Asuswrt-Merlin firmware inconsistency - VPN client - 'Policy Rules' setting (Asus RT-AX88u)

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Dex10

Occasional Visitor
For several days I have been trying to set up the VPN Client configuration, with the rules policy, in the Merlin firmware. I came to the conclusion that the firmware has no ability to operate 'policy rules'.

It is even possible to make an initial configuration, as below:

1604852810150.png


However, when applying the configuration, the system returns with the screen unconfigured, according to the following:

1604852915725.png


After a few attempts, it is even possible to apply the configuration so that the device list is organized, as shown in the first 'print'.

But, if you need to change any device so that it stops passing through the VPN and passes only through the WAN, when applying the configuration, then again, the list will be all unconfigured, as shown in the second 'print' and, worse, when the list is unconfigured none of the devices go through the VPN, even though this appears connected (on).

I only purchased AX88u for use with Merlin, specifically to access VPN policy rules. So far total disappointment :mad:.
 

RMerlin

Asuswrt-Merlin dev
That kind of corruption generally indicates your browser is messing with the webpage's DOM. Reset that VPN to its default settings, and disable any browser addon that may interfere with the page's content.
 

Dex10

Occasional Visitor
That kind of corruption generally indicates your browser is messing with the webpage's DOM. Reset that VPN to its default settings, and disable any browser addon that may interfere with the page's content.

Strange a complement to navigate manipulating the settings of the firmaware, but, I believe that it is not that, therefore, I tried the configuration through two browsers and in both had the same result.

Anyway, I'm going to uninstall a browser and reinstall it from scratch, with no complement whatsoever, and post the result.
 

john9527

Part of the Furniture
@Dex10
Just a guess, but in your first screen shot you blanked one of the Descriptions. Make sure that you are not using any special characters there....only alpha-numerics, dash and underscore.
Also not sure what having two items with the same description (VR) might do. Might try making them different.
 

Dex10

Occasional Visitor
@Dex10
Just a guess, but in your first screen shot you blanked one of the Descriptions. Make sure that you are not using any special characters there....only alpha-numerics, dash and underscore.
Also not sure what having two items with the same description (VR) might do. Might try making them different.

Hello John!

The two (VR) have different IP's and MAC's also, of course :D, are devices of the same person with the initials VR.

I managed to solve the problem. As the RMerlin master suggested, it was the browser!
 

Dex10

Occasional Visitor
That kind of corruption generally indicates your browser is messing with the webpage's DOM. Reset that VPN to its default settings, and disable any browser addon that may interfere with the page's content.

In fact, great RMerlin, the problem was being caused by the browser. I uninstalled it and installed it again, reset to zero, so I managed to make all the settings regarding the VPN Client, with policy rules and everything.

Thank you.

* to think that I spent the whole weekend 'breaking my head'! :rolleyes:
 

Dex10

Occasional Visitor
For registration purposes, I am using ExpressVPN (server in my own country, that is, the closest one). From a 400Mbps bandwidth provided by my ISP, with the VPN active I am getting average speeds of 180 Mbps with the 'AES 256 CBC' encryption, which I think is an excellent speed, considering that the antivirus is also active on the router!

* In this case, on my AX88u.
 

siena

Occasional Visitor
When using RT-AC87U with openvpn and IPv6 enabled, it leaks DNS if there are connections outside the tunnel, but not if all connections are inside the tunnel. Will this be the same with RT-AX88U? I find that VPN is much faster and reliable if IPv6 is enabled, as we are being throttled to death on all ports and protocols, but I need to have some devices outside the tunnel.
 

RMerlin

Asuswrt-Merlin dev
find that VPN is much faster and reliable if IPv6 is enabled

That's because you are NOT using the VPN then. The tunnel only routes IPv4 traffic.
 

siena

Occasional Visitor
My VPN provider has a configuration to route ipv6 over ipv4, which I am using. When vpn is set to route all traffic inside the tunnel, IPleak.net shows only the ipv4 IP and the ipv6 IP as unreachable and the VPN DNS (here using "strict"). If I have connections inside and outside the tunnel, and using "exclusive" then IPleak.net shows the VPN ipv4 IP/DNS and my ISP IPv6 IP and DNS. I should have been clearer about the setting.
 

siena

Occasional Visitor
the configuration is:
client
dev tun
remote vpn.org 443
resolv-retry infinite
nobind
persist-key
persist-tun
auth-nocache
route-delay 5
verb 3
explicit-exit-notify 5
push-peer-info
setenv UV_IPV6 yes
remote-cert-tls server
cipher AES-256-CBC
comp-lzo no
proto udp
key-direction 1
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top