Which ISP do you use?
1 Like
I really hope OP is mistaken; I would be furious to know my ISP if fcvking up my packets!
Name & shame, @GreenCat . We are not a merciful “”“community”“”. Give us their blood!
1 Like
Hello.
lso thanks everyone else for replies and good information. such as carrier grade NAT nd such…
To say china town… Id say worse…
It’s Iran, And its terrorist regime blocks most vpns. Only V2ray protocol works here, and Xvpn ( which is a chinese vpn i think, then some random servers of express vpn lightway)
I can’t use the app on the phone tpo test TCP. because expressvpn has removed all old protocols on its app… same as all other vpns.
Id be glad to learn more
Appreciate all the comments
1 Like
Well, that’s fucked up then.
You could try to utilize Mullvad. At least they tell that there are ways to connect from countries like Iran: Using Mullvad VPN in restrictive locations | Mullvad VPN
You can find the bridge servers by sorting this list: https://mullvad.net/en/servers
–
It could be possible that you won’t be able to run it by using your router, that depends on the technology that Mullvad utilizes.
2 Likes
Thank you for the info.
I’m counting to make it work on the router. setting up a bridge, or shadowsocks. seems complicated to me, specially on the router. but for sure i will and would do n learn it if its possible.
so fr my focus is on the router, otherwise i can somehow connect to vpn with little struggle on the phone or laptop.
thank you very much for your help x
I would say that running shadowsocks on the router itself might work, but needs a lot of effort and some self-scripted monster of VPN configuration manager.
Generally speaking, it’s not supported:
In that case, you can only use a local VPN client, unfortunately.
1 Like
Hello Admon
I was watching a video last night, which he was able to install and connect via v2ray easily on an openWRT Glinet router.
Im deeply looking for its documentation to set it up on my own router…
I looked at the Applications. and i found that V2raya ( latest version of v2ray according to the video ) is installable on flint 2.
Here is the video i watched. Please if you ca have a watch see if it makes sense? Thanks
2 Likes
I’ll check it later since my router is in use right now and my wife would kill me, when the connection drops now. 
2 Likes
I’m sorry that some governments and ISPs block internet traffic. It would be nice to have an open internet for all.
Do you have a friend outside of Iran who could setup a cloud system as a private VPN, or even better, allow you to put a small router at their place to use their internet? It is not trivial, but not impossible to learn how to setup a remote VPN server with V2Ray, ShadowSocks and SoftEther. SoftEther is an opensource VPN package out of Japan and it is also good at hiding your IP traffic, and getting through firewalls.
This remote router or cloud system would not need to be very powerful. I am running multiple VPN servers at a family members house on a AR300M, which is one of the cheaper GL iNet routers. I also run these same VPN servers on a free Oracle Cloud (OCI) VPS.
Once your remote server is working, then at your restricted location, it would be possible using the generic OpenWrt firmware on a router to install the clients. I don’t know how to do it with the GL iNet firmware, as they seem to block loading the ShadowSock and some other VPN package.
4 Likes
Thank you for your input, and yes Hope all dictatorships and terrorist regimes will fall down so people can live freely in their own country. Ours is occupied by these islamist maniacs.
Anyway yes i have people outside to do that for me but id rather put no hassle or trouble on anyone for me.
Id be willing to pay and get my own server if its possible and set it up but the way you’re saying looks like GLinet firmware has some differences from “generic” openWRT. i was thinking the skin is different only, my bad.
I guess if its to much work i will be sticking with using VPN apps instead setting it up on router. But to bad to let all these nice spec of the Flint 2 to go waste!
Thanks for your help anyway Eric
1 Like
I just checked the tutorial they provide, and I won’t try it on my device because it’s really deep into the system config. They remove dnsmasq (to install the full version) and do a switch between nftables and iptables. Unfortunately, GL is mostly based on iptables, so I would say this will cause issues here.
In my opinion, the only way to get this working without starting to cry is by converting the device into a plain OpenWrt one.
2 Likes
Fcvk me; that’s an issue to severely understate it.
@solidus1983 : Hey Rogers, do you have a build for the Flint v2, preferably without iptables, of vanilla OWRT 23.05? OP is going to need dnsmasq.nftset for Stangri’s full PBR which requires dnsmasq-full. It’s suppose to allow " Any policy can target either WAN or a VPN tunnel interface." I presume that’d also apply to ShadowSocks, STunnel, v2Ray, etc.
@GreenCat : Going with ‘vanilla’/stock OWRT starting to look as how I’d do this. GL has too many limitations in their custom firmware given the hostile territory you’re in. You need unrestricted access to full OWRT & their up to date package feeds. You don’t want to have traffic monitored if/when an ‘old’ protocol is outdated.
1 Like
Hello bridge. Thank you for the info.
I like Glinet skin ( firmware ) looks nice and pretty.
Do u think its worth flashing it with “vanilla/stock OWRT” ? If so i need to learn how to do it… Also are there any way to get back into GLinet firmware, in case things went south?
Thank you so much and everyone else for Trying to help. I appreciate this a looot.
Yeah, if there’s anyone who need vanilla OWRT, it’s you. You really do need full access to the OpenWrt ecosystem. GL builds an incredibly easy to use GUI but they also make some deep modifications to OpenWrt to make that happen. That’s a problem.
The fact that GL themselves are based in a hostile terrority that is the CPC some VPN technologies aren’t going to be supported… for example, if you bought your Flint v2 in Asia from, say, Alibaba, you wouldn’t have any VPN options. I wish I was kidding.
Regarding GUIs: stock OpenWrt ships with a GUI known as LuCI. It’s already on your Flint v2 (GL GUI → System → Advanced Settings; same password as GL GUI, username root ). It really is more advanced… but you’ll still have problems from the GL customizations regardless (eg: iptables firewall/routing modifications).
Can you access Youtube without interference/restrictions in Iran? I’ll explain why I ask if you can.
2 Likes
thanks for ur answer.
No we dont have access to youtube, whats app, telegram, instagram, facebok, twitter… u name it; even google play! is filtered and we need VPN to access pretty much everything and every app and site!
sorry i dont know much about LuCi. I would also need some help to flash to Vanilla OPENWRT. if you or anyone here would be kind to guild me please.
Thanks
Edit" BTW i bought mine from Amazon US. and a family member brought it here for me. so explains why i have vpn option on mine still
Until we hear back from @solidus1983 if he has a stock build for the Flint v2 (GL-MT6000), I would prefer to not recommend flashing the ‘snapshot’ build that OpenWrt, the organisation, has for the GL-MT6000. Snapshots are really, really new attempts at building firmware for devices. To say they’re not even ‘beta’ quality is an understatement. They are developer attempts. You will have problems.
I’d prefer to hear what @solidus1983 has to say. He’s quite intimate with the inner working of the Slate Plus, Slate AX, Flint v1 if not the Flint v2.
Actually installing stock OpenWrt on a GL device is pretty easy; instructions are on the device page by OpenWrt. They refer to U-boot; U-boot usage is explained in the GL Documentation for Debricking.
What I would do is make a backup of your Flint v2’s current state as it stands before proceeding in any direction. Installing the OWRT snapshot requires some foundation skills but it’s not rocket science. If you can handle this HOW-TO, you’ll be far more able than most to flash vanilla/stock:
(The thing about all this is that you would have this exact same trouble if you got the ExpressVPN version so don’t feel bad; the Flint v2 will serve you better in the long run. You just jumped into ‘the deep end’ a little too early. It’s still better than being late. 
)
1 Like
Snapshots are ok to me, using them for my builds which is what my main network runs 100% of the time.
Doesn’t PBR-Iptables work? As my builds still use FW3, if the nftable version is required you are going to need to use openwrt’s builds and use the firmware selector tool to include what you need.
2 Likes
Tbh, I don’t know. The tutorial installs v2ray which requires some modules to be installed as well. Since I don’t know the modules, I am not aware if they are fully compatible with the GL firmware. Maybe it’s just easy, and you can follow it without taking additional care?
<snip>
# Check your firewall implementation
# Install the following packages for the nftables-based firewall4 (command -v fw4)
# Generally speaking, install them on OpenWrt 22.03 and later
opkg install kmod-nft-tproxy
# Install the following packages for the iptables-based firewall3 (command -v fw3)
# Generally speaking, install them on OpenWrt 21.02 and earlier
opkg install iptables-mod-conntrack-extra \
iptables-mod-extra \
iptables-mod-filter \
iptables-mod-tproxy \
kmod-ipt-nat6
</snip>
1 Like
Thanks for responding; if you’re OK w/ snapshots, then.
I seem to recall PBR’s docs state nft is highly recommended if not a dependency for it. Give the Iranian regime situation I’m tending to lean on it if it will help ensure no leaks. On second thought it may not even be necessary if all traffic is to route over v2RayA anyways. OP can speak to that, of course.
Oh, look! It looks like U-boot isn’t even needed to flash stock OWRT for the Flint v2. They have a LuCI compatible Sysupgrade image:
LuCI → System → Backup / Flash Firmware → Flash new firmware image → [ Flash image … ]
Wait 5 minutes or so for it to complete the process. The router’s default IP will become 192.168.1.1 instead of GL’s 192.168.8.1. Disconnect & reconnect your computer so it gets an updated LAN IP. You’ll then have to log into the Flint v2 via SSH & execute
opkg update; opkg install \
luci \
luci-ssl \
uhttpd \
liblua \
libubus \
libubus-lua \
libuci-lua \
lua \
luci-base \
luci-lib-ip \
luci-lib-jsonc \
luci-lib-nixio \
luci-mod-admin-full \
luci-theme-bootstrap \
rpcd \
luci-app-firewall \
luci-app-opkg \
luci-proto-ipv6 \
luci-proto-ppp \
&& /etc/init.d/uhttpd enable; /etc/init.d/uhttpd start
🢁 Paste that as one full line. That should install the LuCI GUI on your new, stock OWRT 23.05, at https://192.168.1.1 . root is still the default login.
1 Like