RBR-850 v4.6.3.9 - Change in behavior.

Question

RBR-850 / AX6000&nbsp;Noticed an issue a few weeks ago attempting to SSH to a device that is located over a VPN tunnel. This had been working previously and it wasn't a big deal because the site had already been configured to allow client VPN and it's a low touch environment so I wasn't all that concerned. Being a network guy though this was like a splinter irritating my brain that i had to work out.&nbsp;So, I started doing some testing.The VPN peer tunnel interface IPs are on 10.255.255.0/30 my local is .1 and the far end is .2Local access is 10.1.0.0/24 - my client is DHCP, the gateway is .1 and my VPN appliance is .2I can ssh to the vpn appliance at 10.1.0.2 just fine and from there I can use ssh to ssh to the far end vpn appliance at 10.255.255.2Going further i can ssh to 10.20.0.1, and address on the remote side of the tunnel from the local vpn device.When I attempt to ssh to 10.20.0.1 from my local endpoint, the traffic goes to my default gateway (10.1.0.1, where a static route is entered and directs the traffic to 10.1.0.2 - I get an initial SSH prompt for my login name, and then the traffic times out. This happens every time.&nbsp;Ok, so i can get there from the VPN device but not my enpoint, both are on the same network.... what changed? I looked at the uptime om my RBR-850 it was 2 days, and a new firmware had just recently been released, which it had automagically upgraded to....&nbsp;Ok, so lets take the RBR out of the mix with a static route from my endpoint.... so I added a route table entry in my local endpoint that sends 10.20.0.0/24 to 10.1.0.2 and fired up an SSH attempt to 10.20.0.1 - it completed flawlessly.&nbsp;Great, so the router changed behavior with the new version. Examining the release notes however there was nothing that would indicate a change in behavior for async traffic flows (the flow would be async because the return traffic would egress out the local VPN device without having to hit the router as it would arp for the client being on the same network and all) or static routes. Ok well, I'll just downgrade to the previous version - but no, it looks like that is prevented. So I'm stuck here with a very expensive product that no longer functions the way i need it to....&nbsp;Please fix this firmware to restore this lost functionality.

FURRYe38 · Answer

Something to make contact with NG support and let me know what your seeing on v4.&nbsp;
&nbsp;
Ya i know. Something else I noticed the other day with mine. Factory reset and ran into all kinds of problems getting the RBS to conenect right and RBR would NOT go into AP modem. Low and behold I left the units unplugged and came back yesterday evening after work and the RBS connected correct and I was able to get into AP mode. Something caused the RBR and RBS to being some bad state, even after a reset, the power OFF for 24 hours then back ON, for unknown reasons fixed it. Orbi has been crazy for sure so even in this case, FR seemed to cause more problems then expected...at least on v4. Still, it's a valid troubleshooting item that we employ, I have seen it solve many many issues before time and time again. Now I need to employ a full power OFF as well. Lordy Lordy. Your not the only one with a LONG history in the computer field Sir. The first computer I touched was a dot matrix continuous paper fed computer with only a keyboard and conencted to sysop via analog dial up handheld phone modem.&nbsp;
&nbsp;
Get in contact with NG support what your seeing. I may take time for them to fix what ever that was broke so if you need your system to work before v4 was applied, you need to downgrade back to v3.&nbsp;

FURRYe38 · Answer

Has a factory reset and setup from scratch been performed since last FW update?&nbsp;

Sloanstar · Answer

No.There's about 30 static routes and 20 different port mappings.I guess I can factory reset it, and restore it from backed up settings, 'cause i'm not re-entering all that again.&nbsp;I appreciate the input and when i want to drop connectivity for my 40+ devices I'll give it a go, but honestly I'm not sure how in 2021 that can be an acceptable troubleshooting step. If it was 2004 and a wrt54g.... ok maybe.&nbsp;Semi-related, is there a way to prevent the RBR-850 from auto-upgrading?

FURRYe38 · Answer

Blocking the update services from a upstream router or firewall device.&nbsp;
Factory resets are still a valid troubleshooting option, even in 2021...
Also powering OFF the system for 1 minute then back ON as well.&nbsp;

Sloanstar · Answer

Yeah, power cycle I get and it is FAR less disruptive. (Has been done ~27 times w/ no change)Imagine having to wipe your HDD every time you took an apt upgrade / windows update. Wouldn't really be a viable product at that point.I could blackhole the DNS request easily enough w/ pihole. Anyone know what it is?

Forum Discussion

RBR-850 v4.6.3.9 - Change in behavior.

9 Replies