I've dirty upgraded a local Asus RT-AC68U HW ver. A1 from firmware 386.5_2 through both 386.7 alphas and both 386.7 betas. I've not discovered any issues.
Last night I've dirty upgraded a remote Asus RT-AC66U B1 (which uses the same firmware file as the RT-AC68U) from firmware 386.5_2 straight to 386.7_beta2 through vpn tunnel, with RT-AC68U acting as the OpenVPN server and RT-AC66U B1 acting as the OpenVPN client in a site-to-site configuration. After the automatic reboot, the vpn connection would be established, but I could no longer access the RT-AC66U B1, neither the WebUI through https, nor the shell/terminal through ssh.
A long time ago, preparing for bad things to happen, I've also setup a OpenVPN server on the RT-AC66U B1 and and can access it this way.
I've tried many things and looked at both the server and client configurations, as well as flash the 386.5_2 firmware back on the RT-AC68U. I've not flashed the remote RT-AC66U B1 because it is being used for internet services and so I can't just reboot it whenever I feel like it.
Finally I found that the OVPN chain in iptables's default filter table got separated to four different chains OVPNCF, OVPNCI, OVPNSF and OVPNSI and by adding the following ruleiptables -A OVPNCI -i tun11 -j ACCEPT
to the RT-AC66U B1 I can access it again, when both routers run 386.7_beta2 firmware. Note: tun11 is because I use OpenVPN client 1 with a tun interface, not a tap one.
Is there something I can change in the WebUI on either or both routers to not use the iptables command or is it a bug?
Thank you RMerlin for the new releases.