 digits. So describing a net as /24 means the first 24 binary digits have to match: 192.168.1. Describing a net as /16 means the first 16 digits have to match, thus anything that is 192.168.xx.xx will be in the net. But that is 256 x 256 possible ip addresses. Describing it as /32 means that all of the digits have to match. It is a little like a post office address: describing it as a /32 address means your house, and that is the only place the post office delivers it to; describing it as /24 means anyplace in New York City, and the post office has to try each address; and /16 is anything in New York State, so the post office travels to each address in the state. It’s much easier to have a /24 network with a default gateway, and for the DG to have a route to another default gateway, etc, so you can have the traffic reach any of 16000 addresses by trying at most 1*256 possible hardware addresses. That’s why it was so weird to see a 192.168.128.xx address with a default gateway of 192.168.0.1.