I have a 3910 with a few ipsec vpns running and the firewall set to default:block, and 2 pages of firewall rules/filters set to allow traffic.

It's working fine except when I make any change to any firewall rule. Once I do that the VPNs stop flowing traffic and I have to manually drop the connection of each one so they reconnect and start working again.

Funny thing is, this router has a vpn to 3 other Drayteks, a Mikrotik, a Teltonika and a Cradlepoint, and it's only the vpn connections to the Drayteks that need to be disconnected/reconnected. The others carry on working.

I am running firmware 4.4.3.2 but I think it happened on the previous firmware too.



 

After some troubleshooting i've found a way to avoid this happening but i'm not sure if this should be needed or not:

Add a new firewall rule with:
Direction: Wan > Localhost
Service Type: Protocol: Other : 50
Filter: Pass If no further match