I just found out my GL inet router updated 5 days ago (based on new admin ui) and turned off my vpn and kill switch! All of my vpn configuration were lost and I leaked my ip for whole 5 days without noticing. This is a serious breach of security.
All of my configurations were removed! This is fucked up, I didn’t buy a privacy router for this
If the router was updated then the auto update was ON. How could you allow the switch for the auto update to be ON and think that there could be no surprises?
I had Windows broken many times because of some updates and I also had the Android system broken very badly because of a Google bad update.
Auto update is for people with no tech skills or when you have a backup and you are okay if the auto update will break something up.
Expecting that auto update will always be a smooth experience is unrealistic to say at least
I didn’t open this thread if I had the automatic firmware update turned on, think about that for a second.
Also, the option is now gone, I wanted to find ways to turn it off directly in the ssh rather than the ui 'cause I don’t even trust it anymore.
The option is now gone because it is OFF for everyone
Now, tell me why should I trust that after they forcefully updated the firmware on my router despite having the option turned off resulting in all configurations removed and my kill switch and vpn turned off without any news or notifications and besides turning off automatic firmware update is not good like as you’ve said that auto update is for the people with no tech skills, it is important to have for average joes in order to mitigate future security issues. I could see them pull this off again by saying there’s a critical vulnerability blabla and lose my configurations again.
I wasn’t aware that there was a forced update on the routers who had the auto update switched OFF. If this was the case, then the decision was completely wrong or was done by mistake (a mistake that shouldn’t ever happen)
It must be but I wonder why they have an ability to issue forced updates like that, does this mean that my router connects into their servers all the time despite not using anything of their service? The previous routers I’ve owned didn’t have anything like this and you have to download the firmware manually from the manufacturer’s website and install it on your own.
1 Like
First of all, we don’t have the ability to force push upgrades. Only if the user manually enable the automatic upgrade, the firmware will schedule a request to the server for the latest version of the firmware to be downloaded and installed. The trigger for the upgrade is always the device, and the user can disable it at any time.
Secondly, on version 4.x, the automatic upgrade feature has been removed. This scheduled request for updates mechanism has been removed instead of being enabled by default.
Finally, I am very sorry that the recent upgrade was an accident. Autoupdate should not work for cross-version upgrades such as 3.x → 4.x. We’ve removed the 4.x firmware from our servers as soon as we realized the problem, but a number of users still upgraded automatically.
3 Likes
Why was dropping auto updates not listed in the release notes? If you change base functionality, you really should list it in the release notes, as many users don’t have the time to read all the forum posts.
Because we did forget about this feature. The release notes will mention this when it is officially released.