Well yes, it should be, otherwise openvpn won't work.Originally Posted by oldgringo
Student Computer Engineer
Well yes, it should be, otherwise openvpn won't work.
Junior Member
But up to version r5097 openvpn works also with fastnat set (no matter of value 1 or 2).
Student Computer Engineer
1 or 2?
you mean 0 = off and 1 = on?
According to lly, the proper way to turn it off is by doing:
0 should turn it off thoughCode:nvram unset misc_fastnat_x
Junior Member
No, I mean:
for activating of fastnat without url filter (fastest mode)Code:nvram set misc_fastnat_x=1 nvram commit
for activating of fastnat including url filter (slower, but still active).Code:nvram set misc_fastnat_x=2 nvram commit
By using
fastnat is completely dectivated.Code:nvram unset misc_fastnat_x nvram commit
not true nowadays, I've fixed fastnat & urlfiler coexistance to have almost no perfomance penalty and no control from userspace (values 1 or 2 or etc), it works automagically.
forget it about urlfilter since r5013,
fastnat control can be done via /proc/sys/net/netfilter/nf_conntrack_fastnat, 0 disabled, 1 enabled
fastnat state can be viewed via /proc/sys/net/netfilter/nf_conntrack_fastnat_http, 0 normal, 1 urlfiler-compatible mode
also, you can exclude any connection from being fastnated by iptables "-j MARK --set-mark" or "-j CONNMARK --set/and/or/xor-(x)mark"
issue you've faced with is new due recent tun driver kernel chages, and we need some time to handle it.
ASUS WL5xx: FW 1.9.2.7-d-rXXXX / îáñóæäåíèå ïðîøèâêè [RU] / firmware discussion [EN] | bip irc proxy
ASUS RT-N1x: FW 1.9.2.7-rtn-rXXXX / îáñóæäåíèå ïðîøèâêè [RU] / firmware discussion [EN] | fake ident daemon
Junior Member
You're right, since r5099 I can't handle some connections on routers connected through openvpn. It seems that tun interface is somehow broken.
Reply With Quote
