I have been experiencing some very problematic behavior with ROS 7.1.3. Whenever I create an OVPN client, add any firewall rules and then try to send a TCP packet over the VPN tunnel, the router crashes and kernel panics. The behavior only seems to occur on the CCR1009 and I have confirmed this is a problem on 2 seperate routers. Other routers (RB2011, HeX) do not exhibit this behavior.
In order to replicate, I take the default configuration, add a dhcp client (to get internet):
/ip dhcp-client add interface=ether2
Add the ovpn client
/interface ovpn-client add certificate=cert_export_client.crt_0 cipher=aes128 connect-to=w.x.y.z mac-address=02:50:2C:A8:2C:C6 name=ovpn-out1 profile=default-encryption protocol=udp user=username password=password
and add a single firewall rule
/ip firewall filter add action=accept chain=input
And then try to telnet to the VPN server (over the VPN):
/system telnet 10.2.1.130 port=179
At this point the router kernel panics, and reboots. I can ping across the tunnel no problem, the issue seems to be limited to TCP packets
If I remove all firewall rules, I am able to telnet to the server without issue. if the firewall rule is disabled (but still present) the same kernel panic happens.
I think this is a fairly serious bug and I have not yet managed to find a workaround (other then removing all firewall rules, which is not possible due to security concerns)