Strange things with VPN after update

[Thorton]

Updated AC87U to the latest version a few days ago and noticed some strange things with VPN (never saw this in previous releases).

I have 2 OpenVPN clients configured, but could use only one at time in previous releases. Now, both clients get connected at the same time after reboot (at least router says that). So after reboot I checked my IP and saw that I'm actually connected via 2nd VPN profile.

Since I want my IP to always be from 1st profile, I disconnected 2nd client and checked my IP again. Surprise surprise, all websites displayed my REAL IP, even if router still claimed that 1st VPN client is connected.

To take this further, my VPN profile on router is configured to "Block routed clients if tunnel goes down", and this option always worked perfectly - the same second VPN connection goes down, all clients are disconnected. Unfortunately, it didn't work this time - VPN connection was not established, but router claimed I'm connected via VPN, and didn't block clients.

Here's the log from router reboot to the moment I noticed something wrong - https://pastebin.com/DqPUxtkJ

 

[skeal]

Did you try factory reset then manual reprogram? I mean not importing a saved profile? This can really help when little things don't work after a firmware upgrade.

 

[Xentrk]

Updated AC87U to the latest version a few days ago and noticed some strange things with VPN (never saw this in previous releases).

I have 2 OpenVPN clients configured, but could use only one at time in previous releases. Now, both clients get connected at the same time after reboot (at least router says that). So after reboot I checked my IP and saw that I'm actually connected via 2nd VPN profile.

Since I want my IP to always be from 1st profile, I disconnected 2nd client and checked my IP again. Surprise surprise, all websites displayed my REAL IP, even if router still claimed that 1st VPN client is connected.

To take this further, my VPN profile on router is configured to "Block routed clients if tunnel goes down", and this option always worked perfectly - the same second VPN connection goes down, all clients are disconnected. Unfortunately, it didn't work this time - VPN connection was not established, but router claimed I'm connected via VPN, and didn't block clients.

Here's the log from router reboot to the moment I noticed something wrong - https://pastebin.com/DqPUxtkJ

I have two VPN clients running configured to start at WAN. I use policy rules (strict) to control what clients use what tunnels and another script to route only certain streaming media traffic to the other. From what you described, it sounds like you don't have policy rules in place. I assign static ip addresses for all clients in DHCP page. Then, use these addresses to define what LAN clients go thru what tunnel. See the guide in the VPN forum on how to set this up.

On some firmware upgrades, my VPN performance has slowed to a crawl. A factory reset and restore using the nvram backup and restore utility has fixed this every time.

 

[martinr]

....
On some firmware upgrades, my VPN performance has slowed to a crawl. A factory reset and restore using the nvram backup and restore utility has fixed this every time.

A factory reset and restore really does seem to take care of most router idiosyncrasies and deviations from the norm. A bit like a fresh isnstall of Windows, but, thankfully, nothing like as traimatic or time consuming: no days written off looking for drivers in all the nooks and crannies of Cyberspace.

 

[Thorton]

Ddid factory reset and upgraded to 380.68_2 today. The same:

right after router boots up, both VPN clients show connected (and my IP exposed to the Internet is from 2nd VPN). Once I disconnect 2nd VPN, it displays my 1st VPN is still connected, but it's not true - traffic doesn't get routed via 1st VPN. And traffic doesn't get blocked too, even if VPN section is configured to do so. Then I have to disconnect 1st VPN manually, re-connect, and only then traffic is routed via VPN.

 

[Martineau]

Ddid factory reset and upgraded to 380.68_2 today. The same:

right after router boots up, both VPN clients show connected (and my IP exposed to the Internet is from 2nd VPN). Once I disconnect 2nd VPN, it displays my 1st VPN is still connected, but it's not true - traffic doesn't get routed via 1st VPN. And traffic doesn't get blocked too, even if VPN section is configured to do so. Then I have to disconnect 1st VPN manually, re-connect, and only then traffic is routed via VPN.

You should issue the four commands

ip rule
ip route
ip route show table 111
ip route show table 112

at various stages to give you a diagnostic rule comparison

1. Immediately after a reboot and both VPNs are UP issue the commands
2. Stop VPN2, then issue the commands
3. Disconnect VPN1 then issue the commands
4. Restart VPN1 then issue the commands

If you can't determine from the output what is causing the issue then redact/obfuscate your WAN address with 'xxx.xxx.xxx.xxx' etc. and post the output.
e.g.

ip route | grep -E "^defaul|tun|^0\.|^128\." | sed 's/via.*dev/via xxx\.xxx\.xxx\.xxx dev/'