VPN from Iran - blocked access

Hi. hope you’re all doing fine
I’m trying to use teh VPN feature, OPENVPN. It never connects. i guess its either my ISP blocking Openvpn or maybe theres a bug in router?
Also. Are there any hope that protocol "lightway " by expressvpn would be working on GLnet routers one day?
Or am i stick with wiregaurd or openvpn for good? Because my ISP has blocked all WIregaurd or openvpn protocols… atleast i can tell by terying the vpn app on my phone or laptop myself. so no wonder it wont connect on router. Only protocol which works is Lighway which is for express vpn
They have a router themselves. But i decided to go with flint 2. as it has better specs. and its not linked and limited to one vpn provider only.
Thank you very much

Fun fact: the Expressway router is a Flint v1 w/ their own custom firmware.

If you can’t use even use OVPN using TCP (check if you’re using TCP or UDP) from even your phone & presumably from the Expressway mobile app, then nah, man; it’s Chinatown. Time to get a new ISP… & one that doesn’t use CG-NAT. You’ll thank me later.

1 Like

Which ISP do you use?

1 Like

I really hope OP is mistaken; I would be furious to know my ISP if fcvking up my packets!

Name & shame, @GreenCat . We are not a merciful “”“community”“”. Give us their blood!

1 Like

lso thanks everyone else for replies and good information. such as carrier grade NAT nd such…
To say china town… Id say worse…
It’s Iran, And its terrorist regime blocks most vpns. Only V2ray protocol works here, and Xvpn ( which is a chinese vpn i think, then some random servers of express vpn lightway)
I can’t use the app on the phone tpo test TCP. because expressvpn has removed all old protocols on its app… same as all other vpns.
Id be glad to learn more
Appreciate all the comments

1 Like

Well, that’s fucked up then.

You could try to utilize Mullvad. At least they tell that there are ways to connect from countries like Iran: Using Mullvad VPN in restrictive locations | Mullvad VPN

You can find the bridge servers by sorting this list: https://mullvad.net/en/servers

It could be possible that you won’t be able to run it by using your router, that depends on the technology that Mullvad utilizes.


Thank you for the info.
I’m counting to make it work on the router. setting up a bridge, or shadowsocks. seems complicated to me, specially on the router. but for sure i will and would do n learn it if its possible.
so fr my focus is on the router, otherwise i can somehow connect to vpn with little struggle on the phone or laptop.
thank you very much for your help x

I would say that running shadowsocks on the router itself might work, but needs a lot of effort and some self-scripted monster of VPN configuration manager.

Generally speaking, it’s not supported:

In that case, you can only use a local VPN client, unfortunately.

1 Like

Hello Admon
I was watching a video last night, which he was able to install and connect via v2ray easily on an openWRT Glinet router.
Im deeply looking for its documentation to set it up on my own router…
I looked at the Applications. and i found that V2raya ( latest version of v2ray according to the video ) is installable on flint 2.
Here is the video i watched. Please if you ca have a watch see if it makes sense? Thanks


I’ll check it later since my router is in use right now and my wife would kill me, when the connection drops now. :laughing:


I’m sorry that some governments and ISPs block internet traffic. It would be nice to have an open internet for all.

Do you have a friend outside of Iran who could setup a cloud system as a private VPN, or even better, allow you to put a small router at their place to use their internet? It is not trivial, but not impossible to learn how to setup a remote VPN server with V2Ray, ShadowSocks and SoftEther. SoftEther is an opensource VPN package out of Japan and it is also good at hiding your IP traffic, and getting through firewalls.

This remote router or cloud system would not need to be very powerful. I am running multiple VPN servers at a family members house on a AR300M, which is one of the cheaper GL iNet routers. I also run these same VPN servers on a free Oracle Cloud (OCI) VPS.

Once your remote server is working, then at your restricted location, it would be possible using the generic OpenWrt firmware on a router to install the clients. I don’t know how to do it with the GL iNet firmware, as they seem to block loading the ShadowSock and some other VPN package.


Thank you for your input, and yes Hope all dictatorships and terrorist regimes will fall down so people can live freely in their own country. Ours is occupied by these islamist maniacs.
Anyway yes i have people outside to do that for me but id rather put no hassle or trouble on anyone for me.
Id be willing to pay and get my own server if its possible and set it up but the way you’re saying looks like GLinet firmware has some differences from “generic” openWRT. i was thinking the skin is different only, my bad.
I guess if its to much work i will be sticking with using VPN apps instead setting it up on router. But to bad to let all these nice spec of the Flint 2 to go waste!
Thanks for your help anyway Eric

1 Like

I just checked the tutorial they provide, and I won’t try it on my device because it’s really deep into the system config. They remove dnsmasq (to install the full version) and do a switch between nftables and iptables. Unfortunately, GL is mostly based on iptables, so I would say this will cause issues here.

In my opinion, the only way to get this working without starting to cry is by converting the device into a plain OpenWrt one.


Fcvk me; that’s an issue to severely understate it.

@solidus1983 : Hey Rogers, do you have a build for the Flint v2, preferably without iptables, of vanilla OWRT 23.05? OP is going to need dnsmasq.nftset for Stangri’s full PBR which requires dnsmasq-full. It’s suppose to allow " Any policy can target either WAN or a VPN tunnel interface." I presume that’d also apply to ShadowSocks, STunnel, v2Ray, etc.

@GreenCat : Going with ‘vanilla’/stock OWRT starting to look as how I’d do this. GL has too many limitations in their custom firmware given the hostile territory you’re in. You need unrestricted access to full OWRT & their up to date package feeds. You don’t want to have traffic monitored if/when an ‘old’ protocol is outdated.

1 Like

Hello bridge. Thank you for the info.
I like Glinet skin ( firmware ) looks nice and pretty.
Do u think its worth flashing it with “vanilla/stock OWRT” ? If so i need to learn how to do it… Also are there any way to get back into GLinet firmware, in case things went south?
Thank you so much and everyone else for Trying to help. I appreciate this a looot.

Hello Again Admon.Just to confirm. The dnsmasq Full is already installed onto Flint 2

Yeah, if there’s anyone who need vanilla OWRT, it’s you. You really do need full access to the OpenWrt ecosystem. GL builds an incredibly easy to use GUI but they also make some deep modifications to OpenWrt to make that happen. That’s a problem.

The fact that GL themselves are based in a hostile terrority that is the CPC some VPN technologies aren’t going to be supported… for example, if you bought your Flint v2 in Asia from, say, Alibaba, you wouldn’t have any VPN options. I wish I was kidding.

Regarding GUIs: stock OpenWrt ships with a GUI known as LuCI. It’s already on your Flint v2 (GL GUI → System → Advanced Settings; same password as GL GUI, username root ). It really is more advanced… but you’ll still have problems from the GL customizations regardless (eg: iptables firewall/routing modifications).

Can you access Youtube without interference/restrictions in Iran? I’ll explain why I ask if you can.


thanks for ur answer.
No we dont have access to youtube, whats app, telegram, instagram, facebok, twitter… u name it; even google play! is filtered and we need VPN to access pretty much everything and every app and site!
sorry i dont know much about LuCi. I would also need some help to flash to Vanilla OPENWRT. if you or anyone here would be kind to guild me please.
Edit" BTW i bought mine from Amazon US. and a family member brought it here for me. so explains why i have vpn option on mine still

Until we hear back from @solidus1983 if he has a stock build for the Flint v2 (GL-MT6000), I would prefer to not recommend flashing the ‘snapshot’ build that OpenWrt, the organisation, has for the GL-MT6000. Snapshots are really, really new attempts at building firmware for devices. To say they’re not even ‘beta’ quality is an understatement. They are developer attempts. You will have problems.

I’d prefer to hear what @solidus1983 has to say. He’s quite intimate with the inner working of the Slate Plus, Slate AX, Flint v1 if not the Flint v2.

Actually installing stock OpenWrt on a GL device is pretty easy; instructions are on the device page by OpenWrt. They refer to U-boot; U-boot usage is explained in the GL Documentation for Debricking.

What I would do is make a backup of your Flint v2’s current state as it stands before proceeding in any direction. Installing the OWRT snapshot requires some foundation skills but it’s not rocket science. If you can handle this HOW-TO, you’ll be far more able than most to flash vanilla/stock:

(The thing about all this is that you would have this exact same trouble if you got the ExpressVPN version so don’t feel bad; the Flint v2 will serve you better in the long run. You just jumped into ‘the deep end’ a little too early. It’s still better than being late. :wink: )

1 Like

Snapshots are ok to me, using them for my builds which is what my main network runs 100% of the time.

Doesn’t PBR-Iptables work? As my builds still use FW3, if the nftable version is required you are going to need to use openwrt’s builds and use the firmware selector tool to include what you need.