Device: Deco BE63 (2-node mesh)

Firmware: 1.2.10 Build 20251229 Rel. 42008

Bug Description:

With OpenVPN server enabled, VPN clients cannot access USB storage shares via SMB on the MAIN node, while the same access works fine on SATELLITE nodes.

Details:

- Main node IP: 192.168.68.1 (SanDisk USB drive attached)

- Satellite node IP: 192.168.71.250 (separate USB drive attached)

- VPN clients are assigned IPs in the 10.8.0.0/24 subnet

- SMB port 445 returns CONNECTION REFUSED from VPN clients to the main node

- SMB port 139 (NetBIOS) also returns CONNECTION REFUSED

- ICMP (ping), port 80 (HTTP) and port 21 (FTP) all work fine to the main node from VPN clients

- USB sharing via SMB works normally on the main node from LOCAL network clients

- USB sharing via SMB works normally on the satellite node from VPN clients

Conclusion:

The main node's firewall appears to be blocking SMB ports (445 and 139) specifically from the VPN subnet (10.8.0.0/24), while allowing all other traffic. This was not an issue in previous firmware versions.

Workaround:

FTP (port 21) access to the main node's USB share works from VPN clients and can be used as a temporary workaround.

Request:

Please fix the firewall rules on the main node to allow SMB access from VPN clients, consistent with the behavior on satellite nodes.