Update on 2023 feature requests implemented starting firmware v4.3 and ongoing development

To our GL.iNet community members,

We apologize for the delay in keeping our users updated with the latest developments of the feature requests we received in 2023. Please see the list below, which includes the feature requests we have already completed and implemented, and those we have planned to work on soon.

The list also contains feature requests that require considerable effort to execute and extended time to complete. We've highlighted the ones that were requested by multiple users in bold. For the ones we have planned to work on, we will give an estimated timeframe for development and completion. (Please note that this is not a release preview.) For the ones we will unfortunately not consider, we have provided explanations on why we will not consider them.

As always, your suggestions and feedback are incredibly helpful and will continuously make our products better. We acknowledge the importance of keeping our users updated on the latest developments of our work. To address this, we have made plans to update our product roadmap every quarter or whenever we announce a major firmware release. In the future, we will also optimize our forum to allow our users to share their feedback more easily.

Implemented

Since firmware v4.3

  • Optimized the font color for cellular signal strength.
  • Added a feature to allow setting cellular by operator. (We will preset some operator profiles and gradually add more.)

Since firmware v4.4

  • Added an access control feature to prevent new clients from accessing LAN and WAN.
  • Added the dual-WAN port feature in certain GL.iNet models.
  • Added a feature to block cellular cell towers.
  • Added automatic configuration support for T-Mobile.

Since firmware v4.5

  • Added SIP ALG options.
  • Added the Admin Panel Access Port option to allow users to use port 80/443 for other purposes.
  • Added security options to support disabling HTTP access and using HTTPS access.
  • Added an option to use TailScale as an exit node.
  • Added the Full Cone NAT option.
  • Fixed an issue where WireGuard clients connected to the server via DDNS are disconnected when the server IP changes.

Since firmware v4.6

  • Fixed an issue where hotel hotspots cannot be authenticated.
  • Optimized the VPN client to ensure AdGuard Home’s DNS will not override the VPN client's DNS.
  • Optimized connections via repeater to allow different randomized MAC addresses for different SSIDs.
  • Added support for setting a port range for the external port in port forwarding.

Since firmware v4.7

  • Optimized firewall features to support preventing specific IPs from accessing open or forwarded ports.
  • Added the VPN policy domain list subscription feature to support automatic domain name update from URL.
  • Added client isolation.
  • Client isolation was originally due to be released in firmware v4.5.
  • It wasn't implemented because two clients connected via the LAN port could not be isolated.
  • Added AP isolation.
  • Optimized the flow for adding the WireGuard client configuration file manually and adding support for automatic key generation.
  • Optimized the page names in the web admin panel so that the router's Hostname is displayed in the browser Tab.
Planned with Schedule

Since firmware 4.8

  • Add real-time network speed display for each interface.
  • Add traffic statistics analysis chart, including the history of the interface, and client traffic. (Only cloud display, as frequent writes will reduce the device's lifespan)
  • Locally displayed data will not be saved to flash and will be deleted after rebooting.
  • Add support for exporting data for viewing.
  • Add support for cloud saving in later versions.
  • Add support for exporting debug information.
  • Optimize the WireGuard server to allow custom endpoint domains.
  • Upgrade OpenVPN to v2.6.
  • Add an option to enable or disable VPN on the web admin panel's main page.
  • Optimize the "enable" option for repeater when it is disabled.

Since firmware v4.9 or higher

  • Optimize VPN policies to support multiple VPN clients simultaneously and composite VPN policies.
    • Complete the design by the end of this year.
    • Release the beta firmware by the end of this year or the first half of next year.
  • Optimize VPN policies and add support to enable Kill Switch in VPN policy mode.
    • These will be developed together with the composite VPN policy.
  • Add package description and statistics to the plug-in page.
  • Add whitelist for DNS rebinding attack protection.
  • Add support for setting up VPN policies for devices coming from WAN in Drop-in Gateway mode.
  • Devices with batteries support auto-off settings.
  • Add global speed limit to limit the speed of new clients.
  • Add IP address reservation import/export.
Planned without Schedule

Features that will be in the development pipeline but most likely won't be released within a year

  • Optimize the VPN client to support automatic reconnection.
  • Add QoS.
  • Optimize network storage, resolve issues with FTP and NFS protocols, and resolve some SMB compatibility issues.
  • Optimize the toggle button to support switching the guest network's "enable" status.
  • Optimize S2S to support client devices' access.
  • Optimize support for clients to show they are connected through other VLANs and different DHCP.
  • Add automatic Let’s Encrypt certificate request.
  • Optimize connections via repeater to allow setting up randomized MACs and automatically switching them based on time or data traffic usage.
  • Add an identifier to the currently used interface to the internet page if multi-WAN is used.
  • Move the DHCP Reservation feature to the Clients page.
  • Adjust the maximum length of the administrator password to 64 characters.
  • Add a page to allow users to leave their feedback.
Shelve

Features that we are open to developing but do not have a release timeline

  • Add a built-in speed test tool to the web admin panel.
  • Add Port Trigger.
  • Add Port Protection.
  • Optimize parental controls to support disabling adult content for children.
  • Add DoH, DoT, and DoQ blocking.
  • Add VLAN management.
    • Waiting for a more suitable product model
  • Add a feature to allow users to shut down sleep devices with battery remotely.
  • Optimize self-captive portal. (Set the captive portal used by the client to connect to the GL.iNet router, not the repeater to connect to the hotspot. This feature has not been migrated to firmware v4.x and there are no plans to develop it.)
  • Add display for device connection time.
  • Add backup or restore settings.
  • Add Vulnerability Scanning.
  • Optimize VPN traffic display with support for saving and manual clearing.
  • Add support for mesh and 802.11r/802.11s.
  • Optimize DNS to allow different DNSs to be assigned to different clients.
  • Optimize NTP Support secure NTP servers or use DNS-based time sources.
  • Add alerts for SIM card traffic overage.
  • Add the auto power on/off function.
  • Add support for client request monitoring.
  • Add the wireless bridge (Layer 2 bridge, no NAT) mode.
    • Requires support for the original chip which is not available in all our current models.
    • Will be developed for the appropriate models in the future.
In Discussion
  • Add more enabled SSIDs for different sub-networks, new SSIDs for VPN-dedicated channels or IoT-dedicated network entry.
    • Some of the usage scenarios for this feature overlap with the feature of Composite VPN Policies
    • Should be developed in conjunction with the VLAN management feature
  • Add an option for toggle switches to switch VPN client configuration.
    • Some of the usage scenarios for this feature overlap with the feature of Composite VPN Policies
  • Add total data traffic limit feature to cellular, support overrun alarm and auto disable.
    • We need to look at the degree of bias in the data statistics
  • Add a feature to enter encrypted DNS manually.
  • Add support for HeadScale.
  • Add support for custom DoT / DoT / DoQ.
  • Optimize Internet tracking and DNS servers used in the DNS option.
  • Add backup exit node option to TailScale for Failover.
  • Add ContrlD to encrypted DNS.
  • Add Zenarmor.
  • Add the docker to the available package list.
  • Add IP Passthrough.
  • Provide VPN servers as VPN operators.
  • Add secondary connection(Russian PPOE) settings.
Rejection

We will not consider the following requests

  • Add ZigBee interface.
  • Add support for SSR/V2Ray.
  • Add support for SFTP.
  • Add an option to allow users to change country or region. (Authorization Standard is not allowed)
  • Optimize Tor to allow users to use Tor and VPN at the same time.
  • Add buttons to the UI to allow users to access U-Boot. (Technically unattainable.)
  • Add VPN scheduled connections.
  • Add band steering.
  • Add pi-hole.
  • Add file explorer.
  • Add Torrent tool.
  • Add CIFS kernel support for Ubuntu to MV1000.
  • Add a feature that passes all traffic through an SSH tunnel.
  • Add a feature to implement the extroot configuration.
  • Don’t blow the router name around by NETBIOS. (Technically unattainable)
  • Optimize Wi-Fi txpower option to allow users to set value. (Authorization Standards is not allowed)
  • Add OpenDNS.
  • Lower fan start-up temperature.
  • Add package installation path option to support installation to USB storage devices.
  • Add support for UPnP.
  • Add support for Wake on LAN.
    • It's not stable enough and has mediocre client device compatibility
    • There are too many alternatives
  • Add support for destination-based policy for Tor.
  • Optimize repeater connections by allowing settings to set whether DNS rebinding attack protection is enabled for each SSID setting.
  • Add Policy Settings Support to SIP ALG.
  • Add an SSH Terminal Page in the Web Admin Panel.
  • Add support for cellular WCDMA band block or open.
  • Allow modification of Wi-Fi country code.
  • Add policy settings similar to a VPN policy for Load Balancing.
  • Add SIM card calling feature.
  • Add multi-Wi-Fi password feature, Wi-Fi support configure to connect to different VLANs with different passwords.
  • Add VPN obfuscation.
  • Add a node selection policy for Tor.
  • Add Kill Switch for Tor.
  • Optimize the Override DNS Settings option, support setting the list to be overridden
  • Add a simple DNS blocking feature.
  • Add Watchcat to automatically reboot Wi-Fi when disconnected.
  • Add support for multiple USB cellular modem accesses and allow setting a balanced load for them.
  • Add an option to turn off detecting whether a new firmware version is available.
  • Optimize USB cellular modem compatibility, open them to lock base station, and traffic logging features.

Update Records

April 20, 2024

We have developed some solutions to the common problem of not being able to repeat public hotspots with captive portal (such as hotels/airport/malls). In order to make these features available as soon as possible, we have decided to split the original 4.6 version into two, the current 4.6 and 4.7 versions. Features that are still in development will be moved to the 4.7 release. Subsequent releases will follow in that order.
The 4.6 beta is expected to be available for MT3000, AXT1800 and other models by early May.

7 Likes

Only cloud is depressing. Can’t the data be saved to the microsd or USB drive?

‘’‘Add traffic statistics analysis chart, including the history of the interface, and client traffic. (Only cloud display, as frequent writes will reduce the device’s lifespan)’‘’

4 Likes

Hi? I need this Feature request for VPN.
When using “VPN Policy Base on the Client Device”, Please give “Target Domain Exceptions” Options.

Because, while I want some devices always on VPN, some government and bank app/websites fail on those client devices.
.
.

“VPN Policy Base on the Target Domain or IP”
This option above is already failing (breaks web sites) and cannot keep up when web masters add new third party domain material in their design

EDIT: I see new firmware mentioning,…
“Optimizing the VPN client to ensure AdGuard Home’s DNS will not override the VPN client’s DNS.”
…I hope users are not Forced into using VPN DNS :expressionless: and there is an option to use AdGuard Home’s DNS when admin wants it

I’m just hoping the clusterf**k of the Beryl AX firmware gets fixed.

It’s the worst, and most unstable of my 6 Gl-inet routers. Too unreliable to even consider taking on a trip.

The upside, though, is that I’m getting really experienced at using Uboot :wink:

4 Likes

:rofl: I hope new devices will have Dual-Boot Firmware protection and storage. I know so many motherboards already have Dual-BIOS (for Failsafe purposes). This could be another feature request for New (if not possible for old) devices :grin:

In a Dual-Firmware Router, admin can boot/test and/or keep old stable/unstable firmwares Both

1 Like

This is mutual exclusive. So you have to figure out by yourself what mode you want to use.
You always have the way to use a VPN app on the device itself instead of the router. And 3rd party sites will always be a problem because the system can’t know what 3rd party stuff is going to load.

I was thinking the same thing, Adguard home is blocking ads on my VPN VLAN which is cool, but using the VPN DNS it won’t block anything, only on my normal network

Thank you for the detailed update. What is the most appropriate way to signal support for the in-discussion Headscale support? This would be the number one feature for me.

Thank you

1 Like

Adguard is doing fine job of listing all the third party domains opened by any given websites. If Target Domain Exceptions feature is provided (where users inputs domain list), internet will be perfect! :grin:

But this feature exists already. You can simply enter all domain exceptions?

I tried that,… even after mentioning domains that is suppose to go through VPN, it somehow didn’t (some bugs maybe?).

This is why i came up with Target Domain Exception list WITH VPN Policy Base on the Client Device as exception is expected to smaller in processing then “Target domain or IP”'s huge allow list processing

Policies only work if you use your router as main DNS server. Make sure that there is no other way the device will get DNS answers. (Like browsers sending DNS request via DoH)

This ones is the most important to me! :zap:

These will be good, but not critical :slight_smile:

P.S: When MudiV2 will have 4.7?

1 Like

Browsers and networks are configured to use Automatic settings from router (no custom DNS whatsoever).

In my simple youTube test, i listed all the domains contacted by youtube.com and put them inside list of “VPN Policy Base on the Target Domain or IP” and youtube still detected local country.

However, when i used “VPN Policy Base on the Client Device”, all seems to work as expected

This, listing domains and putting it in the goThroughVPN list is way more painful then NotGoThroughVPN “Exception list”. Either of ways, a better router’s automatic calculation in milliseconds of outgoing domain request is required here?

Hey guys - an easy feature request... how about a difference in background color in the Gl-inet Admin Panel under the clients section that differentiates between networks. For example, with background color in the row, I could easily differentiate between devices on the guest network vs my primary network. Should take 1 minute to add with CSS... or maybe a few extra minutes if you decided to make it optional or configurable. Thanks!

5 Likes

Agree, there’s some nice changes they could make in terms of appearance to the GUI, but that’s not too important though, stability and features first, firmware 5x might have a cooler design who knows, for example new color for the icons, red indicators when a client is using a lot of bandwidth and green when they’re not using it, etc. Those little details are nice.

Very good idea. It will come.

You're right. Let's think about features first. the UI/UX part we'll focus on optimizing in one of the big version. It may be 5.0, or 4.8/4.9.

2 Likes

It's funny, I posted an enraged rant on here a couple weeks ago after failing to get Beryl AX into repeater mode with a 2.4GHz network...

Then after posting, realized that in the previous house where I'd installed Beryl AX, I'd had the exact same problems (minus the ranting in the forums)...

And yet, upon giving up and switching the "backhaul" network to 5GHz, the Beryl AX repeater is rock solid stable.

Ain't it always the case with GLi products, you gotta twiddle until you find the magic combo of settings which results in months of perfect performance without interruption!

I really hope they get more of the bugs fixed, and follow thru on setting up a better way for people to report bugs in the forums. I'm still encountering bugs in brand-new GLi devices which were present in devices from 2019-2020.

1 Like

Feature Request:

  1. Group Isolation [Enabled/Disabled] (name 1, 2, 3,....)
    Admin can select devices that can communicate within the group and other devices are automatically denied

  2. Device Management Allow/Deny list
    Only specific devices can access Admin Panels of router (based on allow and disallow list)

2 Likes