The GL.iNet GL-AR150 (POE) router

More than once, a device rushed through my timeline that advertised itself through its minimal dimensions, its price and its OpenWrt capability: the GL.iNet AR-150. I now finally got around to have a use case, so I ordered one and had a closer look.

The GL-AR150 comes in a really tiny, white plastic case. I didn’t measure the dimensions myself but the specified 5.8 x 5.8 x 2.5 cm and the weight of 40 gramms are quite realistic. It’s so tiny and lightweight that you can easily let it hang attached to an Ethernet cable without risk of damage. Note that if you see a black variant, that’s a different, more powerful model, the GL-AR300M (see GL.iNET’s router offering). Likewise, a yellow variant exists, the GL-MT300N-V2, based on a completely different chipset.

The GL-AR150 is available in one of four variants:

  • GL-AR150: internal antenna, no PoE support
  • GL-AR150 (POE): Internal antenna, PoE support
  • GL-AR150-Ext-2: External 2 dBi antenna, no PoE support
  • GL-AR150-Ext-2 (POE): External 2 dbi antenna, PoE support

The model I got is the GL-AR150 (POE):

GL-AR150 with USB port and buttons
GL-AR150 with Ethernet and Micro USB power supply port

As you can see, there is a connector for a micro USB power supply, although there is none in the box, so you’ll have to provide one yourself. However, the variant I got is the PoE version, that is, it can be powered over either Micro USB or Ethernet. And this is to be interpreted as an XOR, because, as the documentation puts it, your router will otherwise “burn immediately”:

A vivid warning in the GL-AR150 manual

BURN, Baby, BUUUURN! As in nuclear fire! Or, well, maybe it will just die, without any special visual effects…

Anyway, take note though that PoE will work on the WAN port only, which was perhaps not GL.iNet’s wisest choice if you really intend on using the device as a router and consider attaching a DSL or cable modem. As a workaround you could of course split off two ports on your PoE-capable switch into a separate VLAN.

At this price tag (€32 on Amazon) and given the rather economic power budget we can not seriously expect Gigabit (1000M) Ethernet ports, so 10/100 MBit will have to do. So not the first choice for your 1 GBit fibre connection, but seeing that the device is marketed as a travel router no biggie. And if, like me, you’re going to use it as a VPN server for remote access, the bandwidth is not of paramount importance anyway.

The probably biggest unique selling point for the GL.inet devices is, of course, that they ship with a OpenWrt-based firmware out of the box (although they do not use its default web interface “LuCI” but their own Web UI). Not allow does this (rightfully) wake the hope of being able to flash your own firmware, it also raises the interesting question which OpenWrt release the vendor firmware is based on, whether we can update its packages under the hood, thereby circumventing a possible discontinuation in firmware support and, of course, how ugly and useless the vendor’s web UI is, because, honestly, almost everyone does, right?

To tell you the truth, I actually formulated these questions after already having flashed the little thingy with OpenWrt, so I can’t answer the first two. But I did take some screenshots of the web UI right after unpacking, so shall we have a look?

GL-AR150 Web UI: Language selection
GL-AR150 Web UI: Timezone selection
GL-AR150 Web UI: Timezone selection

The initial setup assistant shows clear signs of GL.iNet’s Hong Kong origin in that Chinese is the only other language available and Beijing is the default timezone suggested. Good that the user explicitly needs to set a password. So what about the actual Web UI?

GL-AR150: Web UI – Main
GL-AR150: Web UI – Wireless settings
GL-AR150: Web UI – Access control

Where shall I begin? The navigation bar at the top holds a somewhat unusual choice of options: there is only one icon dedicated to “Settings”, one “App repo” that appears to be inspired by the trend of NAS vendors pimping their NAS with additional “apps” and five icons dedicated to specific applications or services, “Video” (with a Web cam icon), “Cloud”, “Share” (with a strange trident icon of which I’m not sure if it reminds me rather of a gearshift or the obscure glyphs in Zac McKracken), “UPnP server” and “OpenVPN”. Let’s look at some of them in detail.

The “Settings” tab can’t decide on the role of the small bar to the left and the large area to the right: at first sight, the area to the left is used for the most important settings and the area to the right shows some links for “quick setup”.

If we click the “Wireless” icon, the wireless settings do not appear in the right area as one would expect, instead a popover opens titled “Main (2G)” — whatever that means. Different wireless settings if an LTE stick gets plugged in? Who knows.

The “mode” dropdown is confusing because it suggests that choosing a standards mode such as “11ng” (meaning the combination of IEEE 802.11n and IEEE 802.11g) automatically sets a bitrate, in this case “72M”, although it is a purely theoretical value and as such of little meaning to the user. Also confusing since the device promises a maximum transmission rate of 150Mbit but I didn’t check whether the dropdown alternatively offered such an option. If so, it would be strange not to make it the default.

Then another failure: defaulting to “WPA/WPA2 Mixed”. WPA should be left where it belongs, buried among the dead, just like the combination of WPA2 with TKIP — WPA2-AES or GTFO. So, no, the Wireless settings don’t impress me at all.

Next I clicked on the fancy lock icon which holds “Access control” – and my jaw dropped. “WAN access” enabled by default on port 83, srsly?! And then the option “S/N needed for internet accessing” (what is meant is: require the device’s serial number to be entered if accessed from the internet) that can be turned off??? Whoever made the decision to enable this on rollout deserves a special place in hell. I wouldn’t be too surprised if the S/N can be determined remotely somehow… also what is “UPnP status of parent router” supposed to mean?

While we’re at it, if we look a bit further down, we can see that the router apparantly tries to register its current public IP address with a dynamic DNS service provided by GL.iNet, but it failed somehow. Luckily! I don’t want a stock router to be DynDNS-reachable by default, period.

Another gearshift icon that apparantly shows connected clients, but we’ll skip that now and instead proceed because I’m curious what “App repo” is about!

GL-AR150: Web UI – App repo
GL-AR150: Web UI – App repo insanity
GL-AR150: Web UI – OpenVPN manager

D’oh! So “App repo” is not some fancy vendor-run App store, it is merely a frontend to the underlying OpenWrt’s opkg! But hey, nice that novice users could use this to easily install “nano” and props for showing how full the flash already is (plenty of space, I’d say). So “list all” lists all installed packages including “base-files”. Let’s see, they surely implemented some basic safety measures to prevent the user from getting an unusable system, right? Did they? Ehrm… what?

To finish I quickly took a look at the “OpenVPN” tab, only to notice that there appeared to be no support for setting up an OpenVPN server whatsoever apart from the ability to upload .ovpn files. At this place I had seen enough from the default firmware and was another time confirmed that my preconceptions were based on prior experience. Now I did read that apparantly this is major version 2 of the Web UI and is what is provided on all smaller devices and the bigger devices such as the GL-X750 apparantly feature a probably nicer V3 firmware. Yet, for me it was time to go to stock OpenWrt!

There is not much to say about this step, it just works flawlessly and out-of-the-box. Note that OpenWrt by default uses a different IP address (192.168.1.1) than the stock firmware. I should probably write a generic blog post on OpenWrt some time, just to show what a joy it is to use and setup. And show LuCI, although I do not use it that much.

Update February 28th, 2018: GL.iNet informed me that a testing version of a V3 firmware for the GL-AR150 can be downloaded at https://dl.gl-inet.com/firmware/ar150/testing/. Note that I did not try this firmware so far.