On my Spitz AX GL-X3000, I would like to run several VPN clients. From the forum posts I understand that it should be possible to have 2 VPNs using OpenVPN and Wireguard in Route Mode. However, in that mode it seems to be only possible to do the filtering based on Target Address. In my case it would need it to be done either based on VLAN (I have configured more VLANs using Luci) or ip address range. Can this be done using configuration files if the GL UI doesn't support it? I wanted to use PBR package for that, but then found out that it is missing in the repos.
Hmm not to discourage you or anything.
But wouldn't it be a better idea to use OpenWrt without the gl firmware ?
With openwrt you can create multiple vpn tunnels, and with the same protocol instead of wireguard to openvpn that would be much stable since openvpn is just slow and gives also extra overhead.
Recently with pbr they also made a change to detect vpn clients and servers by the listening ports.
However this may now also conflicts with gl's vpn protocol because it is entirely different, you can see this in luci as unknown and the luci-proto-wireguard is incompatible.
There need alot of hacking around to get this to work when you may can just skip this and go with OpenWrt instead.
1 Like
I thought about that. However, there is no stable vanilla version of OpenWRT for GL-X3000 yet. Right now I am fully dependent on 5G internet. From the forum posts, I understand that the snapshot version of OpenWRT for my model using 5G has some disconnection issues and I would take a major hit on internet speed. So far GL-X3000 works great for me, it's just the lack of additional VPN instances that is a problem right now.
In that case you have two options:
- You read the commit data on github + what people say on OpenWrt forum to pick the best stable version of the snapshot you can find (snapshots dont come with web ui but you can install it with ssh,
opkg install luci), there is also a online image builder where you can specify luci.
Or
- Depending what kernel is used you can either install luci-proto-wireguard, luci-app-pbr (if not exists you might run a very old openwrt, then try luci-app-vpnbypass), if both don't exists try adding Stangris repo however new versions of pbr require nfttables you can find this info here, this may not work well under older kernels.
Then set policy routing to Customize Routing Rules and then don't use the gl vpn software to configure vpn, just create the vpn from luci as intended by luci-proto-wireguard.
I see. Unfortunately, there is no PBR in the repos so I would need to go with luci-app-vpnbypass if I go that route. Thanks for the input.
1 Like
Also it is possible you don't have to set the vpn policy to Customize Routing Rules i used it sometime ago so it won't interfere too much, but i used the gls vpn software, so likely it just works with the default mode to since you use openwrts.
1 Like
Good to know. Thanks
Actually, solution number 2 turned out to be pretty simple to implement with these packages. There is no need to change Global proxy setting on GL-inet UI side.
1 Like