VPN Client Policy Bug

[akashi]

Model: Asus RT-AC86U
Firmware: 384.19 Merlin

I created 4 VPN clients and enabled "Policy Rules (Strict)" with "Block routed clients if tunnel goes down" set to 'Yes'

I added my local computers' IP address (Static) as 'Source' and added a 'Destination IP'

The issue is now I deleted all the 4 VPN clients by clicking on 'Default' for each one, my computer cannot reach the 'Destination IP' I had added before.

I tried tracert from the computer and the result was "Destination net unreachable" When I run tracert from the routers' web gui, destination can be reached.

I changed my computers' IP and now I can reach the 'Destination IP' I had on the VPN table previously.

Are there any CLI commands to clear these settings?

 

[Martineau]

Model: Asus RT-AC86U
Firmware: 384.19 Merlin

I created 4 VPN clients and enabled "Policy Rules (Strict)" with "Block routed clients if tunnel goes down" set to 'Yes'

I added my local computers' IP address (Static) as 'Source' and added a 'Destination IP'

The issue is now I deleted all the 4 VPN clients by clicking on 'Default' for each one, my computer cannot reach the 'Destination IP' I had added before.

I tried tracert from the computer and the result was "Destination net unreachable" When I run tracert from the routers' web gui, destination can be reached.

I changed my computers' IP and now I can reach the 'Destination IP' I had on the VPN table previously.

Are there any CLI commands to clear these settings?

You can try this CLI command to identify any remnants of RPDB/routing rules that could be the cause of the issue

echo -e "\n\tRPDB Rules";ip rule;for I in 1 2 3 4 5;do VPNSERVER="$(nvram get vpn_client${I}_addr)";VPNPORT="$(nvram get vpn_client${I}_port)"; VPNPROTO="$(nvram get vpn_client${I}_proto)"; [ -z "$VPNSERVER" ] && VPNSERVER="Not configured!"; echo -e "\n\tVPN Client $I (${VPNSERVER} ${VPNPORT}:${VPNPROTO}) ovpn$I routes";ip route show table 11$I;echo;done;echo -e "\tWAN";ip route | grep -E "^0\.|^128.|^default" | sed '/^default/ s/[^ ]*[^ ]/xxx.xxx.xxx.xxx/3'

 

[akashi]

You can try this CLI command to identify any remnants of RPDB/routing rules that could be the cause of the issue

echo -e "\n\tRPDB Rules";ip rule;for I in 1 2 3 4 5;do VPNSERVER="$(nvram get vpn_client${I}_addr)";VPNPORT="$(nvram get vpn_client${I}_port)"; VPNPROTO="$(nvram get vpn_client${I}_proto)"; [ -z "$VPNSERVER" ] && VPNSERVER="Not configured!"; echo -e "\n\tVPN Client $I (${VPNSERVER} ${VPNPORT}:${VPNPROTO}) ovpn$I routes";ip route show table 11$I;echo;done;echo -e "\tWAN";ip route | grep -E "^0\.|^128.|^default" | sed '/^default/ s/[^ ]*[^ ]/xxx.xxx.xxx.xxx/3'

Thank you for your suggestion. I rebooted the router a few times and now the problem has been resolved.