Brume 2 vpn policy is unreliable, even in the supported configuration. Have to restart VPN and toggle policy to allow IP's to connect

I need to re-open this, unfortunately. I’ve continued to have the issue even after changing the cellular mwan3 check to use localhost ping checks (no longer using httping)

I discovered that there is infact a packet routing issue while troubleshooting a connection to a new wireguard connection via my upstream router (on a linksys openwrt, not brume2)

after about 8 to 12 hours from the last reset the following occurs for all IP’s/domains in the exclusion:

Set far end router IP as VPN policy exclusion
packets are sent from my network, thru brume 2 which I captured in tcpdump
packets are seen in the Brume2 leaving towards the internet
The packets are seen on the other end, and reply packets are seen sent back to my local network in tcpdump
The reply packets are seen on the brume2 WAN interface via tcpdump (easytether)
the reply packets are not seen on the brume2 LAN interface

Once I restart the openvpn client on Brume2 AND toggle VPN policy to Global and then to exclude IPs, the connection is restored for ALL excluded IP’s in the VPN Policy No reboot is necessary, but both have to be restarted/toggled, the order doesn’t seem to matter.

Some additional observations: This does not effect IPs that have a persistent connection, it only effects new connections that hadn’t been made until after the 8-12 hours it works.

Could we start anydesk sesssion, please PM me.

another dump and newbie question from me

How do I set vpn policies ? I don’t even see that on the gui , do I need to do it in cli and where to start cli screen? so I need to install any plugins first?

CleanShot 2023-02-08 at 18.03.47@2x2568×944 209 KB

Sorry again for such dumb questions

Pls go to VPN dashboard, find it at the vpn client section.

I’m having the same problem, MAC clients excluded via VPN Policy from using the VPN are dropped after few hours and the only solution is to reboot. This is an extremely annoying issue!! I made the switch from PfSense for similar problems I had where the only solution was to reboot it. Seems I’m cursed. Do fix this asap, please!
PS: added this functionality to the Android app too, I was pissed off that I cannot manage my exclusion list from my phone.
Thanks.

Hi What do you mean by dropped?

This bug has been fix in beta version firmware.

Not true, I’m using the 4.2.0 release3 and I’m having this problem.

Ver. 4.2.0 release4, same issue

Don’t understand what you mean “droped”. Pls explain.

I mean that it works for a while, then the connections are dropped. Example, I can watch 2 episodes of Netflix using the “VPN Policy Base On The Client Device” or policy “defined by IP address or domain name”, the when on the 3rd I lose connection to Netflix altogether.

On ver 4.2.1 rel2 beta now, and still same sh*t.

Netflix&Co. has various public IPs…

So? “defined by IP address or domain name”

Few domains but a lot of IP’s. The file on the post that I’ve linked is a good starter point.

So, do you plan to solve this problem or you don’t give a bleep?

Issue still unresolved.

Currently mwan3 and vpnpolicy not working well together. We’re consider to adopt a new way to organize multi-wan and policy routing, with a new kmod and change route tables.

Do you have an ETA to share?

Yo you got your brume 2 setup at all behind Wi-Fi router? I can’t seem to get it fully setup and working ):

Not me, my wifi access point is behind this FW.

This month. It will be version 4.5.