What's new

VPN Client Policy Bug

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

akashi

Occasional Visitor
Model: Asus RT-AC86U
Firmware: 384.19 Merlin

I created 4 VPN clients and enabled "Policy Rules (Strict)" with "Block routed clients if tunnel goes down" set to 'Yes'

I added my local computers' IP address (Static) as 'Source' and added a 'Destination IP'

The issue is now I deleted all the 4 VPN clients by clicking on 'Default' for each one, my computer cannot reach the 'Destination IP' I had added before.

I tried tracert from the computer and the result was "Destination net unreachable" When I run tracert from the routers' web gui, destination can be reached.

I changed my computers' IP and now I can reach the 'Destination IP' I had on the VPN table previously.

Are there any CLI commands to clear these settings?
 
Model: Asus RT-AC86U
Firmware: 384.19 Merlin

I created 4 VPN clients and enabled "Policy Rules (Strict)" with "Block routed clients if tunnel goes down" set to 'Yes'

I added my local computers' IP address (Static) as 'Source' and added a 'Destination IP'

The issue is now I deleted all the 4 VPN clients by clicking on 'Default' for each one, my computer cannot reach the 'Destination IP' I had added before.

I tried tracert from the computer and the result was "Destination net unreachable" When I run tracert from the routers' web gui, destination can be reached.

I changed my computers' IP and now I can reach the 'Destination IP' I had on the VPN table previously.

Are there any CLI commands to clear these settings?
You can try this CLI command to identify any remnants of RPDB/routing rules that could be the cause of the issue
Code:
echo -e "\n\tRPDB Rules";ip rule;for I in 1 2 3 4 5;do VPNSERVER="$(nvram get vpn_client${I}_addr)";VPNPORT="$(nvram get vpn_client${I}_port)"; VPNPROTO="$(nvram get vpn_client${I}_proto)"; [ -z "$VPNSERVER" ] && VPNSERVER="Not configured!"; echo -e "\n\tVPN Client $I (${VPNSERVER} ${VPNPORT}:${VPNPROTO}) ovpn$I routes";ip route show table 11$I;echo;done;echo -e "\tWAN";ip route | grep -E "^0\.|^128.|^default" | sed '/^default/ s/[^ ]*[^ ]/xxx.xxx.xxx.xxx/3'
 
Last edited:
You can try this CLI command to identify any remnants of RPDB/routing rules that could be the cause of the issue
Code:
echo -e "\n\tRPDB Rules";ip rule;for I in 1 2 3 4 5;do VPNSERVER="$(nvram get vpn_client${I}_addr)";VPNPORT="$(nvram get vpn_client${I}_port)"; VPNPROTO="$(nvram get vpn_client${I}_proto)"; [ -z "$VPNSERVER" ] && VPNSERVER="Not configured!"; echo -e "\n\tVPN Client $I (${VPNSERVER} ${VPNPORT}:${VPNPROTO}) ovpn$I routes";ip route show table 11$I;echo;done;echo -e "\tWAN";ip route | grep -E "^0\.|^128.|^default" | sed '/^default/ s/[^ ]*[^ ]/xxx.xxx.xxx.xxx/3'

Thank you for your suggestion. I rebooted the router a few times and now the problem has been resolved.
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top