NAT/VPN bug with 2017-07-24

2 posts / 0 new
Last post
synfinatic's picture
NAT/VPN bug with 2017-07-24

So I recently upgraded from 2017-04-04 to 7-24 and it broke my split WiFi network/VPN.  Basically I have two SSID's, one which is sends traffic directly out the router (NAT'd) the other routes the traffic over an OpenVPN tunnel to another host on the internet which NAT's it before sending it to the final location.  After upgrading, this VPN path breaks.  

Running tcpdump on the client, router and target server shows that the 3-way TCP handshake completes, but on the 4th packet (client sending a HTTP GET for example) that is "lost" by the R7800 (not seen on any interface on tcpdump, no iptable rule counters are incremented).  Retransmits by the client are also lost the same way.

The craziest thing is that since I'm using Safari on OSX as my client and when I hit Esc to cancel, the client actually sends a HTTP GET again in a Fin packet and that goes through the router, over the VPN and to the server.  The server even responds (nginx on Linux) with a page, but by then the browser doesn't care.

I ended up reverting back to 2017/04/04 and the problem immediately went away.  No obvious errors in messages or dmesg.

kinakuta's picture
I can confirm this problem. I

I can confirm this problem. I upgraded to 7-24 from 6-11 and the VPN routing (I have an IP range bypassing the VPN via IPtable rules) stopped working.

Reverting back to 6-11 fixed the problem. So I think you should be fine upgrading from 04-04 to 6-11, but 7-24 didn't work for me either, waiting for the next release or might try Voxel's build.