OpenVPN broken on Opal 4.8.3 Beta

I’ve noticed in 4.8.3 beta on Opal that OpenVPN routing isn’t working.

Before the Beta Upgrade:

^C# marmite# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: seq=0 ttl=116 time=283.980 ms
64 bytes from 8.8.8.8: seq=1 ttl=116 time=280.733 ms
^C
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 2 packets received, 33% packet loss
round-trip min/avg/max = 280.733/282.356/283.980 ms

marmite# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.0.200 0.0.0.0 UG 0 0 0 eth0.2
10.16.0.0 0.0.0.0 255.255.0.0 U 0 0 0 ovpnclient
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0.2
192.168.14.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan

marmite# traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 38 byte packets
1 10.16.0.1 (10.16.0.1) 275.413 ms 277.399 ms 278.903 ms
2 172.17.0.1 (172.17.0.1) 275.670 ms 276.892 ms 277.316 ms
3^C

After the beta upgrade, traffic is bypassing openvpn, and going straight out via the default gateway (ie the mangle iptable rule is being ignored):

marmite# ping -c3 8.8.8.8

PING 8.8.8.8 (8.8.8.8): 56 data bytes

64 bytes from 8.8.8.8: seq=0 ttl=118 time=4.908 ms
64 bytes from 8.8.8.8: seq=1 ttl=118 time=4.823 ms
64 bytes from 8.8.8.8: seq=2 ttl=118 time=4.353 ms

--- 8.8.8.8 ping statistics ---

3 packets transmitted, 3 packets received, 0% packet loss

round-trip min/avg/max = 4.353/4.694/4.908 ms

On the stable v4.3.25 firmware, GL.iNet's ROUTE_POLICY iptables rules and secondary routing tables are working flawlessly. The router's firewall is successfully intercepting your LAN traffic, stamping it with the correct OpenVPN mark, and seamlessly steering it into the VPN tunnel behind the scenes.

On the v4.8.3 beta, that entire background tagging system isn’t working.

It looks like the firmware assumes that Wireguard is being used for OpenVPN.

The most glaring issue I saw is that TUNNEL10_ROUTE_POLICY (the WireGuard mangle chain) was completely filled with packet counters, while TUNNEL100_ROUTE_POLICY (OpenVPN) was sitting at absolute zero.

Anyone else seen this?

Hi,

We checked locally and it seems that OpenVPN on Opal v4.8.3 beta6 is working properly.

image1789×913 66.1 KB

Could you please further clarify your set up and provide a screenshot of Admin Panel → VPN → VPN Dashboard?