Adding VPN Policy Rules Corrupts the VPN Client Tab

[frogresearchers]

I installed version 380.68_4 of Asuswrt-Merlin on my RT-AC68U. Most of the family does not want to learn how to use VPNs, so I want to route all the devices in the house through a default VPN connection except my PC. I'll use VPN client software on my computer.

I don't know much networking so I followed this tutorial. Link. I got the VPN installed on the router and it correctly sends all traffic to the VPN servers. From what I learned in the tutorial, I added these policy rules to the VPN tab page to exclude my PC:

But when I apply them, these instructions screw up my VPN Client tab! Look at it:

The VPN connection drops as soon add the policy rules. The sidebar and the heading have disappeared. The Client instance is not selectable and the button for turning on the VPN has also gone away.

This corruption has happened twice. The only way to fix it is to restore the device to factory state. What am I doing wrong? How can I exclude my computer from the router VPN connection so that I can use the VPN client?

 

[RMerlin]

These rules should work. Just to be safe, also add a WAN rule for the router's own IP, so it won't be routed through the VPN.

 

[frogresearchers]

How do I do that?

 

[RMerlin]

Same way you did for your PC, but with the router's IP.

 

[frogresearchers]

RMerlin, thanks for you help. I added that rule and the GUI corruption didn't happen. It looks like the router is directing traffic from all devices but mine to the VPN.

However, the VPN Status and VPN Client tabs are incredibly slow to get into. The VPN status counter and the connected message in the client tab intermittently disappear. Firmware update cannot find servers any more. I don't understand why that would happen if the router is not routing through the VPN.

How can I fix this problem?

 

[CaptainSTX]

RMerlin, thanks for you help. I added that rule and the GUI corruption didn't happen. It looks like the router is directing traffic from all devices but mine to the VPN.

However, the VPN Status and VPN Client tabs are incredibly slow to get into. The VPN status counter and the connected message in the client tab intermittently disappear. Firmware update cannot find servers any more. I don't understand why that would happen if the router is not routing through the VPN.

How can I fix this problem?

Bite the bullet and assign static IPs to all your devices and then individually policy route them to either the WAN or the VPN. It will probably take you no more than twenty minutes and your problem is solved.

 

[RMerlin]

RMerlin, thanks for you help. I added that rule and the GUI corruption didn't happen. It looks like the router is directing traffic from all devices but mine to the VPN.

However, the VPN Status and VPN Client tabs are incredibly slow to get into. The VPN status counter and the connected message in the client tab intermittently disappear. Firmware update cannot find servers any more. I don't understand why that would happen if the router is not routing through the VPN.

How can I fix this problem?

The router uses Google's STUN servers to retrieve the public IP address. If you are interefering with these connections, then it will impact performance when displaying the VPN Status page.

 

[frogresearchers]

RMerlin, thanks for you response. How can stop interfering with the STuN servers? By following CaptainSTX's suggestion?

 

[RMerlin]

RMerlin, thanks for you response. How can stop interfering with the STuN servers? By following CaptainSTX's suggestion?

No idea, as it was just a theory as to a potential cause.

 

[Cloyd]

I have this same issue, I added a policy rule to send my wife's work laptop down the WAN and corrupted the Client config screen. In my case however the corruption seems more extensive I am unable to add/remove/modify any policy rules. This is my policy rules section of the GUI:

I think I'd be back in business if I could remove the policy rule that caused the problem, implement the above solution and put the rule back but since I have no access to the policy rules GUI I'm not sure how to accomplish this.

The only thing I can think of would be to delete those rules via command line. I have some UNIX experience so I can navigate the filesystem, run commands, edit files but I have very little networking experience so this kind of thing stumps me big time.

Any help would be greatly appreciated,

BTW, I really like the Merlin OS, I have an AC66U and it works great. Thanks for putting in the effort, which must be significant in order to keep up with all of this.

C

 

[RMerlin]

The only thing I can think of would be to delete those rules via command line.

Assuming this is client 1:

nvram unset vpn_client1_clientlist
nvram commit

 

[Cloyd]

Assuming this is client 1:

nvram unset vpn_client1_clientlist
nvram commit

Thanks RMerlin for the quick reply, that string worked and I can see everything on the VPN client config. Unfortunately, I'm having the same residual issue that the OP had:

The VPN Status and VPN Client tabs are incredibly slow to get into. The VPN status counter and the connected message in the client tab intermittently disappear.

A new firmware release is out and I'd like to install it but the OP said he was having trouble with the FW install, "Firmware update cannot find servers any more". I don't think that's an actual error code but it may mean something to you.

So my first question is, will a factory reset and install of the new FW resolve this issue?

If not, might DDNS be having problems? I don't think so because nslookup is able to resolve the correct addr. You also mentioned that problems with Google's STUN servers while pulling the public IP might have something to do with this issue.

By any chance have you had time to take a look at that? If not do you plan to? If all else fails, can you point me to a resource where I might find a solution to this issue?

Once again, thanks for your help.

C

 

[Paulm]

I have the same problem slow VPN tabs with my AC87R, anything over firmware 380.67 the VPN tabs take about 30 to 45 seconds to load the other tabs no problem, any ideas? it only happens when I enable policy rules, so it has something to do with the policy rules.

Paul

 

[Paulm]

Okay since the crickets are sounding off, I solved my slow VPN tab's I use TorGuard VPN service, I changed the setting in Accept DNS Configuration from Strict to Exclusive and now the VPN tabs are fine.

Paul

 

[Cloyd]

Thanks Paul! That did fix the issue. It still seems a little slower but nothing like it was.

C