New Member
Posts: 8
Registered: ‎11-03-2018

EdgeRouter4 and NordVPN with IP Host Group

NordVPN was working perfect until probably the 2.0 update.  Now when i enter a machine IP into the address group it will not route that IP thru vtun1 (Nord Tunnel).  Here are my configs

 

set firewall group address-group NordVPN_Hosts description 'NordVPN Machine IPs'
set interfaces openvpn vtun1 config-file /config/openvpn/us2489.nordvpn.com.udp.ovpn
set interfaces openvpn vtun1 description 'NordVPN Tunnel'
commit
set service nat rule 5001 description 'Masquerade for vtun1'
set service nat rule 5001 log disable
set service nat rule 5001 outbound-interface vtun1
set service nat rule 5001 protocol all
set service nat rule 5001 source group address-group NordVPN_Hosts
set service nat rule 5001 type masquerade
commit
set protocols static table 1 interface-route 0.0.0.0/0 next-hop-interface vtun1   
set firewall modify NORDVPN_ROUTE rule 1 action modify
set firewall modify NORDVPN_ROUTE rule 1 description 'traffic from Devices to vtun1'
set firewall modify NORDVPN_ROUTE rule 1 modify table 1
set firewall modify NORDVPN_ROUTE rule 1 source group address-group NordVPN_Hosts
set interfaces ethernet eth3 firewall in modify NORDVPN_ROUTE
commit
save

 
 
Any ideas?  Thanks in advance.
Highlighted
Established Member
Posts: 1,710
Registered: ‎05-03-2016
Kudos: 595
Solutions: 163

Re: EdgeRouter4 and NordVPN with IP Host Group

@mrjpsmith 

 

Although it is not causing your problem, you do not need the source group on the masq rule 5001 and you should remove it. It provides no benefit.

 

Are the addresses that are not working on eth3? Because only eth3 is linked to the modify ruleset. If the failing addresses are on some other interface, you need to replicate the last line before the last commit adjusted for interface. But you do not provide enough information to know. This is why you should always post your entire redacted config.

New Member
Posts: 8
Registered: ‎11-03-2018

Re: EdgeRouter4 and NordVPN with IP Host Group

Yes the IPs are all on eth3.  Sorry i wasnt sure how to export all config settings.


@karog wrote:

@mrjpsmith 

 

Although it is not causing your problem, you do not need the source group on the masq rule 5001 and you should remove it. It provides no benefit.

 

Are the addresses that are not working on eth3? Because only eth3 is linked to the modify ruleset. If the failing addresses are on some other interface, you need to replicate the last line before the last commit adjusted for interface. But you do not provide enough information to know. This is why you should always post your entire redacted config.


 

Established Member
Posts: 1,710
Registered: ‎05-03-2016
Kudos: 595
Solutions: 163

Re: EdgeRouter4 and NordVPN with IP Host Group

@mrjpsmith 

 

How to post config

 

Also read the first post in that thread.

New Member
Posts: 8
Registered: ‎11-03-2018

Re: EdgeRouter4 and NordVPN with IP Host Group

[ Edited ]
Spoiler
 
New Member
Posts: 8
Registered: ‎11-03-2018

Re: EdgeRouter4 and NordVPN with IP Host Group

still looking for any advice.  Thanks in advance

New Member
Posts: 8
Registered: ‎11-03-2018

Re: EdgeRouter4 and NordVPN with IP Host Group

So i downgraded the firmware back to 1.10.9 and everything works again.  Were there any changes to config or code requirements to break thus function on 2.0.1 or is the new firmware just garbage?

New Member
Posts: 8
Registered: ‎11-03-2018

Re: EdgeRouter4 and NordVPN with IP Host Group

So i downgraded the firmware back to 1.10.9 and everything works again.  Were there any changes to config or code requirements to break thus function on 2.0.1 or is the new firmware just garbage?