Starting OpenWRT on GL.iNet Routers for New Users
- Thread starter TanKianW
- Start date
- Joined
- Sep 16, 2018
- Messages
- 30,509
- Reaction score
- 8,443
Yes. It is still worth unless you are chasing for 5Gbps/10Gbps plan.
It should still be a good option for 500Mbps/1Gbps/2Gbps/2.5Gbps/1+1Gbps plans.
No real issues to use it for MR/VQ 3Gbps plans either in reality.
teoma
Member
- Joined
- Apr 1, 2002
- Messages
- 316
- Reaction score
- 30
Agree, I thought it was odd too, but I learnt quite a bit in the process.
For one, I thought I could delete the Tailscale packages and start from scratch. That's not possible. So the only way to resolve was to refresh the image and set up all over.
I think I'm going to do a bit more experimenting but probably will do it on a non-critical device, so have to get a spare Flint or Flint 2. Will try the OpenWRT solution you shared with that experiment. Can't risk attempting another remote solution and risk breakage when it's the last path I have.
I also did reach out to GL.iNet in the process and spoke to their support on Tailscale and Exit Nodes. It looks like GL.iNet has abandoned incorporating the Exit Node functionality in their roadmap, so users will have to figure it out on their own. Not sure why they went down this path and if it's a sign that they would not longer develop/support Tailscale in the future (considering it's Beta now).
I did some more troubleshooting seeing that on WireGuard, the client is not handshaking with the server (Flint), regardless of the ports used. Considering that DDNS works, I can ping (and get responses), and everything else seems fine, makes me think that maybe it's a firewall conflict/issue with OpenVPN and WireGuard somewhere.
teoma
Member
- Joined
- Apr 1, 2002
- Messages
- 316
- Reaction score
- 30
I use it personally and am happy with performance.
BradenHeat
Supremacy Member
- Joined
- Apr 4, 2005
- Messages
- 7,266
- Reaction score
- 1,595
@teoma sorry to make you repeat
l have not been following
Have you done a full reset , and then set up all on a non Singtel isp first ?
I’ve tried to do one in my in-laws in Hanoi but I suppose their IP is cgnat and constantly swapping , I couldn’t get my asus to do wireguard
however if I did a direct WireGuard from ax slate , within Hanoi hotel , to my m1 in the past it worked ( it’s ont, if that’s a issue )
I’m wagering a guess something on the bridge might have caused the packet or ip to not see when ONR is involved
again I’m like you just fairly well versed via trial and error
l have not been following
Have you done a full reset , and then set up all on a non Singtel isp first ?
I’ve tried to do one in my in-laws in Hanoi but I suppose their IP is cgnat and constantly swapping , I couldn’t get my asus to do wireguard
however if I did a direct WireGuard from ax slate , within Hanoi hotel , to my m1 in the past it worked ( it’s ont, if that’s a issue )
I’m wagering a guess something on the bridge might have caused the packet or ip to not see when ONR is involved
again I’m like you just fairly well versed via trial and error
teoma
Member
- Joined
- Apr 1, 2002
- Messages
- 316
- Reaction score
- 30
Not yet. I'm currently remote for an extended period, so last thing I want to do is do a full wipe of the router and set it back up remotely. It is an option I'm considering, but not critical at this time that I need to do it, so I'm holding out for now.
Considering this network is ST, it would be CGNAT, but not sure if that's changed. Interestingly, I have used my Beryl AX that was connected to a router using CGNAT in Singapore a couple of months back to a WG server in US and there was no issue. The WG server was on a network that had a dedicated (not static IP), so not sure if that helped.
That's my guess too, and not being able to hit the ONR remotely is limiting what I can see unfortunately.
BradenHeat
Supremacy Member
- Joined
- Apr 4, 2005
- Messages
- 7,266
- Reaction score
- 1,595
hmm if you're able to, have your relatives or someone setup something similar for you to test from your remote location, I can TOTALLY understand how you feel , the frustration of not getting remote VPN or just 1:1 connection back home is really at times zzzz....
if , ONT vs ONR, then can just chuck it up next ISP top move over, unfortunately, its getting harder these days
teoma
Member
- Joined
- Apr 1, 2002
- Messages
- 316
- Reaction score
- 30
The part that's really weird is that Tailscale works but WireGuard and OpenVPN doesn't.
I'm planning to set up another system here, including a Raspberry Pi, that I'm looking to ship to them and install to troubleshoot. Hopefully that can give me more insight.
TanKianW
Supremacy Member
- Joined
- Apr 21, 2005
- Messages
- 6,654
- Reaction score
- 3,292
**SHARING: Setting up and Pre-Configuring GL.iNet Travel Router for the Upcoming Overseas Vacation Season (Part 1)**
It has been a while since I upgraded the firmware of my travel router, so this time round I will take this chance to set up and re-configure the GL-iNet travel router for the upcoming year-end vacation with my family. I will be setting up 2x VPNs (Wireguard as main and Tailscale as standby), network attached storage (Samba share for storing and backing up photos) and maybe some security features like DNS filter and Adblocker (Adguard Home). Since I am using a Beryl GL-MT1300, I will be limited by the storage of the 32MB NOR flash for installing Apps/Plugins. However, to work around this limitation, I could easily use the "Mount Points" feature with the built-in TF card slot for storage expansion. Officially some of the apps/plugins/packgaes are "not by default" installed, such as the network storage (NAS) plugin which has been removed after the recent upgrade (due to limited internal storage capacity on Beryl), the same goes for Tailscale (beta), Tor router and Adguard home packages. But since the underbelly of GL-iNet router is actually "OpenWRT".......all things are possible! In fact with Beryl, the extra TF card slot and the USB 3.0 port could be put to good use with much more room for customisations. We will also install official GL.iNet packages in order to configure it from the user-friendly GUI page by GL.iNet.
Step 1: Upgrade the Router's firmware
I will upgrade my router firmware to the latest 4.X.XX (4.3.19 for my case of Beryl GL-MT1300). I chose the U-boot flash method to wipe everything and set it up from ground zero.
Step 2: Expand the router's internal storage for Apps/Plugins installation
I will access the option under the Luci interface, System -> Mount Points. Select the attached SD (TF) card as the mount point for /overlay to increase the plugin/app storage capacity. Save and reboot. Take note that the router will reset to default and the GUI access IP will reset back to 192.168.8.1. The new firmware has made this really easy to set up without the need for any CLI.
Step-by-step configuration can also be found: HERE
NOTE: Do format the SD card to the ext4 file system before using it for storage expansion. You can either format it in the router which is slow (through SSH) or format using a Linux machine which is much faster. OR do a vUSB passthrough on a hypervisor running Linux VMs.
Step 3: Install all the Required Apps/Plugins/Packages
Install all Apps/Plugins/Packages listed below. We will be downloading the native "gl-sdk4-ui-#your_app#view" packages for all the apps we are using so that we can configure it on the default user-friendly GL.iNet GUI. Some of the apps such as Adguard Home and Tailscale will require you to install their official package too. Just do a simple filter search will do.
NOTE: You will realise the "free space" on the top left-hand side of the Software page shows the storage space of your SD card if all are set up correctly in Step 2.
Step 4: Reboot and Configure the Apps/Plugins and (my) Settings
From here onwards, with the GL-iNet UI plugins and APIs installed, you could just configure all under the default router page.
1. Enable IPv6
Simply enable and select passthrough for most cases, especially for our fibre BB. The router will restart and you will receive an IPv6 address after that.
2. Setup WireGuard (main VPN):
Configuring it as a VPN client, since I will be running my pfsense as the WG server and routing all my traffic through my firewall to bypass country restrictions. Key in all the essential information for your tunnel and peers like what you normally do, Eg. public keys, private keys, UDP ports, registered domain name if you have one (instead if IP address), etc. Choose "Item mode"
For ease of enabling and disabling WG VPN, suggest setting up the side toggle button
3. Setup Tailscale (Standby VPN):
This is easy on the GL.iNet router GUI. Under Applications -> Tailscale options, toggle to enable Tailscale, suggest leaving the other two options uncheck unless you need it. Then follow the on-screen prompt to bind the router to tailscale. You will be asked to log into your existing tailscale account or just create one. I will be running my pfsense firewall as the "exit node" so all traffic will pass through it when I log onto tailscale.
You will also see that your router (OpenWRT) was connected to the tailscale admin page.
NOTE: If you are leaning more towards Zerotier, it is also supported by GL-iNet router which could be easily configured under the applications section. Just install the official ZT packages and the official "gl" packages.
4. Install and Configure AdGuard Home
This can be easily done by just toggling to enable AdGuard Home. For more settings, you could do it in the Settings page.
It has been a while since I upgraded the firmware of my travel router, so this time round I will take this chance to set up and re-configure the GL-iNet travel router for the upcoming year-end vacation with my family. I will be setting up 2x VPNs (Wireguard as main and Tailscale as standby), network attached storage (Samba share for storing and backing up photos) and maybe some security features like DNS filter and Adblocker (Adguard Home). Since I am using a Beryl GL-MT1300, I will be limited by the storage of the 32MB NOR flash for installing Apps/Plugins. However, to work around this limitation, I could easily use the "Mount Points" feature with the built-in TF card slot for storage expansion. Officially some of the apps/plugins/packgaes are "not by default" installed, such as the network storage (NAS) plugin which has been removed after the recent upgrade (due to limited internal storage capacity on Beryl), the same goes for Tailscale (beta), Tor router and Adguard home packages. But since the underbelly of GL-iNet router is actually "OpenWRT".......all things are possible! In fact with Beryl, the extra TF card slot and the USB 3.0 port could be put to good use with much more room for customisations. We will also install official GL.iNet packages in order to configure it from the user-friendly GUI page by GL.iNet.
Step 1: Upgrade the Router's firmware
I will upgrade my router firmware to the latest 4.X.XX (4.3.19 for my case of Beryl GL-MT1300). I chose the U-boot flash method to wipe everything and set it up from ground zero.
Step 2: Expand the router's internal storage for Apps/Plugins installation
I will access the option under the Luci interface, System -> Mount Points. Select the attached SD (TF) card as the mount point for /overlay to increase the plugin/app storage capacity. Save and reboot. Take note that the router will reset to default and the GUI access IP will reset back to 192.168.8.1. The new firmware has made this really easy to set up without the need for any CLI.
Step-by-step configuration can also be found: HERE
NOTE: Do format the SD card to the ext4 file system before using it for storage expansion. You can either format it in the router which is slow (through SSH) or format using a Linux machine which is much faster. OR do a vUSB passthrough on a hypervisor running Linux VMs.
Step 3: Install all the Required Apps/Plugins/Packages
Install all Apps/Plugins/Packages listed below. We will be downloading the native "gl-sdk4-ui-#your_app#view" packages for all the apps we are using so that we can configure it on the default user-friendly GL.iNet GUI. Some of the apps such as Adguard Home and Tailscale will require you to install their official package too. Just do a simple filter search will do.
NOTE: You will realise the "free space" on the top left-hand side of the Software page shows the storage space of your SD card if all are set up correctly in Step 2.
Step 4: Reboot and Configure the Apps/Plugins and (my) Settings
From here onwards, with the GL-iNet UI plugins and APIs installed, you could just configure all under the default router page.
1. Enable IPv6
Simply enable and select passthrough for most cases, especially for our fibre BB. The router will restart and you will receive an IPv6 address after that.
2. Setup WireGuard (main VPN):
Configuring it as a VPN client, since I will be running my pfsense as the WG server and routing all my traffic through my firewall to bypass country restrictions. Key in all the essential information for your tunnel and peers like what you normally do, Eg. public keys, private keys, UDP ports, registered domain name if you have one (instead if IP address), etc. Choose "Item mode"
For ease of enabling and disabling WG VPN, suggest setting up the side toggle button
3. Setup Tailscale (Standby VPN):
This is easy on the GL.iNet router GUI. Under Applications -> Tailscale options, toggle to enable Tailscale, suggest leaving the other two options uncheck unless you need it. Then follow the on-screen prompt to bind the router to tailscale. You will be asked to log into your existing tailscale account or just create one. I will be running my pfsense firewall as the "exit node" so all traffic will pass through it when I log onto tailscale.
You will also see that your router (OpenWRT) was connected to the tailscale admin page.
NOTE: If you are leaning more towards Zerotier, it is also supported by GL-iNet router which could be easily configured under the applications section. Just install the official ZT packages and the official "gl" packages.
4. Install and Configure AdGuard Home
This can be easily done by just toggling to enable AdGuard Home. For more settings, you could do it in the Settings page.
NOTE: You should bind your router to Tailscale before enabling AdGuard Home, just in case the DNS was blocked. And once AdGuard Home is enabled, the router must use the DNS server provided by AdGuard Home, you can't customize DNS servers under the DNS settings.
Last edited:
TanKianW
Supremacy Member
- Joined
- Apr 21, 2005
- Messages
- 6,654
- Reaction score
- 3,292
**SHARING: Setting up and Pre-Configuring GL.iNet Travel Router for the Upcoming Overseas Vacation Season (Part 2)**
Connecting a portable SSD for backing up photos on-the-move over the USB 3.0 port
5. Install network-attached (nas) packages
Install all the "nas" packages listed below from the Luci interface (preferred) with the "gl" start heading packages.
This is where you will be able to configure the network storage on the GL.iNet WebGUI, create samba share and access through the network when connected to the router on the move.
The GL.iNet router app has also made it very easy and intuitive to back up your photos when you are travelling on vacation or on the move. You can also easily create a folder and enable Samba to share it with your family members who are connected to the travel router.
6. Install ClamAV and fresh-clam
This is for virus scanning on connected disks and file systems (attached storage). Install the packages shown below and leave all as default. Since this is not present in the GL.iNet GUI, you can only configure it on the Luci GUI side. Install "fresh clam" to update the virus definitions.
7. (Optional) Install the Tor router
if you need the "Anonymity", installing the Tor router plugins may be what you are looking for. Install the software packages below and use the GL.iNet GUI to do the configuration.
8. Other Misc Settings
Enable IGMP Snooping v3. Followed by Enable HW acceleration on the GL-iNet GUI without going the CLI route
Set the Multi-WAN failover/load-balance. Useful when you connect to the hotel wired, wireless and mobile tether at the same time.
Connecting a portable SSD for backing up photos on-the-move over the USB 3.0 port
5. Install network-attached (nas) packages
Install all the "nas" packages listed below from the Luci interface (preferred) with the "gl" start heading packages.
This is where you will be able to configure the network storage on the GL.iNet WebGUI, create samba share and access through the network when connected to the router on the move.
The GL.iNet router app has also made it very easy and intuitive to back up your photos when you are travelling on vacation or on the move. You can also easily create a folder and enable Samba to share it with your family members who are connected to the travel router.
6. Install ClamAV and fresh-clam
This is for virus scanning on connected disks and file systems (attached storage). Install the packages shown below and leave all as default. Since this is not present in the GL.iNet GUI, you can only configure it on the Luci GUI side. Install "fresh clam" to update the virus definitions.
7. (Optional) Install the Tor router
if you need the "Anonymity", installing the Tor router plugins may be what you are looking for. Install the software packages below and use the GL.iNet GUI to do the configuration.
8. Other Misc Settings
Enable IGMP Snooping v3. Followed by Enable HW acceleration on the GL-iNet GUI without going the CLI route
Set the Multi-WAN failover/load-balance. Useful when you connect to the hotel wired, wireless and mobile tether at the same time.
Last edited:
TanKianW
Supremacy Member
- Joined
- Apr 21, 2005
- Messages
- 6,654
- Reaction score
- 3,292
**SHARING: Network Throughput performance of the GL-iNet Travel Router**
Some asked me about the throughput of the GL-iNet routers. Since I am only using the Beryl GL-MT1300 (a 3+ years model) below are the speed tests with the latest firmware for reference. I will say it is more than sufficient for my family (during travel) to watch media content stream from the PLEX server back home (in Singapore) over WireGuard and surf the internet without any country restrictions. It should also be enough for a 1G internet fibre line if you using it for home use. The latest model will surely be much more powerful. For home use, I will just go with a Flint 2 for GL-iNet routers.
Without WireGuard VPN:
With WireGuard VPN:
Some asked me about the throughput of the GL-iNet routers. Since I am only using the Beryl GL-MT1300 (a 3+ years model) below are the speed tests with the latest firmware for reference. I will say it is more than sufficient for my family (during travel) to watch media content stream from the PLEX server back home (in Singapore) over WireGuard and surf the internet without any country restrictions. It should also be enough for a 1G internet fibre line if you using it for home use. The latest model will surely be much more powerful. For home use, I will just go with a Flint 2 for GL-iNet routers.
Without WireGuard VPN:
With WireGuard VPN:
BradenHeat
Supremacy Member
- Joined
- Apr 4, 2005
- Messages
- 7,266
- Reaction score
- 1,595
Went back Hanoi, with Wifu, every hotel we went, had to do a full room clean up and the first thing was the removal and actual physical wiping of the dusty and dirty routers
paired with Firewalla for extra adblockiing and other optimization, but alas, butt-itchy and try to factory rest the Firewalla on 5th day.....
anways, its a good combo for any of the folks looking to secure, vpn, remote back and most importantly have great wifi connection.
no, seriously.... without ax1800, my huge chunks of video from iPhone and action camera, would have caused the TP-Link router to hang a few times
P.s seems like Gl-Inet has not come up with a updated wifi 6e/ 7 travel router yet..... was really tempted to try the Unifi Express for the next trip back....
paired with Firewalla for extra adblockiing and other optimization, but alas, butt-itchy and try to factory rest the Firewalla on 5th day.....
anways, its a good combo for any of the folks looking to secure, vpn, remote back and most importantly have great wifi connection.
no, seriously.... without ax1800, my huge chunks of video from iPhone and action camera, would have caused the TP-Link router to hang a few times
P.s seems like Gl-Inet has not come up with a updated wifi 6e/ 7 travel router yet..... was really tempted to try the Unifi Express for the next trip back....
TanKianW
Supremacy Member
- Joined
- Apr 21, 2005
- Messages
- 6,654
- Reaction score
- 3,292
Went back Hanoi, with Wifu, every hotel we went, had to do a full room clean up and the first thing was the removal and actual physical wiping of the dusty and dirty routers
paired with Firewalla for extra adblockiing and other optimization, but alas, butt-itchy and try to factory rest the Firewalla on 5th day.....
anways, its a good combo for any of the folks looking to secure, vpn, remote back and most importantly have great wifi connection.
no, seriously.... without ax1800, my huge chunks of video from iPhone and action camera, would have caused the TP-Link router to hang a few times
P.s seems like Gl-Inet has not come up with a updated wifi 6e/ 7 travel router yet..... was really tempted to try the Unifi Express for the next trip back....
You can give the "Travel NAS" idea a shot.
https://forums.hardwarezone.com.sg/...-for-new-users.6480129/page-28#post-154301491
BradenHeat
Supremacy Member
- Joined
- Apr 4, 2005
- Messages
- 7,266
- Reaction score
- 1,595
You can give the "Travel NAS" idea a shot.
https://forums.hardwarezone.com.sg/...-for-new-users.6480129/page-28#post-154301491
already got nagged to death for bringing the 2 items, if i added a NAS, HGGG.COM.SG.VN
truthfully, one of the reasons why ive opted and chose icloud+, just need a good router, if the hotel is atas is ubiquity then not so bad, but if its these kind of crap tp-link, ayyyoooooooooo
die la....... i in royal throne doing 'business' also got no signal, not even 5m away from the room's default router....
BradenHeat
Supremacy Member
- Joined
- Apr 4, 2005
- Messages
- 7,266
- Reaction score
- 1,595
Something ive just aquired,
main thing, it works both as AP and travel router LOL
Setup as AP, with main UCG ultra, then tested it.
as a [ ap ] it works just fine but you dont get to configure much...
main thing, it works both as AP and travel router LOL
Setup as AP, with main UCG ultra, then tested it.
as a [ ap ] it works just fine but you dont get to configure much...
BradenHeat
Supremacy Member
- Joined
- Apr 4, 2005
- Messages
- 7,266
- Reaction score
- 1,595
Just to add [ copied from the Ubiquity thread ]
theres 2 ways you can use this, as travel router or as travel AP
- setting up as AP, meaning copying your existing network automatically from your unifi systems, is a breeze... zero issues and ready to use.
As you can see, it can be powered by a power bank and it does wirelessly and seamless connect back [ tested at home ]
** does have its down sides of signal loss and what not **
- setting up as stand alone router, which is usual stuff
However, BOTH methods will function, as [ wireless spot ] , provided you have another router that can act as controller / dns/ DHCP etc
in my case the Firewalla purple.
for those who already have a ubiquity system, simply get another compact size router JUST to do dhcp and acting as router, is suffice to make this Express working, as a [ Travel router ]
For my case, Firewalla Purple can tap on wireless connection say hotels or offices .... then using the LAN cable and hook up.
any Gl-iNet rep take notes : compact, wifi 7 is a must.... people ARE willing to pay if you give the products [ slate ax will be used later on for my inlaws ]
theres 2 ways you can use this, as travel router or as travel AP
- setting up as AP, meaning copying your existing network automatically from your unifi systems, is a breeze... zero issues and ready to use.
As you can see, it can be powered by a power bank and it does wirelessly and seamless connect back [ tested at home ]
** does have its down sides of signal loss and what not **
- setting up as stand alone router, which is usual stuff
However, BOTH methods will function, as [ wireless spot ] , provided you have another router that can act as controller / dns/ DHCP etc
in my case the Firewalla purple.
for those who already have a ubiquity system, simply get another compact size router JUST to do dhcp and acting as router, is suffice to make this Express working, as a [ Travel router ]
For my case, Firewalla Purple can tap on wireless connection say hotels or offices .... then using the LAN cable and hook up.
any Gl-iNet rep take notes : compact, wifi 7 is a must.... people ARE willing to pay if you give the products [ slate ax will be used later on for my inlaws ]
BradenHeat
Supremacy Member
- Joined
- Apr 4, 2005
- Messages
- 7,266
- Reaction score
- 1,595
Just for fun :
is how compact the combo travel router is.... vs one slate AX. Though the Gl-Inet is definitely all rounder with inbuild adblock etc.... the problem is the age of the wifi standard and the "cheap"set / SoC / lack of to usher in the next gen ....
is how compact the combo travel router is.... vs one slate AX. Though the Gl-Inet is definitely all rounder with inbuild adblock etc.... the problem is the age of the wifi standard and the "cheap"set / SoC / lack of to usher in the next gen ....
TanKianW
Supremacy Member
- Joined
- Apr 21, 2005
- Messages
- 6,654
- Reaction score
- 3,292
**A Sneak Peek At the Upcoming New Wifi 7 Routers from GL-inet**
Flint 3 (Home Router Series):
https://www.gl-inet.com/products/gl-be9300/
Slate 7 (Travel Router Series):
https://www.gl-inet.com/products/gl-be3600/
Flint 3 (Home Router Series):
https://www.gl-inet.com/products/gl-be9300/
Slate 7 (Travel Router Series):
https://www.gl-inet.com/products/gl-be3600/
Important Forum Advisory Note
This forum is moderated by volunteer moderators who will react only to members' feedback on posts. Moderators are not employees or representatives of HWZ. Forum members and moderators are responsible for their own posts.
Please refer to our Community Guidelines and Standards, Terms of Service and Member T&Cs for more information.
Please refer to our Community Guidelines and Standards, Terms of Service and Member T&Cs for more information.
