VPN from Iran - blocked access

Until we hear back from @solidus1983 if he has a stock build for the Flint v2 (GL-MT6000), I would prefer to not recommend flashing the ‘snapshot’ build that OpenWrt, the organisation, has for the GL-MT6000. Snapshots are really, really new attempts at building firmware for devices. To say they’re not even ‘beta’ quality is an understatement. They are developer attempts. You will have problems.

I’d prefer to hear what @solidus1983 has to say. He’s quite intimate with the inner working of the Slate Plus, Slate AX, Flint v1 if not the Flint v2.

Actually installing stock OpenWrt on a GL device is pretty easy; instructions are on the device page by OpenWrt. They refer to U-boot; U-boot usage is explained in the GL Documentation for Debricking.

What I would do is make a backup of your Flint v2’s current state as it stands before proceeding in any direction. Installing the OWRT snapshot requires some foundation skills but it’s not rocket science. If you can handle this HOW-TO, you’ll be far more able than most to flash vanilla/stock:

(The thing about all this is that you would have this exact same trouble if you got the ExpressVPN version so don’t feel bad; the Flint v2 will serve you better in the long run. You just jumped into ‘the deep end’ a little too early. It’s still better than being late. :wink: )

1 Like

Snapshots are ok to me, using them for my builds which is what my main network runs 100% of the time.

Doesn’t PBR-Iptables work? As my builds still use FW3, if the nftable version is required you are going to need to use openwrt’s builds and use the firmware selector tool to include what you need.

2 Likes

Tbh, I don’t know. The tutorial installs v2ray which requires some modules to be installed as well. Since I don’t know the modules, I am not aware if they are fully compatible with the GL firmware. Maybe it’s just easy, and you can follow it without taking additional care?

<snip>
# Check your firewall implementation
# Install the following packages for the nftables-based firewall4 (command -v fw4)
# Generally speaking, install them on OpenWrt 22.03 and later
opkg install kmod-nft-tproxy
# Install the following packages for the iptables-based firewall3 (command -v fw3)
# Generally speaking, install them on OpenWrt 21.02 and earlier
opkg install iptables-mod-conntrack-extra \
  iptables-mod-extra \
  iptables-mod-filter \
  iptables-mod-tproxy \
  kmod-ipt-nat6
</snip>
1 Like

Thanks for responding; if you’re OK w/ snapshots, then.

I seem to recall PBR’s docs state nft is highly recommended if not a dependency for it. Give the Iranian regime situation I’m tending to lean on it if it will help ensure no leaks. On second thought it may not even be necessary if all traffic is to route over v2RayA anyways. OP can speak to that, of course.

@GreenCat

Oh, look! It looks like U-boot isn’t even needed to flash stock OWRT for the Flint v2. They have a LuCI compatible Sysupgrade image:

https://firmware-selector.openwrt.org/?version=SNAPSHOT&target=mediatek%2Ffilogic&id=glinet_gl-mt6000

LuCI → System → Backup / Flash Firmware → Flash new firmware image → [ Flash image … ]

Wait 5 minutes or so for it to complete the process. The router’s default IP will become 192.168.1.1 instead of GL’s 192.168.8.1. Disconnect & reconnect your computer so it gets an updated LAN IP. You’ll then have to log into the Flint v2 via SSH & execute

opkg update; opkg install \
luci \
luci-ssl \
uhttpd \
liblua \
libubus \
libubus-lua \
libuci-lua \
lua \
luci-base \
luci-lib-ip \
luci-lib-jsonc \
luci-lib-nixio \
luci-mod-admin-full \
luci-theme-bootstrap \
rpcd \
luci-app-firewall \
luci-app-opkg \
luci-proto-ipv6 \
luci-proto-ppp \
&& /etc/init.d/uhttpd enable; /etc/init.d/uhttpd start

🢁 Paste that as one full line. That should install the LuCI GUI on your new, stock OWRT 23.05, at https://192.168.1.1 . root is still the default login.

1 Like

Fcvk iptables. nft is mainline Upstream; eventually we’re all going to have to deal with it anyways. Might as well start cutting our teeth on it sooner than later.

3 Likes

Theres also iptables wrappers around like iptables-zz-legacy which interprets iptables to nfttables.

i believe pbr-iptables is not a wrapper since it links iptables in its dependency.

But yea i find this rather confusing, i never liked the change from upstream Linux iptables to nfttables :yum:, OpenWrt seems to heavily rely to some wrapper hack… i see this with docker too!

Though i believe the oem firmware still use iptables or a wrapper, the question more is if it supports all those modules idd :+1:

2 Likes

inb4 blowback/shyte hits the fan when it doesn’t.

2 Likes

Thank you againg for your time and effort… also everyone else…
So i go into that link and download the last file… ( in pic )

then will need to SSH right?
I use ubuntu btw. Can i use putty for ssh? sorry if its noob question. If im using Linux as my main OS doesnt mean im sogood at command lines. it just means i pretend to be good :stuck_out_tongue:

Then After SSH. i need to do what again? im somewhat confused.
Thanks again for your time. i really appreciate this and I hope this thread can help others too who will be searching for it. in the future.

Great Community we have here. Many helpful and informative and friendly people with a loot of knowledge! Glad i picked GLinet

Yes, you can. If you open a terminal in ubuntu, you can also use the command “ssh root@192.168.1.1

Do the command bring.fringe18 said. That one starting with “opkg update;”. That installs the luci web-interface onto stock OpenWRT.

Once that is done, you can manage many basic things using https://192.168.1.1/ (like Wifi-networks under Network → Wireless). Once you’re at that point I believe someone will probably try to see if he can help out with v2ray I guess.

2 Likes

Thank you i will try it tonight and will put screenshot here or if there’s any issue.
i appreciate yall helpz

You can copy & paste output from the Terminal/command line interface (CLI) instead of screenshots.

Before posting, use three backticks (```) as a new line before and after the pasted output to format it properly… like what I did for that opkg update; opkg install [...] code block.

```
like
this
```

This forum supports the Markdown formatting language. You may find other forums using the same.

1 Like

Not sure i understood what did you mean here by " …"
I’m going to flash it now anywho…
Thanks again a universe

You don’t always need to post screenshots. Text output fr the CLI can be posted

```
like
this
```

like
this

(The […] just means there’s more to that line but I truncated it because it wasn’t relevant. There’s no sense reposting it all.)

1 Like

Sorry for keep posting…
Do i need to check these boxes?
Thxxxx

I would most certainly skip the backup here. I think it’s better to have a clean slate to work with.

You can make a quick backup of the existing set up you can by using LuCI → System → Flash / Backup Firmware → Backup → [ Generate archive ]… but remember: that resulting tar.gz file is for the GL version of OpenWrt.

1 Like

Hi again. sorry im back. I did flash. Then it connected to Wifi again. looks like my wifi setting is same… however it still had 192.168.8.1
so i did try connecting my laptop with LAN ( wire) to do SSH
but i get these…

ssh: connect to host 192.168.1.1 port 22: No route to host
---
angelina@angelina-Predator-PH315-51:~$ ssh root@192.168.1.1
ssh: connect to host 192.168.1.1 port 22: No route to host
---
angelina@angelina-Predator-PH315-51:~$ sudo ssh root@192.168.1.1
[sudo] password for angelina: 
ssh: connect to host 192.168.1.1 port 22: No route to host
---
angelina@angelina-Predator-PH315-51:~$ 
---
COuld you please guild me alittle bit more? Im stuck here. Thxxx

Please use backticks to format the output… that really does help & not hurt the eyes.

try ssh root@192.168.8.1 . If you can log in with the same password as the GL GUI then I’m mistaken that the Sysupgrade image was the best option to use. We’d have to look at using the U-boot image & process.

1 Like

Just to say… On LAN it detected 192.168.1.1 Not 8.1 so i guess it must have been some wifi thingy…
I will edit this…
Edit SSHing 8.1

The authenticity of host '192.168.8.1 (192.168.8.1)' can't be established.
ED25519 key fingerprint is SHA256:EH8ExDPulPQPqJh9OvQQ7l/fHgD9QhqynQC7kZObLOU.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])?.


**edit 2: ok i will use Ethernet**
------

![Screenshot from 2024-01-27 00-19-22|690x489](upload://abEwv8KBW4Jr0dvzkhSW1hw0zPF.png)
1 Like

Don’t use Wi-Fi at this point until you have confirmed everything is set up on stock. Use an ethernet cable.

1 Like

sry i didnt know how to get rid of (```) for next line. i know i need to learn it. but since ur time is limited i dont want to waste your time now.
here is a screenshot of what i see when connected by lan

1 Like