VPN Director... design issue???

[naraku]

Updated 386.3 today with this "VPN Director", now my old VPN setup is completely unfunctional...

So
My scenario is I have multiple OpenVPN clients that receive the static routes from multiple servers instead of redirecting the whole gateway.
Then I have this "Force Internet traffic through tunnel" be set to "No" and letting the two VPN servers decides the routes all the time.

With this new VPN design, now the "No" option only works with one of the VPN clients enabled. If I have both clients enabled, the static routes only exist whoever connects afterward.

How am I able to still make them working together now? Is there any way to downgrade the firmware, or is it safe to do so?

Appreciate any clarification...

 

[elorimer]

Updated 386.3 today with this "VPN Director", now my old VPN setup is completely unfunctional...
So
My scenario is I have an OpenVPN server that pushes the static routes instead of redirecting the whole gateway,
then I have this "Force Internet traffic through tunnel" be set to "No" and letting the VPN server decides the routes all the time.

With this new VPN design, I wonder what's the meaning of the option "No" afterward?
In what scenario we can still or will use "No" after the changes if I can not let the VPN server decide the routes with option "No"?

Appreciate any clarification...

VPN Director is client, not server. Are you talking about an OpenVPN server set up in Merlin? Or some other server that you are connecting through a client set up in Merlin?

 

[naraku]

VPN Director is client, not server. Are you talking about an OpenVPN server set up in Merlin? Or some other server that you are connecting through a client set up in Merlin?

Sorry, just edited the post a little bit..

Answer to your question: I have two VPN clients running in Merlin which are connecting some other VPN servers.

 

[L&LD]

Did you read the changelog and the thread on the changes the VPN Director has brought?

 

[naraku]

Did you read the changelog and the thread on the changes the VPN Director has brought?

Yes I did, what's your suggestion then?

 

[L&LD]

Adapt your old VPN settings to the fixes and changes introduced.

 

[naraku]

Adapt your old VPN settings to the fixes and changes introduced.

But there is no way to make two None-Gteway VPN clients working together now...
That's why I am asking for the solution after the upgrade?
Is it a bug or design flaw?

 

[kernol]

But there is no way to make two None-Gteway VPN clients working together now...
That's why I am asking for the solution after the upgrade?
Is it a bug or design flaw?

I see the above are your first ever posts on the forums - so welcome.
It seems to me that some of what you are trying to say / ask for may be lost in the translation.

Can you perhaps give more detail.

• First - what router do you have;
• how were the two VPN Clients setup before firmware 386.3 ?? Done in the webui or using a script like x3mRouting??;
• are you talking about VPN Servers configured locally on your Router - or external VPN Service providers;
• are there actually two different VPN service providers that you were using [say NordVPN and ExpressVPN?].

Sorry - but I can't understand how, what and why you were doing under the old firmware and which aspect is now not working under the new firmware.

 

[naraku]

I see the above are your first ever posts on the forums - so welcome.
It seems to me that some of what you are trying to say / ask for may be lost in the translation.

Can you perhaps give more detail.

• First - what router do you have;
• how were the two VPN Clients setup before firmware 386.3 ?? Done in the webui or using a script like x3mRouting??;
• are you talking about VPN Servers configured locally on your Router - or external VPN Service providers;
• are there actually two different VPN service providers that you were using [say NordVPN and ExpressVPN?].

Sorry - but I can't understand how, what and why you were doing under the old firmware and which aspect is now not working under the new firmware.

1) I have RT-AX88U.
2) I was using RT-AX88U_386.2_6 before 386.3, all the VPN clients were done in the Merlin WebUI, and everything works well until I upgrade.
3) I am talking about VPN clients in the Merlin, which connect to external VPN Service providers.
4) There are actually two different VPN service providers that I was using, but they are nothing like [NordVPN and ExpressVPN] redirect all your internet gateway, instead, my VPN service providers only push the static routes to the clients.

To sum up in one sentence:
Multiple VPN clients are no longer coordinated after the 386.2_6.

 

[naraku]

I see the above are your first ever posts on the forums - so welcome.
It seems to me that some of what you are trying to say / ask for may be lost in the translation.

Can you perhaps give more detail.

• First - what router do you have;
• how were the two VPN Clients setup before firmware 386.3 ?? Done in the webui or using a script like x3mRouting??;
• are you talking about VPN Servers configured locally on your Router - or external VPN Service providers;
• are there actually two different VPN service providers that you were using [say NordVPN and ExpressVPN?].

Sorry - but I can't understand how, what and why you were doing under the old firmware and which aspect is now not working under the new firmware.

By the way, in your example [NordVPN and ExpressVPN], I doubt it will work neither.

Say I have a TV, and I want it to traffic through NordVPN.
Simultaneously I have an iPad, and I want it to traffic through ExpressVPN.

And I'm connecting both of them in Merlin, will this scenario still function? I know the old version does.

 

[SheikhSheikha]

By the way, in your example [NordVPN and ExpressVPN], I doubt it will work neither.

Say I have a TV, and I want it to traffic through NordVPN.
Simultaneously I have an iPad, and I want it to traffic through ExpressVPN.

And I'm connecting both of them in Merlin, will this scenario still function? I know the old version does.

Sure it works. Just read the wiki https://github.com/RMerl/asuswrt-merlin.ng/wiki/VPN-Director

 

[kernol]

By the way, in your example [NordVPN and ExpressVPN], I doubt it will work neither.

Say I have a TV, and I want it to traffic through NordVPN.
Simultaneously I have an iPad, and I want it to traffic through ExpressVPN.

And I'm connecting both of them in Merlin, will this scenario still function? I know the old version does.

Many thanks 0 fully understand.

The answer is a resounding YES - "you can do it " in VPN Director very easily - but there are likely changes to what you had before.
In my own setup I have the following VPN Director rules ... [ignore the blurred ones - they are not activated] ...

So - the first rule may not be needed anymore - but I have stuck with it.
The second rule diverts my AndoidTV box to the WAN so it is not caught in any other rules;
The fourth rule send my AppleTV device [by its ip address] to OPVN3 [VPN Client No 3];
The fifth rule sends all my local Guest1 WiFi clients to OPVN5 - [VPN Client No 5].

In the case of OPVN3 - I have set the Accept DNS Config to Exclusive [so it uses DNS services provided by NordVPN]; EDIT This one also has the Kill Switch set to Yes.
In the case of OPVN5 - I have set the Accept DNS Config to Disabled [so it use my unbound running on my router as DNS]. Kill switch = No;
EDIT - Both VPN Clients are configured to "Redirect Internet Traffic through tunnel = VPN Director (Policy rules)
The blurred rules relate to a second entirely different VPN service provider which I use periodically - and all can work at the same time for different devices.

Like the Sheik said ... READ the wiki .

 

[naraku]

Many thanks 0 fully understand.

The answer is a resounding YES - "you can do it " in VPN Director very easily - but there are likely changes to what you had before.
In my own setup I have the following VPN Director rules ... [ignore the blurred ones - they are not activated] ...

View attachment 35237

So - the first rule may not be needed anymore - but I have stuck with it.
The second rule diverts my AndoidTV box to the WAN so it is not caught in any other rules;
The fourth rule send my AppleTV device [by its ip address] to OPVN3 [VPN Client No 3];
The fifth rule sends all my local Guest1 WiFi clients to OPVN5 - [VPN Client No 5].

In the case of OPVN3 - I have set the Accept DNS Config to Exclusive [so it uses DNS services provided by NordVPN]; EDIT This one also has the Kill Switch set to Yes.
In the case of OPVN5 - I have set the Accept DNS Config to Disabled [so it use my unbound running on my router as DNS]. Kill switch = No;
EDIT - Both VPN Clients are configured to "Redirect Internet Traffic through tunnel = VPN Director (Policy rules)
The blurred rules relate to a second entirely different VPN service provider which I use periodically - and all can work at the same time for different devices.

Like the Sheik said ... READ the wiki .

OK, thanks for the updates!
You certainly proved it works under the "VPN Director" option!
But what about the option "No"?
Has anyone tested that except my usage scenario?

Again, I use the static routes, not redirect the entire gateway. (ie: don't want it to show the VPN‘s IPs when I check whatsmyip.com)
After the upgrade, only one of the VPN clients works when I'm connecting to both clients.

It has been working well before 386.3.

 

[octopus]

OK, thanks for the updates!
You certainly proved it works under the "VPN Director" option!
But what about the option "No"?
Has anyone tested that except my usage scenario?

Again, I use the static routes, not redirect the entire gateway. (ie: don't want it to show the VPN‘s IPs when I check whatsmyip.com)
After the upgrade, only one of the VPN clients works when I'm connecting to both clients.

It has been working well before 386.3.

What I have understand static routes from server are ignore now. Must setup with VPN-director.

 

[naraku]

What I have understand static routes from server are ignore now. Must setup with VPN-director.

Finally! Thank you!

That is exactly the issue!
In my case, the servers decide the routes, not by clients!

 

[octopus]

Finally! Thank you!

That is exactly the issue!
In my case, the servers decide the routes, not by clients!

OpenVPN routing handling was rewritten, allowing the implementation of VPN Director, but also bringing additional fixes and improvements.

Routes are now created by the firmware itself rather than by the OpenVPN process.

 

[naraku]

OpenVPN routing handling was rewritten, allowing the implementation of VPN Director, but also bringing additional fixes and improvements.

Routes are now created by the firmware itself rather than by the OpenVPN process.

I know, I have read the wiki, it's just I do not fully admire the new rewritten, since there are areas that the new firmware has not taken into account.

So will there be a fix for it?

 

[naraku]

Or I'm not sure what's the usage of "No" option, in what scenario people will still use it?

 

[naraku]

Another scenario is:
When I have one of the clients with this "No" option, then it makes my other NordVPN client no longer works anymore, even I have set NordVPN to "VPN Director", but I guess the first VPN client blocks everything after it when you have the option "No"?

Bit of a complicated network structure that I have. (with 2 static routes work VPN and one NordVPN client.)

 

[octopus]

Another scenario is:
When I have one of the clients with this "No" option, then it makes my other NordVPN client no longer works anymore, even I have set NordVPN to "VPN Director", but I guess the first VPN client blocks everything after it when you have the option "No"?

Bit of a complicated network structure that I have. (with 2 static routes work VPN and one NordVPN client.)

I have No problem running 3 clients to different location and different lan devices.