Hi,
I have an issue with Open VPN, specifically after moving to Merlin's implementation from the default Asus implementation on my Asus RT-AC66U B1.
This is a bit wordy, but here's the situation:
I have two Synology NAS devices. One lives in my house, the other lives in a remote location.
Open VPN Server is setup on my Asus RT-AC66U B1. The remote NAS is a VPN client.
The two NAS's then use Synology's Hyper Backup package to backup various folders to each other.
I believe that Hyper Backup is just a fancy version of rsync.
A few months ago, one Hyper Backup job started failing as the destination was 'corrupted'.
(Hyper Backup runs data integrity checks on a schedule to check if data can be restored. If it finds an issue, it flags the destination as corrupt and future jobs will fail.)
The job in question backs up a folder that contains a small number (6 to 8) of disk image backups created by Acronis True Image. Each file is about 50GB in size.
The issue has never occurred for any other hyper backup job, so I suspect that the problem is to do with the large files.
I've had a support case open with Synology about this for some time and Synology's conclusion is that I should move to newer devices that support the btrfs file system, which is probably a fair comment.
However, I recently realised that the problem started just after I upgraded my router with the merlin firmware. I had then reconfigured Open VPN with my own certs etc.
(I think I didn't suspect this change as the culprit straight away as the jobs only run weekly and I was slow to set them up again after moving to the merlin firmware. I've also only had vpn issues in the past where devices would just fail to connect, so I just assumed that if the device was connected then everything would work - which it mostly has.)
As part of the troubleshooting from the Synology support case, I brought the remote NAS to my house and after running the same backup job over the local network I do not get the destination corrupt issue.
Based on this I've concluded that there must be some difference in the open vpn configurations of the Asus default and Merlin firmwares that is causing this issue.
I've not had this issue using the Asus firmware / open vpn implementation.
I've looked at the client and server config files and found the following differences:
'sndbuf 0' and 'rcvbuf 0' in both client and server config on the default firmware but not merlin firmware
'txqueuelen 1000' in server config on merlin firmware but not default firmware (open vpn default value seems to be 100)
'topology subnet' in server config on merlin firmware but not default firmware (open vpn default value is net30)
'setenv unit 1' in server config on default firmware but not merlin firmware - I don't know what this is for.
I have tried changing the sndbuf, rcvbuf and txqueuelen values to match the default firmware as they seem most relevant to the issue, but none of these have had any effect.
The other values don't seem like they would have an impact on this.
I would be grateful if anyone had any idea what might be causing this issue, or had any ideas on what I might try next to try and fix this?
TL;DR - are there any differences between the open vpn configuration in the stock and merlin firmware, that might impact an rsync based task transferring very large files?
Sorry for the wall of text, hopefully the context is helpful.
Thanks so much for reading!
I have an issue with Open VPN, specifically after moving to Merlin's implementation from the default Asus implementation on my Asus RT-AC66U B1.
This is a bit wordy, but here's the situation:
I have two Synology NAS devices. One lives in my house, the other lives in a remote location.
Open VPN Server is setup on my Asus RT-AC66U B1. The remote NAS is a VPN client.
The two NAS's then use Synology's Hyper Backup package to backup various folders to each other.
I believe that Hyper Backup is just a fancy version of rsync.
A few months ago, one Hyper Backup job started failing as the destination was 'corrupted'.
(Hyper Backup runs data integrity checks on a schedule to check if data can be restored. If it finds an issue, it flags the destination as corrupt and future jobs will fail.)
The job in question backs up a folder that contains a small number (6 to 8) of disk image backups created by Acronis True Image. Each file is about 50GB in size.
The issue has never occurred for any other hyper backup job, so I suspect that the problem is to do with the large files.
I've had a support case open with Synology about this for some time and Synology's conclusion is that I should move to newer devices that support the btrfs file system, which is probably a fair comment.
However, I recently realised that the problem started just after I upgraded my router with the merlin firmware. I had then reconfigured Open VPN with my own certs etc.
(I think I didn't suspect this change as the culprit straight away as the jobs only run weekly and I was slow to set them up again after moving to the merlin firmware. I've also only had vpn issues in the past where devices would just fail to connect, so I just assumed that if the device was connected then everything would work - which it mostly has.)
As part of the troubleshooting from the Synology support case, I brought the remote NAS to my house and after running the same backup job over the local network I do not get the destination corrupt issue.
Based on this I've concluded that there must be some difference in the open vpn configurations of the Asus default and Merlin firmwares that is causing this issue.
I've not had this issue using the Asus firmware / open vpn implementation.
I've looked at the client and server config files and found the following differences:
'sndbuf 0' and 'rcvbuf 0' in both client and server config on the default firmware but not merlin firmware
'txqueuelen 1000' in server config on merlin firmware but not default firmware (open vpn default value seems to be 100)
'topology subnet' in server config on merlin firmware but not default firmware (open vpn default value is net30)
'setenv unit 1' in server config on default firmware but not merlin firmware - I don't know what this is for.
I have tried changing the sndbuf, rcvbuf and txqueuelen values to match the default firmware as they seem most relevant to the issue, but none of these have had any effect.
The other values don't seem like they would have an impact on this.
I would be grateful if anyone had any idea what might be causing this issue, or had any ideas on what I might try next to try and fix this?
TL;DR - are there any differences between the open vpn configuration in the stock and merlin firmware, that might impact an rsync based task transferring very large files?
Sorry for the wall of text, hopefully the context is helpful.
Thanks so much for reading!