Issue with OpenVPN client - strict policy rules doesnt work sometimes

[tommy1]

Hi,
I have asus RT-AC66U_B1 router with merlin firmware 384.19, using ProtonVPN ovpn file with VPN client on that router, in order not to use ProtonVPN app on a computer. I have strict settings in order not to connect with my static IP address, but with the VPN one, meaning "Force internet traffic through tunnel" -> Policy rules (strict)", "Block routed clients if tunnel goes down" -> Yes, and then set few IPs from my LAN network which have static IP addresses set.

Custom configuration as follows:

remote-random
resolv-retry infinite
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
remote-cert-tls server
pull
fast-io
pull-filter ignore ifconfig-ipv6
pull-filter ignore route-ipv6

the issue is that today in the morning when I had a power outage at home, after a router rebooted, on one device I couldnt connect to the internet, there was "authentication failed" error in the service state section of VPN client settings, but after connecting it again it started working, but on another device it connected with my real IP address which I saw in the logs of that service, so even though there were those strict settings yet it still exposed my real IP address,

is this sth then related with my settings or some kind of a bug ? could you please help to investigate that and to avoid that in future ?

thanks

 

[Xentrk]

Hi,
I have asus RT-AC66U_B1 router with merlin firmware 384.19, using ProtonVPN ovpn file with VPN client on that router, in order not to use ProtonVPN app on a computer. I have strict settings in order not to connect with my static IP address, but with the VPN one, meaning "Force internet traffic through tunnel" -> Policy rules (strict)", "Block routed clients if tunnel goes down" -> Yes, and then set few IPs from my LAN network which have static IP addresses set.

Custom configuration as follows:


the issue is that today in the morning when I had a power outage at home, after a router rebooted, on one device I couldnt connect to the internet, there was "authentication failed" error in the service state section of VPN client settings, but after connecting it again it started working, but on another device it connected with my real IP address which I saw in the logs of that service, so even though there were those strict settings yet it still exposed my real IP address,

is this sth then related with my settings or some kind of a bug ? could you please help to investigate that and to avoid that in future ?

thanks

Here is how to debug:

First, check the RPDB rule assignments and priority rules for policy routing are assigned using the command ip rule. Change Log Verbosity to level 4 on the openvpn client screen. Restart the vpn client and check the system log for clues.

I recommend a UPS to the router and modem. I get a lot of brown outs during storms where I live and I can keep using the net when the power goes down. Although the chirping of the UPS units can drive you crazy.