Joined: 24 Mar 2015 Posts: 175 Location: Tacoma, Wa
Posted: Sat Apr 08, 2017 16:12 Post subject: R7000 - VPN disconnects - no auto reconnect
Firmware: DD-WRT v3.0-r31780M kongac (03/26/17)
I've configured my R7000 to use OpenVPN client mode. After about 24 hours the VPN connection ends but doesn't get renewed. What am I *not* doing correctly in the configuration? Can someone point me to a troubleshooting guide? Thanks.
you didn’t say what service you are using but judging from the the selected server/ip name in the screenshot you are using privateinternetaccess.com. So if that's correct according to your screenshot you still need to complete the Additional Config, see Step 16.
EDIT: on a side note my vpn disconnects from time to time as well so I don’t know if the above will resolve your issue but that field is missing so it can’t hurt. Another thing you could try is entering an IP instead of the server name.
Joined: 24 Mar 2015 Posts: 175 Location: Tacoma, Wa
Posted: Sat Apr 08, 2017 21:06 Post subject:
05dyna wrote:
you didn’t say what service you are using but judging from the the selected server/ip name in the screenshot you are using privateinternetaccess.com. So if that's correct according to your screenshot you still need to complete the Additional Config, see Step 16.
EDIT: on a side note my vpn disconnects from time to time as well so I don’t know if the above will resolve your issue but that field is missing so it can’t hurt. Another thing you could try is entering an IP instead of the server name.
Sorry about that.. yea I figured showing that PrivateInternetAccess.com in the screencap would suffice.. I'll be more verbose next time.
I did have the additional config settings that they specified:
Code:
persist-key
persist-tun
tls-client
remote-cert-tls server
However I never got a connection to work at all. I've tried again but this time only using persist-key and persist-tun. I've also set a KeepAlive (I found an article over at Flashrouters after posting here).
We'll see how it goes and if it improves. Thanks! _________________ Routers:
Netgear R8000 - DD-WRT v3.0-r43420 std (06/15/20)
Netgear R9000 - DD-WRT v3.0-r43420 std (06/15/20)
I have a few different dd-wrt routers and have been trying to find which one has the best vpn speed. In any case I don’t know if this will do you any good but if it not working for you currently give this a try.
My first vpn router was the D-Link DIR-868L-A1 with PIA. At that point PIA was more like Pain in Ass than Private Internet Access service. It look me a few days to figure this out. To get my DIR-868L-A1 to work I kept the User Pass Authentication option disabled and entered the username/password as per the startup script for the PIA dd-wrt Old build instructions and it worked fine for several months. Basically that is the only difference in the two sets of instructions. See if that works for you, its Step 23 for Older dd-wrt build
Joined: 24 Mar 2015 Posts: 175 Location: Tacoma, Wa
Posted: Sat Apr 22, 2017 20:54 Post subject:
05dyna wrote:
I have a few different dd-wrt routers and have been trying to find which one has the best vpn speed. In any case I don’t know if this will do you any good but if it not working for you currently give this a try.
My first vpn router was the D-Link DIR-868L-A1 with PIA. At that point PIA was more like Pain in Ass than Private Internet Access service. It look me a few days to figure this out. To get my DIR-868L-A1 to work I kept the User Pass Authentication option disabled and entered the username/password as per the startup script for the PIA dd-wrt Old build instructions and it worked fine for several months. Basically that is the only difference in the two sets of instructions. See if that works for you, its Step 23 for Older dd-wrt build
I think you might be onto something with this... Kong stated in this thread http://www.dd-wrt.com/phpBB2/viewtopic.php?p=1075932#1075932 that the issue was that I was using the wrong cipher (which would be the easy answer given one of the warning messages that I shared elsewhere):
Code:
Apr 22 11:45:19 R8000 daemon.warn openvpn[2183]: WARNING: 'cipher' is used inconsistently, local='cipher AES-128-CBC', remote='cipher BF-CBC'
However after making the changes you mentioned (using a password file and disabling the User Pass Authentication), now I'm able to stay connected.. when a disconnect occurs I still get the same cipher warning of course.. but re-authentication works now without a hitch.
I'll see about filing a ticket as a defect (tho I'm sure I'll be told it's my problem and not dd-wrt's problem). _________________ Routers:
Netgear R8000 - DD-WRT v3.0-r43420 std (06/15/20)
Netgear R9000 - DD-WRT v3.0-r43420 std (06/15/20)
Joined: 24 Mar 2015 Posts: 175 Location: Tacoma, Wa
Posted: Tue Apr 25, 2017 13:23 Post subject:
Update: still have the same problem @ecg the warning about the inconsistent ciphers is gone, but I get a disconnect and on reconnect I'm told "AUTH: Received control message: AUTH_FAILED"
It did last a lot longer tho. About 12 hours. _________________ Routers:
Netgear R8000 - DD-WRT v3.0-r43420 std (06/15/20)
Netgear R9000 - DD-WRT v3.0-r43420 std (06/15/20)
Question: The router running VPN, do you have SPI Firewall disabled?
I was getting error messages (don't recall the openvpn error message in syslog) but it was on my 2nd R7000 where the WAN was connected to a vlan switch and had disabled the SPI Firewall. Re-enabling SPI Firewall stopped the error messages. _________________ Home Network on Telus 1Gb PureFibre - 10GbE Copper Backbone
2x R7800 - Gateway & WiFi & 3xWireGuard - DDWRT r53562 Std k4.9
Off Site 1
R7000 - Gateway & WiFi & WireGuard - DDWRT r54517 Std
E3000 - Station Bridge - DDWRT r49626 Mega K4.4
Off Site 2
R7000 - Gateway & WiFi - DDWRT r54517 Std
E2000 - Wired ISP IPTV PVR Blocker - DDWRT r35531
I'm using IPVanish and after about 10 days of being connected the connection dies and never restarts unless I re-apply the GUI OpenVPN Client.
This is on my parents (build 31160) router logs on the last few lines when the openvpn client dies (after 10 days of openvpn uptime, only edited the IP to xxx...)
I have been doing a lot of searching on the web for some kind of answer. And did come across that maybe openvpn command "persist-tun" maybe the cause. So I looked up the command definition:
-persist-tun
Don't close and reopen TUN/TAP device or run up/down scripts across SIGUSR1 or --ping-restart restarts.
SIGUSR1 is a restart signal similar to SIGHUP, but which offers finer-grained control over reset options.
The GUI OpenVPN Client it automatically adds persist-tun to the configuration and the only way around not having persist-tun added to the config is to create your own openvpn startup script. I'm currently testing a script to see if I can surpass 2-weeks of OpenVPN Client uptime. _________________ Home Network on Telus 1Gb PureFibre - 10GbE Copper Backbone
2x R7800 - Gateway & WiFi & 3xWireGuard - DDWRT r53562 Std k4.9
Off Site 1
R7000 - Gateway & WiFi & WireGuard - DDWRT r54517 Std
E3000 - Station Bridge - DDWRT r49626 Mega K4.4
Off Site 2
R7000 - Gateway & WiFi - DDWRT r54517 Std
E2000 - Wired ISP IPTV PVR Blocker - DDWRT r35531
Joined: 24 Mar 2015 Posts: 175 Location: Tacoma, Wa
Posted: Wed Apr 26, 2017 0:15 Post subject:
I think what's happening is that I'm getting inactivity timeout (which makes sense) I'm not always using the channel right now and then the attempt to reconnect is failing even tho the credentials haven't changed. But I *thought* that I had set up the configuration to use some kind of keepalive..
Keepalive basically uses ping & ping-restart commands but the persist-tun command disallows it for doing it's job. I believe the TUN/TAP connection needs to restart for the reconnection start up correctly.
The server should take care of any ping and ping-restart so I don't think the client needs it. Also persist-remote-ip is useful for static IPs but can be a problem for dynamic IPs which most VPN Services providers use. I have described persist-tun which doesn't like to 'let-go' of the TUN/TAP connection.
I've created a script without keepalive,ping,ping-restart,persist-tun & persist-remote-ip in the openvpn configuration to see if I will get a constant re-connect when it needed to from the VPN server. _________________ Home Network on Telus 1Gb PureFibre - 10GbE Copper Backbone
2x R7800 - Gateway & WiFi & 3xWireGuard - DDWRT r53562 Std k4.9
Off Site 1
R7000 - Gateway & WiFi & WireGuard - DDWRT r54517 Std
E3000 - Station Bridge - DDWRT r49626 Mega K4.4
Off Site 2
R7000 - Gateway & WiFi - DDWRT r54517 Std
E2000 - Wired ISP IPTV PVR Blocker - DDWRT r35531
Joined: 24 Mar 2015 Posts: 175 Location: Tacoma, Wa
Posted: Wed Apr 26, 2017 4:59 Post subject:
If your results end up in success please share the configuration changes.. I'll try them here. thanks! _________________ Routers:
Netgear R8000 - DD-WRT v3.0-r43420 std (06/15/20)
Netgear R9000 - DD-WRT v3.0-r43420 std (06/15/20)