ER7206 V.1 1.2.3 Beta Firmware (Bugs, VPN Feature Upgrades and Requests)

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

ER7206 V.1 1.2.3 Beta Firmware (Bugs, VPN Feature Upgrades and Requests)

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
ER7206 V.1 1.2.3 Beta Firmware (Bugs, VPN Feature Upgrades and Requests)
ER7206 V.1 1.2.3 Beta Firmware (Bugs, VPN Feature Upgrades and Requests)
2023-03-04 09:28:35 - last edited 2023-03-07 07:29:30
Model: ER7206 (TL-ER7206)  
Hardware Version: V1
Firmware Version:

Wireguard is the most exciting feature in the router now. Fixing of bugs is always welcome. Firmware works fine for the most part. Thank you very much. There is little to no reply coming for any support query raised for ER7206. We have to figure things out ourselves.


Issues with router firmware with Wireguard:

Infinite Internal Loop - Permanent Disconnection
If one accidentally adds 0.0.0.0 as Allowed Address in Peer, the entire internet access will try to go through this peer and not use WANs which it needs for internet.
There should be error checking or catch for this or not allowed.

Router will disconnect from internet on this infinite internal loop. For SDN controlled routers, this may not allow any control from outside the router or router based login as obviously post-adoption this feature is disabled by default. This may require a hard reset and re-uploading settings in the router.
Please fix the bug. One reset is enough.

 

DNS Entries for Connections - MultiWAN and Wireguard, LAN, VPN Connections
For MultiWAN routers adding DNS should not be limited to two entries. On Computers all Ethernet and virtual connections apart from network settings *allow* an array or index of DNS by a "string" input (e.g. using in Windows OS Powershell or CMD for netsh or Set-DnsClientServerAddress commands). Some DNS also have IPv6 entries. We can do it outside the router on any machine-based Wireguard and OpenVPN server. Once Wireguard server is inside router, it is only bound to connection defaults i.e. DNS of the WAN connection through which handshake was done.
In OpenVPN the user configuration files can allow routing at the user-level but in Wireguard client side configuration does not resolve in router's Wireguard server.

Being limited to two entries while real-world/external examples Wireguard supports an array means many DNS entries of other connections would not resolve.
1) Convert DNS input to as a string (comma separated array) input for all connection definition LAN, VPN, Wireguard, OpenVPN, L2TP, PPTP.

 

DNS Caching

DNS Caching should cache which connection+DNS allowed an *intranet* based name/IP resolution and store working routes in its table. Configuring IP to WAN based routing rules is a head-ache. ISP support are not well-versed or supportive in MultiWAN /Multi-ISP DNS as each intranet individual server name, route has to be investigated. It took me two months to set things together inspecting every IP address and tracert-ing routes.

 

Split Tunneling

Allow option for split tunneling so that only intranet based data goes through VPNs if enabled. It is easy to put all load on VPN router in user configuration files editing Allowed IPs.


Server Configuration File / Peer Configuration File
Allow downloading and uploading of Server and Collective or individual Peer configurations. Having the ability to turn off one peer individually is a super convenience. Having the ability to upload configurations would be an appreciated feature. It would also allow existing setups to be moved on router or replicated using a different listening port as a backup if machine based Wireguard server fails.

 

Wireguard Outbound VPN Load Balancing

Wireguard Server on external machines with ICS over LAN with Load balancing on router enabled requires handshake with one port and allows outbound data to be transferred through any WAN connection as available. Incoming socket is fixed, outgoing socket is free to choose or load balanced. This is its super power for streaming content using the VPN. Wireguard on router is connection- or domain- specific as identified in the DNS entries it uses. There is no load balanced outbound encrypted traffic from router's server.

Why is it needed?

Some WAN connections have Upload speed limits and this would allow taking advantage of MultiWAN setup to the fullest. Now inward/outward traffic flows through same socket although it is not limiting in Wireguard like other VPNs.

 

Spelling/Typo mistakes

The context help has a few mistakes in spelling.
 

 

  0      
  0      
#1
Options
9 Reply
Re:ER7206 V.1 1.2.3 Beta Firmware (Bugs, VPN Feature Upgrades and Requests)
2023-03-08 03:37:48

Hello @ZeeshanZaki 

 

Thank you for your valuable feedback!

 

Issues with router firmware with Wireguard:

Infinite Internal Loop - Permanent Disconnection
If one accidentally adds 0.0.0.0 as Allowed Address in Peer, the entire internet access will try to go through this peer and not use WANs which it needs for internet.
There should be error checking or catch for this or not allowed.

Router will disconnect from internet on this infinite internal loop. For SDN controlled routers, this may not allow any control from outside the router or router based login as obviously post-adoption this feature is disabled by default. This may require a hard reset and re-uploading settings in the router.
Please fix the bug. One reset is enough.

 

The issue has been reported to our support engineer for further investigation. Once it's confirmed to be an issue, the R&D team will fix it in the official release.

 

Spelling/Typo mistakes

The context help has a few mistakes in spelling.

 

Regarding the spelling mistakes, could you please kindly point out the specific part for checking?

>> Omada EAP Firmware Trial Available Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#2
Options
Re:ER7206 V.1 1.2.3 Beta Firmware (Bugs, VPN Feature Upgrades and Requests)
2023-03-26 04:38:23 - last edited 2023-03-26 04:40:34

Sure. I am happy to help.

 

VPN> L2TP> L2TP Server > Context Help or ? Topic: Local Network Type: Sentence ends "... Custum IP" Should be Custom IP
 

PPTP Connection VPN> PPTP > PPTP Server > Context Help Topic: Local Network Type: Sentence ends "... Custum IP" Should be Custom IP

 

VPN > GRE > Context Help One topic is spelled "Remote Gatway". Please correct.
Under topic "Remote GRE IP" and Local GRE IP Sentence reads "... nor should it be in Local Subent or Remote Subnet." Subnet is misspelled as "Subent"

VPN> IPSec > IPSec Policy > Context Help One topic is spelled "Remote Gatway". Please correct.

Authentication > Authentication Settings > Web Authentication > Context Help Under topic "Authentication Type" sentence reads "If you on’t have ..." Also formal communication does not normally use contractions.

Services > Dynamic DNS > Context Help (under all dynamic dns tabs)
Under all Dynamic DNS tabs a topic is misspelled as "Paramaters" Services >

UPnP > Context Help A topic is misspelled as "Paramaters"

  0  
  0  
#3
Options
Re:ER7206 V.1 1.2.3 Beta Firmware (Bugs, VPN Feature Upgrades and Requests)
2023-03-26 05:19:38 - last edited 2023-03-26 05:21:34

This is a recent issue. At lean idle times (several minutes after fresh reboot with no user connected activity in wee hours), both processors started cycling or remained in high use. I was unable to connect to a streaming server since yesterday. After reboot streaming works for a few second and the processors starts cycling erratically as in some internal process. Baseline processor activity has remained well below 20% before yesterday.

 

 

 

  0  
  0  
#4
Options
Re:ER7206 V.1 1.2.3 Beta Firmware (Bugs, VPN Feature Upgrades and Requests)
2023-03-26 05:43:33

Reverting firmware to stable one of 04 Nov 2022 (1.2.3 Build 20221104 Rel.41500) has eased out processor excessive utilization. Somehow, the watermark has not changed. This may create issues for beta testers on subsequent release installation.

  0  
  0  
#5
Options
Re:ER7206 V.1 1.2.3 Beta Firmware (Bugs, VPN Feature Upgrades and Requests)
2023-03-26 07:12:29

I have been busy for the past 4 hours finding the issue. On a PPPOE connection, the dynamic IP of the secondary connection to server is not renewing. This is causing the router to go in this cycle. The earlier peaks and the trough in this processor performance output is when the router gives up after multiple attempts and processor utilization falls to baseline. Second set of peaks is when of the connection is set to renew. Please fix this issue.

  0  
  0  
#6
Options
Re:ER7206 V.1 1.2.3 Beta Firmware (Bugs, VPN Feature Upgrades and Requests)
2023-03-27 05:53:00

  @ZeeshanZaki 

 

Watermark will not be shown in stable versions if you delete your browser cache and/or use a new In-Private window in your browser.

I came across this stupid watermark so many times and browser cache/ In-Private window always helped.

  1  
  1  
#7
Options
Re:ER7206 V.1 1.2.3 Beta Firmware (Bugs, VPN Feature Upgrades and Requests)
2023-03-27 07:11:37

  @Hoamboy 

Thank you.I reinstalled stable older firmware a few times so the cache was updated automatically and the watermark background is not persistent. Nice to know. I will wait for the next official stable release in the next few days.

  0  
  0  
#8
Options
Re:ER7206 V.1 1.2.3 Beta Firmware (Bugs, VPN Feature Upgrades and Requests)
2023-03-27 08:49:01

Hello @ZeeshanZaki 

 

Thank you for your detailed feedback on the spelling/typo mistakes in context help. I've forwarded to the R&D team for correction.

 

Regarding the new issue you recently noticed, did you configure any new settings like mDNS service in your network before the issue started to happen?

>> Omada EAP Firmware Trial Available Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#9
Options
Re:ER7206 V.1 1.2.3 Beta Firmware (Bugs, VPN Feature Upgrades and Requests)
2023-03-29 02:31:46

  @Fae

No. I have not added any new configuration recently. In early March, I tested newly added features and their response times and benefits like OSPF and others as I have the luxury of using this router in a private setup and I could roll back settings or even firmware if a setting backfired. In the past fortnight, no configuration was tested or modified.

I believe that the asynchronous batch probing of video streams resulted in server initiating a temporary access block on the secondary connection IP address as a precaution on perhaps the multiple sessions involved.

I talked to ISP in remote assistance and supervision and they identified that on disconnect and reconnect to the server the secondary IP was not refreshed. They removed the IP from assignment list, which enabled the renewed secondary connection first time this issue happened. They identified that the router might have an issue and were not willing to support if they had to manually remove IPs from assignment list as a solution. I am following up with the ISP representative in the area to preempt another issue surfacing.

I rolled back firmware to stable release of Nov-2022 paired with factory resets 3 times and manually entered settings one at a time. The dynamic IP assignment to the secondary connection in factory reset and firmware rollbacks somehow always assigned the same IP again and again. This was odd. This did not happen in the previous firmware before beta testing. I had two connections form the same ISP and a third from another and they were working smoothly.  

 

Eventually, the secondary connection IP was renewed and I am running on bare-minimum configuration for now to avoid a reboot.

P.S. Thanks for the new release! I will see if it resolves the issue.

  0  
  0  
#10
Options