Hello,
I am using this wonderful Asuswrt-Merlin firmware for my RT-AC86U but having some issues with OpenVPN Server.
Firmware Version:384.19
Also using the addon YazFi.
I am able to successfully setup VPN Server - OpenVPN on the router, export my OpenVPN configuration file and import it on my android mobile and connect to my router remotely.
I have able to connect to my home network successfully at least several times a day but after less than a week I fail to connect using the OpenVPN Connect app on my phone.
If I export a new configuration file and import it again, I am able to reconnect.
I can't figure out why the configuration fails however.
Other points of note.
I have a HFC cable modem (NBN in Australia) connected to the WAN port of the ASUS RT-AC86U.
I am using pi-hole on my network (using a raspberry pi).
Here is some info from my logs:
Even though there are those errors I was able to connect yesterday.
I tried connecting today but I could not connect and there are no errors in the log regarding OpenVPN.
Also not sure if this is important but I noticed my external IP has changed in last night.
Could this be the issue, and the reason why why I export the configuration again it works?
I have also tried a clean reset of the router but the problem keeps returning.
Many thanks in advance.
I am using this wonderful Asuswrt-Merlin firmware for my RT-AC86U but having some issues with OpenVPN Server.
Firmware Version:384.19
Also using the addon YazFi.
I am able to successfully setup VPN Server - OpenVPN on the router, export my OpenVPN configuration file and import it on my android mobile and connect to my router remotely.
I have able to connect to my home network successfully at least several times a day but after less than a week I fail to connect using the OpenVPN Connect app on my phone.
If I export a new configuration file and import it again, I am able to reconnect.
I can't figure out why the configuration fails however.
Other points of note.
I have a HFC cable modem (NBN in Australia) connected to the WAN port of the ASUS RT-AC86U.
I am using pi-hole on my network (using a raspberry pi).
Here is some info from my logs:
Code:
Oct 28 18:35:26 ovpn-server1[2238]: client/14.201.92.222:40042 TLS ERROR: received control packet with stale session-id=f5312fd8 fba54c9d
Oct 28 18:35:27 ovpn-server1[2238]: client/14.201.92.222:40042 TLS ERROR: received control packet with stale session-id=f5312fd8 fba54c9d
Oct 28 18:35:28 ovpn-server1[2238]: client/14.201.92.222:40042 TLS ERROR: received control packet with stale session-id=f5312fd8 fba54c9d
Oct 28 18:35:29 ovpn-server1[2238]: client/14.201.92.222:40042 TLS ERROR: received control packet with stale session-id=f5312fd8 fba54c9d
Oct 28 18:35:30 ovpn-server1[2238]: client/14.201.92.222:40042 TLS ERROR: received control packet with stale session-id=f5312fd8 fba54c9d
Oct 28 18:35:31 ovpn-server1[2238]: client/14.201.92.222:40042 TLS ERROR: received control packet with stale session-id=f5312fd8 fba54c9d
Oct 28 18:35:33 ovpn-server1[2238]: client/14.201.92.222:40042 TLS ERROR: received control packet with stale session-id=f5312fd8 fba54c9d
Oct 28 18:35:36 ovpn-server1[2238]: client/14.201.92.222:40042 TLS ERROR: received control packet with stale session-id=f5312fd8 fba54c9d
Oct 28 18:35:50 ovpn-server1[2238]: client/14.201.92.222:40042 TLS ERROR: received control packet with stale session-id=f5312fd8 fba54c9d
Oct 28 18:35:50 ovpn-server1[2238]: client/14.201.92.222:40042 TLS ERROR: received control packet with stale session-id=f5312fd8 fba54c9d
Oct 28 18:36:05 ovpn-server1[2238]: client/14.201.92.222:40042 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Oct 28 18:36:05 ovpn-server1[2238]: client/14.201.92.222:40042 TLS Error: TLS handshake failed
Oct 28 18:36:05 ovpn-server1[2238]: client/14.201.92.222:40042 TLS ERROR: received control packet with stale session-id=f5312fd8 fba54c9d
Oct 28 18:36:20 ovpn-server1[2238]: client/14.201.92.222:40042 TLS ERROR: received control packet with stale session-id=f5312fd8 fba54c9d
Oct 28 18:36:23 ovpn-server1[2238]: client/14.201.92.222:40042 TLS ERROR: received control packet with stale session-id=f5312fd8 fba54c9d
Oct 28 18:36:27 ovpn-server1[2238]: client/14.201.92.222:40042 TLS ERROR: received control packet with stale session-id=f5312fd8 fba54c9d
Oct 28 18:36:36 ovpn-server1[2238]: client/14.201.92.222:40042 TLS ERROR: received control packet with stale session-id=f5312fd8 fba54c9d
Oct 28 18:36:51 ovpn-server1[2238]: client/14.201.92.222:40042 TLS ERROR: received control packet with stale session-id=f5312fd8 fba54c9d
Oct 28 18:36:53 ovpn-server1[2238]: client/14.201.92.222:40042 TLS ERROR: received control packet with stale session-id=f5312fd8 fba54c9d
Oct 28 18:37:08 ovpn-server1[2238]: client/14.201.92.222:40042 TLS ERROR: received control packet with stale session-id=f5312fd8 fba54c9d
Oct 28 18:37:20 ovpn-server1[2238]: client/14.201.92.222:40042 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Oct 28 18:37:20 ovpn-server1[2238]: client/14.201.92.222:40042 TLS Error: TLS handshake failed
Oct 28 18:37:22 ovpn-server1[2238]: client/14.201.92.222:40042 [UNDEF] Inactivity timeout (--ping-restart), restarting
Oct 28 18:37:22 ovpn-server1[2238]: client/14.201.92.222:40042 SIGUSR1[soft,ping-restart] received, client-instance restarting
Oct 28 18:39:02 ovpn-server1[2238]: 14.201.92.222:42503 TLS: Initial packet from [AF_INET]14.201.92.222:42503, sid=14ddcd85 fb3d2326
Oct 28 18:39:02 ovpn-server1[2238]: 14.201.92.222:42503 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=ASUS, OU=Home/Office, CN=RT-AC86U, emailAddress=me@asusrouter.lan
Oct 28 18:39:02 ovpn-server1[2238]: 14.201.92.222:42503 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=ASUS, OU=Home/Office, CN=client, emailAddress=me@asusrouter.lan
Oct 28 18:39:02 ovpn-server1[2238]: 14.201.92.222:42503 peer info: IV_VER=3.git:released:b08a6c37:Release
Oct 28 18:39:02 ovpn-server1[2238]: 14.201.92.222:42503 peer info: IV_PLAT=android
Oct 28 18:39:02 ovpn-server1[2238]: 14.201.92.222:42503 peer info: IV_NCP=2
Oct 28 18:39:02 ovpn-server1[2238]: 14.201.92.222:42503 peer info: IV_TCPNL=1
Oct 28 18:39:02 ovpn-server1[2238]: 14.201.92.222:42503 peer info: IV_PROTO=2
Oct 28 18:39:02 ovpn-server1[2238]: 14.201.92.222:42503 peer info: IV_IPv6=0
Oct 28 18:39:02 ovpn-server1[2238]: 14.201.92.222:42503 peer info: IV_GUI_VER=net.openvpn.connect.android_3.2.3-5597
Oct 28 18:39:02 ovpn-server1[2238]: 14.201.92.222:42503 peer info: IV_SSO=openurl
Oct 28 18:39:02 ovpn-server1[2238]: 14.201.92.222:42503 PLUGIN_CALL: POST /usr/lib/openvpn-plugin-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
Oct 28 18:39:02 ovpn-server1[2238]: 14.201.92.222:42503 TLS: Username/Password authentication succeeded for username 'homeassistant'
Oct 28 18:39:02 ovpn-server1[2238]: 14.201.92.222:42503 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 1024 bit RSA
Oct 28 18:39:02 ovpn-server1[2238]: 14.201.92.222:42503 [client] Peer Connection Initiated with [AF_INET]14.201.92.222:42503
Oct 28 18:39:02 ovpn-server1[2238]: client/14.201.92.222:42503 MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=(Not enabled)
Oct 28 18:39:02 ovpn-server1[2238]: client/14.201.92.222:42503 MULTI: Learn: 10.8.0.2 -> client/14.201.92.222:42503
Oct 28 18:39:02 ovpn-server1[2238]: client/14.201.92.222:42503 MULTI: primary virtual IP for client/14.201.92.222:42503: 10.8.0.2
Oct 28 18:39:02 ovpn-server1[2238]: client/14.201.92.222:42503 PUSH: Received control message: 'PUSH_REQUEST'
Oct 28 18:39:02 ovpn-server1[2238]: client/14.201.92.222:42503 SENT CONTROL [client]: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0 vpn_gateway 500,dhcp-option DNS 192.168.1.75,dhcp-option DNS 192.168.1.150,route-gateway 10.8.0.1,topology subnet,ping 15,ping-restart 60,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
Oct 28 18:39:02 ovpn-server1[2238]: client/14.201.92.222:42503 Data Channel: using negotiated cipher 'AES-256-GCM'
Oct 28 18:39:02 ovpn-server1[2238]: client/14.201.92.222:42503 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Oct 28 18:39:02 ovpn-server1[2238]: client/14.201.92.222:42503 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Even though there are those errors I was able to connect yesterday.
I tried connecting today but I could not connect and there are no errors in the log regarding OpenVPN.
Also not sure if this is important but I noticed my external IP has changed in last night.
Code:
Oct 28 21:48:29 dhcp_client: bound 203.123.109.178/255.255.255.128 via 203.123.109.129 for 600 seconds.
Oct 28 21:48:30 WAN_Connection: WAN was restored.
Could this be the issue, and the reason why why I export the configuration again it works?
I have also tried a clean reset of the router but the problem keeps returning.
Many thanks in advance.