ChrisM
Occasional Visitor
ASUS RT-AC86U with Asuswrt-Merlin - Current 382.1_2
But have tested this with (382.1_2) & (382.2_beta3) & (384.3_beta3)
The results are the same for all of them
Bug or Feature ??
(it depends on how high the fence is and on what side your standing on)
Open box, install, upgrade Asus firmware, factory reset
Install firmware Merlin, factory reset
Configure WAN then LAN DHCP followed by VPN Clients and External Storage - now at this point - testing
*** ->> The Problem I am having is this <<- ***
VPN Client set Exclusive
Fixed IP mapped to PC in DHCP
Policy rule to route PC to VPN
Kill switch active
Start with WAN set to Off
Testing done with only 1 Client installed
(more makes results confusing )
Once the VPN Client has been active ON and the PC correctly protected internet used etc when the Client is toggled OFF to return the router to normal the Kill switch Policy rule filter is NOT reset - stopping the PC from WAN access. (could be an internal table not flushed when all Client Off)
Its a fault because there are no longer any VPN clients active
All have been manually switched Off
The router should now Allow the once VPN protected PC back on to the WAN and It Does Not
Various ways I have found to let the PC back onto the WAN are
a.) Toggle the internet connection On/Off via the Internet Status setting page. (interrupts all other connected users in the process of course)
b.) Change the Kill Switch setting to NO and then Apply update to Client works even though the VPN Client is in the Off state. (quickest)
Strange but I also found that after you have connected just once to the VPN and then manually switched Off the Client, you can then toggle the Kill switch to the Client On or Off applying update after each time to see the effect of none and then allowed WAN access of the PC in the policy rule
I understand its purpose is to halt the access to the WAN in the event of disconnection of the VPN but fail to see why manually switching Off the client function does not reset clear it.
(proviso no other Clients are still active of course or should it clear that Clients table only)
Testing of this with the Kill Switch Not active from the start of test DOES Allow the PC to connect back to the WAN after the VPN Client is manually switched Off, as the Kill switch has not been active in the first place. But again if the Kill Switch is then toggled to the On and the apply update done
the PC is again blocked even though the Client still remains in the Off state.
(you must have been to the internet and used the WAN of course)
This only presents its self as an issue when the Kill Switch is Active and the
VPN Client is switched OFF manually after routing the PC through the VPN,
Or if the Kill Switch is toggled On and the settings updated post VPN connection. (with the Client still in the Off state)
Has anyone else had this happen to them?
Is this Feature known of already?
Can this be looked at please its confusing.
*** ->> END <<- ***
This is my first taste of ASUS routers but heard great reviews of them in the past. I was a Netgear man for may years before finding a likening for CISCO kit. Had a X2500 switched on for two years straight without faulting.
The ASUS has lots of good features and compares well if not better with other routers and as hardware improves the leap in performance is very gratifying to have.
My thanks go out to RMerlin for his hard work in supporting all this complex
Router Software a very LARGE Thank you Sir. (long may you continue)
An amazing Job for one person to maintain.
Ending Note: -
I will End this with the unit is working correctly and functioning well with
DNS hidden in either normal internet using OpenDNS or VPN with NordDNS (ISP - Virgin Media. VPN - NordVPN)
Setting up of hidden DSN was hard work trial and error until final working point found. (just had to keep reading the net)
Had trouble getting external NTFS storage to work until I found if you
FORMAT the drive whilst connected to Asus unit then everything Ok
(file name error msg gone and download manager now finding drive)
Router did get its self in a right mess at one stage and start saying connected to VPN on VPN status page with all clients switched off. A factory reset and rebuild was needed but this cured the issue and it has not happened since (touch wood)
IMPORTANT - Note to NordVPN users -
the pre config ovpn files supplied by Nord for setting up VPN Clients is wrong (reported)
ending script is in error and the script at the bottom of the tutorial should be substituted see here -
https://nordvpn.com/tutorials/asustwrt-merlin/openvpn/
#
remote-cert-tls server
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping-timer-rem
reneg-sec 0
# log /tmp/vpn.log
But have tested this with (382.1_2) & (382.2_beta3) & (384.3_beta3)
The results are the same for all of them
Bug or Feature ??
(it depends on how high the fence is and on what side your standing on)
Open box, install, upgrade Asus firmware, factory reset
Install firmware Merlin, factory reset
Configure WAN then LAN DHCP followed by VPN Clients and External Storage - now at this point - testing
*** ->> The Problem I am having is this <<- ***
VPN Client set Exclusive
Fixed IP mapped to PC in DHCP
Policy rule to route PC to VPN
Kill switch active
Start with WAN set to Off
Testing done with only 1 Client installed
(more makes results confusing )
Once the VPN Client has been active ON and the PC correctly protected internet used etc when the Client is toggled OFF to return the router to normal the Kill switch Policy rule filter is NOT reset - stopping the PC from WAN access. (could be an internal table not flushed when all Client Off)
Its a fault because there are no longer any VPN clients active
All have been manually switched Off
The router should now Allow the once VPN protected PC back on to the WAN and It Does Not
Various ways I have found to let the PC back onto the WAN are
a.) Toggle the internet connection On/Off via the Internet Status setting page. (interrupts all other connected users in the process of course)
b.) Change the Kill Switch setting to NO and then Apply update to Client works even though the VPN Client is in the Off state. (quickest)
Strange but I also found that after you have connected just once to the VPN and then manually switched Off the Client, you can then toggle the Kill switch to the Client On or Off applying update after each time to see the effect of none and then allowed WAN access of the PC in the policy rule
I understand its purpose is to halt the access to the WAN in the event of disconnection of the VPN but fail to see why manually switching Off the client function does not reset clear it.
(proviso no other Clients are still active of course or should it clear that Clients table only)
Testing of this with the Kill Switch Not active from the start of test DOES Allow the PC to connect back to the WAN after the VPN Client is manually switched Off, as the Kill switch has not been active in the first place. But again if the Kill Switch is then toggled to the On and the apply update done
the PC is again blocked even though the Client still remains in the Off state.
(you must have been to the internet and used the WAN of course)
This only presents its self as an issue when the Kill Switch is Active and the
VPN Client is switched OFF manually after routing the PC through the VPN,
Or if the Kill Switch is toggled On and the settings updated post VPN connection. (with the Client still in the Off state)
Has anyone else had this happen to them?
Is this Feature known of already?
Can this be looked at please its confusing.
*** ->> END <<- ***
This is my first taste of ASUS routers but heard great reviews of them in the past. I was a Netgear man for may years before finding a likening for CISCO kit. Had a X2500 switched on for two years straight without faulting.
The ASUS has lots of good features and compares well if not better with other routers and as hardware improves the leap in performance is very gratifying to have.
My thanks go out to RMerlin for his hard work in supporting all this complex
Router Software a very LARGE Thank you Sir. (long may you continue)
An amazing Job for one person to maintain.
Ending Note: -
I will End this with the unit is working correctly and functioning well with
DNS hidden in either normal internet using OpenDNS or VPN with NordDNS (ISP - Virgin Media. VPN - NordVPN)
Setting up of hidden DSN was hard work trial and error until final working point found. (just had to keep reading the net)
Had trouble getting external NTFS storage to work until I found if you
FORMAT the drive whilst connected to Asus unit then everything Ok
(file name error msg gone and download manager now finding drive)
Router did get its self in a right mess at one stage and start saying connected to VPN on VPN status page with all clients switched off. A factory reset and rebuild was needed but this cured the issue and it has not happened since (touch wood)
IMPORTANT - Note to NordVPN users -
the pre config ovpn files supplied by Nord for setting up VPN Clients is wrong (reported)
ending script is in error and the script at the bottom of the tutorial should be substituted see here -
https://nordvpn.com/tutorials/asustwrt-merlin/openvpn/
#
remote-cert-tls server
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping-timer-rem
reneg-sec 0
# log /tmp/vpn.log
