But up to version r5097 openvpn works also with fastnat set (no matter of value 1 or 2).
No, I mean:
for activating of fastnat without url filter (fastest mode)Code:nvram set misc_fastnat_x=1 nvram commit
for activating of fastnat including url filter (slower, but still active).Code:nvram set misc_fastnat_x=2 nvram commit
By using
fastnat is completely dectivated.Code:nvram unset misc_fastnat_x nvram commit
not true nowadays, I've fixed fastnat & urlfiler coexistance to have almost no perfomance penalty and no control from userspace (values 1 or 2 or etc), it works automagically.
forget it about urlfilter since r5013,
fastnat control can be done via /proc/sys/net/netfilter/nf_conntrack_fastnat, 0 disabled, 1 enabled
fastnat state can be viewed via /proc/sys/net/netfilter/nf_conntrack_fastnat_http, 0 normal, 1 urlfiler-compatible mode
also, you can exclude any connection from being fastnated by iptables "-j MARK --set-mark" or "-j CONNMARK --set/and/or/xor-(x)mark"
issue you've faced with is new due recent tun driver kernel chages, and we need some time to handle it.
ASUS WL5xx: FW 1.9.2.7-d-rXXXX / îáñóæäåíèå ïðîøèâêè [RU] / firmware discussion [EN] | bip irc proxy
ASUS RT-N1x: FW 1.9.2.7-rtn-rXXXX / îáñóæäåíèå ïðîøèâêè [RU] / firmware discussion [EN] | fake ident daemon
You're right, since r5099 I can't handle some connections on routers connected through openvpn. It seems that tun interface is somehow broken.