VPN Client Policy Bug

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

akashi

Occasional Visitor
Model: Asus RT-AC86U
Firmware: 384.19 Merlin

I created 4 VPN clients and enabled "Policy Rules (Strict)" with "Block routed clients if tunnel goes down" set to 'Yes'

I added my local computers' IP address (Static) as 'Source' and added a 'Destination IP'

The issue is now I deleted all the 4 VPN clients by clicking on 'Default' for each one, my computer cannot reach the 'Destination IP' I had added before.

I tried tracert from the computer and the result was "Destination net unreachable" When I run tracert from the routers' web gui, destination can be reached.

I changed my computers' IP and now I can reach the 'Destination IP' I had on the VPN table previously.

Are there any CLI commands to clear these settings?
 

Martineau

Part of the Furniture
Model: Asus RT-AC86U
Firmware: 384.19 Merlin

I created 4 VPN clients and enabled "Policy Rules (Strict)" with "Block routed clients if tunnel goes down" set to 'Yes'

I added my local computers' IP address (Static) as 'Source' and added a 'Destination IP'

The issue is now I deleted all the 4 VPN clients by clicking on 'Default' for each one, my computer cannot reach the 'Destination IP' I had added before.

I tried tracert from the computer and the result was "Destination net unreachable" When I run tracert from the routers' web gui, destination can be reached.

I changed my computers' IP and now I can reach the 'Destination IP' I had on the VPN table previously.

Are there any CLI commands to clear these settings?
You can try this CLI command to identify any remnants of RPDB/routing rules that could be the cause of the issue
Code:
echo -e "\n\tRPDB Rules";ip rule;for I in 1 2 3 4 5;do VPNSERVER="$(nvram get vpn_client${I}_addr)";VPNPORT="$(nvram get vpn_client${I}_port)"; VPNPROTO="$(nvram get vpn_client${I}_proto)"; [ -z "$VPNSERVER" ] && VPNSERVER="Not configured!"; echo -e "\n\tVPN Client $I (${VPNSERVER} ${VPNPORT}:${VPNPROTO}) ovpn$I routes";ip route show table 11$I;echo;done;echo -e "\tWAN";ip route | grep -E "^0\.|^128.|^default" | sed '/^default/ s/[^ ]*[^ ]/xxx.xxx.xxx.xxx/3'
 
Last edited:

akashi

Occasional Visitor
You can try this CLI command to identify any remnants of RPDB/routing rules that could be the cause of the issue
Code:
echo -e "\n\tRPDB Rules";ip rule;for I in 1 2 3 4 5;do VPNSERVER="$(nvram get vpn_client${I}_addr)";VPNPORT="$(nvram get vpn_client${I}_port)"; VPNPROTO="$(nvram get vpn_client${I}_proto)"; [ -z "$VPNSERVER" ] && VPNSERVER="Not configured!"; echo -e "\n\tVPN Client $I (${VPNSERVER} ${VPNPORT}:${VPNPROTO}) ovpn$I routes";ip route show table 11$I;echo;done;echo -e "\tWAN";ip route | grep -E "^0\.|^128.|^default" | sed '/^default/ s/[^ ]*[^ ]/xxx.xxx.xxx.xxx/3'

Thank you for your suggestion. I rebooted the router a few times and now the problem has been resolved.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top