We had a issue with a RUT955 (FW ver.: RUT9XX_R_00.06.09.1) connected to two openvpn server the same time. From one server we were able to connect to the device Modbus server, from the other not. (We ran the same setup on other devices successfully).
After downloading the backup of the not working device and comparing the diff with a working on, we figured out there is a difference in the file /etc/config/firewall in the section config zone 'vpn zone'. The working one has a entry like option device 'tun_+ tun+', the none working one is missing the tun+ there.
After fixing that via ssh and vi it's working as expected.
But we don't want to connect via ssh to every device, so the question - where to set this in the front end?