Hi Guys
Upgraded one of our RUT X11 router configs from 7.0.0 to 7.0.2
everything appeared to go well...
OpenVPN split tunnel established ....
I can see the web admin pages of the x11 from the remote internal LAN...
But now the device users are complaining that they can get to the internet, but cannot
access any service hosted remotely through the VPN tunnel - some protocols get through e.g. you can ping
but you cannot browse, FTP, SMB, anything that normal users do.
Even more interestingly - starting up OpenVPN not on the router, but on the wifi client device direct to the
VPN server's FQDN via the internet (i.e. not using the router's VPN tunnel) is similarly affected ???? The VPN
establishes and routes are pushed from the VPN server directly to the wifi device as well as redirection of the default
gateway - but even in that scenario - you cant browse any content behind the VPN ?.
I started to think at this point it was a VPN server issue, so I dropped the wifi device off of the x11 wifi onto its own 4G
connection and restarted the VPN . It connected , traffic flowing, browsing fine end to end.
I then moved it onto the X11 wifi again, allowed time for dead peer detection and tunnel re-establishment, the tunnel came up, but NOW...
no throughput. This suggests to me that its a port / protocol level issue , maybe in the firewall ??
So ... diagnostic time
First thing I notice is that to build the split tunnel you have to block the VPN client from accepting the
pushed routes , then add in the router specific static routes . I had done this manually in the config page.
When I looked in the GUI config page ,the additional command order was reversed!! the command to block the
client from accepting pushed routes came after definition of the locally specified routes ??? what the hell ??
So I edited the config file, and restarted the router - GUI was now up , pings went through , browsing still didn't work over the VPN
After several fruitless hours in wireshark , with no obvious root cause , it was time to revert.
Fortunately I took a backup of the config as when going backwards from 7.0.2 to 7.0.0 despite stating keep the config,
the router factory reset completely.
I restored the backup and rebooted the router , everything on 7.0.0 started working again immediately.
So guys - I don't know in total what you did for openvpn between 7.0.0 and 7.0.2, but while you fixed the legacy GUI status
issue you have broken OpenVPN here (yet again!) and I have yet to root cause what triggered it ,other than to say regression
to 7.0.0 cures it instantly.
How many QA hours do you guys put into the lab, testing a build before releasing it please ?
Regards
BB