Posted: Thu Apr 27, 2017 18:07 Post subject: OpenVPN client fails to start automatically after reboot
I've entered and saved my VPN client settings settings on http://192.168.1.1 -> Services -> VPN. When clicking "Apply Settings" on that same page, the client starts and connects immediately. Under Status -> OpenVPN it says State: Client: CONNECTED SUCCESS as expected and I can browse the internet with my VPN's IP.
However, if I reboot or power cycle the router, the OpenVPN client fails to start. I have to manually start it either by simply clicking the Apply settings button again, or by running the command startservice openvpn.
So basically everything works fine except the OpenVPN client won't start automatically after reboot.
Here's the contents of /var/log/messages during a reboot:
Code:
Jan 1 01:00:11 DD-WRT syslog.info syslogd started: BusyBox v1.26.2
Jan 1 00:00:11 DD-WRT user.info : syslogd : syslog daemon successfully started
Jan 1 00:00:11 DD-WRT user.info : telnetd : telnet daemon successfully started
Jan 1 00:00:11 DD-WRT user.info : cron : cron daemon successfully started
Jan 1 00:00:11 DD-WRT cron.info cron[850]: (CRON) STARTUP (fork ok)
Jan 1 00:00:11 DD-WRT user.info : wland : WLAN daemon successfully started
Jan 1 00:00:11 DD-WRT user.info : openvpn : OpenVPN daemon (Client) starting/restarting...
Jan 1 00:00:11 DD-WRT user.info : vpn modules : vpn modules successfully unloaded
Jan 1 00:00:11 DD-WRT user.info : vpn modules : nf_conntrack_proto_gre successfully loaded
Jan 1 00:00:11 DD-WRT user.info : vpn modules : nf_nat_proto_gre successfully loaded
Jan 1 00:00:12 DD-WRT user.info : vpn modules : nf_conntrack_pptp successfully loaded
Jan 1 00:00:12 DD-WRT user.info : vpn modules : nf_nat_pptp successfully loaded
Jan 1 00:00:12 DD-WRT daemon.warn openvpn[858]: WARNING: file '/tmp/openvpncl/client.key' is group or others accessible
Jan 1 00:00:12 DD-WRT daemon.warn openvpn[858]: WARNING: file '/tmp/openvpncl/credentials' is group or others accessible
Jan 1 00:00:12 DD-WRT daemon.notice openvpn[858]: OpenVPN 2.4.1 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 24 2017
Jan 1 00:00:12 DD-WRT daemon.notice openvpn[858]: library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.09
Jan 1 00:00:12 DD-WRT daemon.notice openvpn[930]: MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
Jan 1 00:00:12 DD-WRT daemon.warn openvpn[930]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Jan 1 00:00:12 DD-WRT daemon.warn openvpn[930]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 1 00:00:12 DD-WRT user.info : dnsmasq : dnsmasq daemon successfully started
Jan 1 00:00:12 DD-WRT user.info : ttraff : traffic counter daemon successfully started
Jan 1 00:00:12 DD-WRT daemon.warn openvpn[930]: WARNING: Your certificate is not yet valid!
Jan 1 00:00:12 DD-WRT daemon.notice openvpn[930]: TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx:yyy
Jan 1 00:00:12 DD-WRT daemon.notice openvpn[930]: Socket Buffers: R=[180224->180224] S=[180224->180224]
Jan 1 00:00:12 DD-WRT daemon.notice openvpn[930]: UDPv4 link local: (not bound)
Jan 1 00:00:12 DD-WRT daemon.notice openvpn[930]: UDPv4 link remote: [AF_INET]xxx.xxx.xxx.xxx:yyy
Jan 1 00:00:13 DD-WRT user.info : vpn modules : vpn modules successfully unloaded
Jan 1 00:00:13 DD-WRT user.info : vpn modules : nf_conntrack_proto_gre successfully loaded
Jan 1 00:00:13 DD-WRT user.info : vpn modules : nf_nat_proto_gre successfully loaded
Jan 1 00:00:13 DD-WRT user.info : vpn modules : nf_conntrack_pptp successfully loaded
Jan 1 00:00:13 DD-WRT user.info : vpn modules : nf_nat_pptp successfully loaded
Jan 1 00:00:13 DD-WRT user.info : process_monitor successfully started
Jan 1 00:00:13 DD-WRT user.info : wland : WLAN daemon successfully stopped
Jan 1 00:00:13 DD-WRT user.info : wland : WLAN daemon successfully started
Jan 1 00:00:13 DD-WRT user.info : WAN is up. IP: zzz.zzz.zzz.zzz
Jan 1 00:00:13 DD-WRT user.info : openvpn : OpenVPN daemon (Client) successfully stopped
Jan 1 00:00:13 DD-WRT daemon.err openvpn[930]: event_wait : Interrupted system call (code=4)
Jan 1 00:00:13 DD-WRT daemon.notice openvpn[930]: SIGTERM[hard,] received, process exiting
Apr 27 15:55:59 DD-WRT user.info : cron : cron daemon successfully stopped
Apr 27 15:56:00 DD-WRT daemon.debug process_monitor[1092]: Restarting cron (time sync change)
Apr 27 15:56:00 DD-WRT daemon.debug process_monitor[1092]: We need to re-update after 3600 seconds
Apr 27 15:56:00 DD-WRT daemon.info process_monitor[1092]: set timer: 3600 seconds, callback: ntp_main()
Apr 27 15:56:00 DD-WRT user.info : cron : cron daemon successfully started
Apr 27 15:56:00 DD-WRT cron.info cron[1108]: (CRON) STARTUP (fork ok)
Apr 27 15:56:02 DD-WRT user.info : NAS : NAS lan (wl0 interface) successfully started
Apr 27 15:56:03 DD-WRT user.info : syslogd : syslog daemon successfully stopped
Apr 27 17:56:03 DD-WRT syslog.info syslogd exiting
Apr 27 17:56:03 DD-WRT syslog.info syslogd started: BusyBox v1.26.2
Apr 27 15:56:03 DD-WRT user.info : resetbutton : resetbutton daemon successfully started
Apr 27 15:56:12 DD-WRT user.debug : ttraff: data collection started
Apr 27 15:57:07 DD-WRT auth.info login[1303]: root login on 'pts/0'
Any ideas?
I'm using an Asus RT-AC66U B1 with /betas/2017/04-24-2017-r31899/asus-rt-ac68u/asus_rt-ac68u-firmware.trx
I just realized that this problem does not occur if I disconnect the WAN cable before rebooting. However, as soon as I connect the WAN cable again after a reboot, the OpenVPN client dies and has to be manually started again.
(Btw., the WAN port on this router is connected to a LAN port on another router which is connected to the internet (LAN-WAN cascade setup)).
I don't have a chained router setup, but I find it significant that OpenVPN goes down when you hookup the WAN cable. It smells like a scripting issue.
It's long past time to post the contents of your /tmp/openvpncl/openvpn.conf file, obscuring MAC and IP addresses of course.
Do you have any scripts in /jffs/etc/config per the Script Execution Wiki? Maybe the VPN tunnel is getting trashed by a .prewall or .wanup script. If your OpenVPN Additional Config has a route-up, route-pre-down, up, and/or down clause, there could be a problem in those scripts. _________________ [Broadcom] Asus rt-ac66u r35531 ('66 should only be factory reset through the DD UI)
Fix RT-AC66U "wl1 [2.4 GHz TurboQAM]". DD-WRT failsafe UI @ http|https://169.254.255.1/
I tried removing the other router, so it's just this one with its WAN port connected to my ISP. I also restored default settings in dd-wrt, re-entered all the OpenVPN settings and rebooted. No other settings changed.
Still exactly the same problem. The OpenVPN client dies on WAN up, but otherwise works fine.
Posted: Sat Apr 29, 2017 0:49 Post subject: Linux kernel 4.4 vs. 3.10 vs. OpenVPN 2.4.1?
Hmm you've got an rt-ac66u rev b1 with the ARM cpu, running an rt-ac68u build. Maybe there's something wonky running OpenVPN in the 4.4.63 kernel. My '66 has a MIPS cpu running the 3.10.105 kernel. _________________ [Broadcom] Asus rt-ac66u r35531 ('66 should only be factory reset through the DD UI)
Fix RT-AC66U "wl1 [2.4 GHz TurboQAM]". DD-WRT failsafe UI @ http|https://169.254.255.1/
I'm having the same issue. This used to work fine on older versions of dd-wrt, but since moving to 33555 (to fix KRACK), my VPN does not come up by itself any more after reboots. Any suggestions? I tried the
Code:
route-delay 20
setting but that had no effect.
FWIW, I also noticed that DNS resolving of the VPN server failed. When replacing with the IP address of the VPN server, I don't see any messages regarding the VPN after reboot in the syslog any more, only after manually clicking "Apply Settings" in the VPN settings pane.