PIA OpenVPN client drops and doesn't reconnect

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Author Message
James2k
DD-WRT Guru


Joined: 23 Oct 2011
Posts: 549

PostPosted: Fri May 18, 2018 17:20    Post subject: PIA OpenVPN client drops and doesn't reconnect Reply with quote
Firmware: DD-WRT v3.0-r35550M kongac

I've noticed that my OpenVPN client connection to PIA is dropping and not reconnecting after seemingly inconsistent times. Sometimes after a day, a week, 20 days etc.

Running the service command gets things going again:

Code:
stopservice openvpn && startservice openvpn


This started happening around 6 months ago in newer builds, but I'm mindful this might not be anything related to DD-WRT.

This is my OpenVPN conf with all the merged NVRAM fields

Code:

ca /tmp/openvpncl/ca.crt
management 127.0.0.1 16
management-log-cache 100
verb 3
mute 3
syslog
writepid /var/run/openvpncl.pid
client
resolv-retry infinite
nobind
persist-key
persist-tun
script-security 2
dev tun1
proto udp
cipher aes-128-cbc
auth sha1
auth-user-pass /tmp/openvpncl/credentials
remote uk-london.privateinternetaccess.com 1198
comp-lzo adaptive
redirect-private def1
route-noexec
tun-mtu 1500
mtu-disc yes
fast-io
reneg-sec 0
ping 10
ping-restart 60
sndbuf 523216
rcvbuf 523216
remote-cert-tls server
disable-occ


Has anyone else who uses PIA experienced similar issues?

_________________
James

Main router:

Netgear R7000 overclocked to 1.2GHz - DD-WRT v3.0-r35965M kongac

IPv6 6in4 (HE.net), OpenVPN (with PBR and split tunnelling), Entware, dnsmasq with ipset

Easy ipset support for the R7000

VPN speed: Download: 77.96 Mbps Upload: 5.00 Mbps (AES-128-CBC HMAC-SHA1)

Yes you can get 50 Mbps+ with OpenVPN on a R7000 if you configure it properly!

Previous routers:

ASUS RT-N66U - The Dark Knight
WNR2000v3 - Bought on the cheap for someone else, neutered crap
WNR3500Lv1 - First venture into the DD-WRT world
Sponsor
colnago
DD-WRT User


Joined: 23 Oct 2014
Posts: 98

PostPosted: Sat May 19, 2018 4:59    Post subject: Reply with quote
Yes, I have seen this. It seems to be router-specific on the same build. An EA8500 does not drop and an R8000 does. The more recent firmware seems to have resolved it (on r35900m I have not seen it since release).

I also notice on startup the ea8500 connects but the r8000 does not and needs a service restart. That seems to be something to do with ntp initial update of the time, as the vpn connection does not work if the time has not been set yet.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Sat May 19, 2018 6:49    Post subject: Reply with quote
I am using the same build as @Colnago 35900M on my (non overclocked) R6400 no disconnects on PIA but the longest time I have used my client is about 4 days. (router is used for testing).
I am using the same settings as you are

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
James2k
DD-WRT Guru


Joined: 23 Oct 2011
Posts: 549

PostPosted: Sat May 19, 2018 7:15    Post subject: Reply with quote
Thanks for the input!

I've just updated to the latest TEST Kong build and I'll see how I go.

It's something I've been meaning to get around to.

Another problem I've found is my split tunnel stuff also gets wiped out by OpenVPN when it restarts (I assume this is due to the route-down/up script). I believe I've been able to solve that by adding a custom up script so all of the ip route stuff is executed each time the VPN comes back up.

Thanks,

James

_________________
James

Main router:

Netgear R7000 overclocked to 1.2GHz - DD-WRT v3.0-r35965M kongac

IPv6 6in4 (HE.net), OpenVPN (with PBR and split tunnelling), Entware, dnsmasq with ipset

Easy ipset support for the R7000

VPN speed: Download: 77.96 Mbps Upload: 5.00 Mbps (AES-128-CBC HMAC-SHA1)

Yes you can get 50 Mbps+ with OpenVPN on a R7000 if you configure it properly!

Previous routers:

ASUS RT-N66U - The Dark Knight
WNR2000v3 - Bought on the cheap for someone else, neutered crap
WNR3500Lv1 - First venture into the DD-WRT world
Redback813
DD-WRT Novice


Joined: 10 Nov 2015
Posts: 43

PostPosted: Wed May 23, 2018 20:07    Post subject: Reply with quote
I had the same issue, with PIA for some time till I came up with a solution to this issue for good, since then there are no issue!

Solution!
Is simple, login into the DD-WRT router, open the Administration tab, under Management tab, scroll down to section “Additional Cron Jobs”, in this section put the Cron job, without the quotes on a single line. So from here on out the VPN services will restart at 5am every morning. This is what solved the dropping and reconnect issue.

“0 5 * * * root stopservice openvpn; sleep 30; startservice openvpn #>/dev/null 2>&1”


Firmware: DD-WRT v3.0-r35030M kongac (02/19/1Cool
R8000
James2k
DD-WRT Guru


Joined: 23 Oct 2011
Posts: 549

PostPosted: Thu May 24, 2018 10:38    Post subject: Reply with quote
That's a good idea. So far after updating I haven't experienced the issue since, but having a cronjob restart the openservice regularly is a good idea if this does keep happening.

I think I did try that once, but tried to make it a little more aware by checking if the OpenVPN process was running. What I found however was when the OpenVPN service did go down in this way it was still reporting some weird process state so the stopservice/startservice never happened.

I guess making it more simpler and forcing it to restart out of hours regardless is probably the better option.

Thanks,

_________________
James

Main router:

Netgear R7000 overclocked to 1.2GHz - DD-WRT v3.0-r35965M kongac

IPv6 6in4 (HE.net), OpenVPN (with PBR and split tunnelling), Entware, dnsmasq with ipset

Easy ipset support for the R7000

VPN speed: Download: 77.96 Mbps Upload: 5.00 Mbps (AES-128-CBC HMAC-SHA1)

Yes you can get 50 Mbps+ with OpenVPN on a R7000 if you configure it properly!

Previous routers:

ASUS RT-N66U - The Dark Knight
WNR2000v3 - Bought on the cheap for someone else, neutered crap
WNR3500Lv1 - First venture into the DD-WRT world
Redback813
DD-WRT Novice


Joined: 10 Nov 2015
Posts: 43

PostPosted: Thu May 24, 2018 13:49    Post subject: Reply with quote
The reason it works, is the cron job, the 30 sec delay, is for a clean disconnection from your VPN provider, secondly it allow the router to clean itself up, and lastly to have a clean connection to the VPN services, this cron job has been running 12 months without issue, no disconnect, or dropout even after all this, since I have an app that tell me my router new VPN address every 24hrs.
If your still having issue, reboot the router, this help solve's 90% of all problems.
Cheers
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum