asus ac68u merlin 386 openvpn issue

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

sat4all

Occasional Visitor
Hello

Just setup openvpn and i cant connect via phone or laptop client, i test pptp and all works but not openvpn when i try to connect i can see my phone ip on openvpn server tab but under username is UNDEF and is not connected



Common Name
Username
Real Address
Virtual Address
MBytes ReceivedMBytes SentConnected Since
Clients
UNDEF192.168.0.105:542810.000.002021-06-27 10:41:30
UNDEF192.168.0.105:416830.000.002021-06-27 10:42:00
UNDEF192.168.0.105:431740.000.002021-06-27 10:41:50


Any help please

logs

10:33:57.901 -- ----- OpenVPN Start -----

10:33:57.901 -- EVENT: CORE_THREAD_ACTIVE

10:33:57.902 -- OpenVPN core 3.git:released:662eae9a:Release android arm64 64-bit PT_PROXY

10:33:57.902 -- Frame=512/2048/512 mssfix-ctrl=1250

10:33:57.902 -- UNUSED OPTIONS
4 [resolv-retry] [infinite]
5 [nobind]
7 [ncp-ciphers] [CHACHA20-POLY1305:AES-128-GCM:AES-256-GCM:AES-128-CBC:AES-256-CB...]

10:33:57.903 -- EVENT: RESOLVE

10:33:57.979 -- Contacting 1.25.10.4:1195 via UDP

10:33:57.980 -- EVENT: WAIT

10:33:57.986 -- Connecting to [v.hopto.org]:1195 (1.25.10.4) via UDPv4

10:34:07.903 -- Server poll timeout, trying next remote entry...

10:34:07.904 -- EVENT: RECONNECTING

10:34:07.907 -- EVENT: RESOLVE

10:34:07.918 -- Contacting 1.25.10.4:1195 via UDP

10:34:07.918 -- EVENT: WAIT

10:34:07.921 -- Connecting to [v.hopto.org]:1195 (1.25.20.4) via UDPv4

10:34:17.906 -- Server poll timeout, trying next remote entry...

10:34:17.907 -- EVENT: RECONNECTING

10:34:17.910 -- EVENT: RESOLVE

10:34:17.917 -- Contacting 1.25.10.4:1195 via UDP

10:34:17.917 -- EVENT: WAIT

10:34:17.924 -- Connecting to [v.hopto.org]:1195 (1.25.10.4) via UDPv4

10:34:27.909 -- Server poll timeout, trying next remote entry...

10:34:27.910 -- EVENT: RECONNECTING

10:34:27.911 -- EVENT: RESOLVE

10:34:27.915 -- Contacting 1.25.10.4:1195 via UDP

10:34:27.915 -- EVENT: WAIT

10:34:27.917 -- Connecting to [v.hopto.org]:1195 (1.25.10.4) via UDPv4

Why is showing port 1195 not 1194 in Merlin is the default port is change to 1195 ?

Port 1195 fixed and try to connect even without ddns but still no luck


10:57:45.701 -- Server poll timeout, trying next remote entry...

10:57:45.702 -- EVENT: RECONNECTING

10:57:45.705 -- EVENT: RESOLVE

10:57:45.707 -- Contacting 1.25.10.4:1194 via UDP

10:57:45.708 -- EVENT: WAIT

10:57:45.727 -- Connecting to [1.25.10.4]:1194 (1.25.10.4) via UDPv4

10:57:55.703 -- Server poll timeout, trying next remote entry...

10:57:55.704 -- EVENT: RECONNECTING

10:57:55.707 -- EVENT: RESOLVE

10:57:55.719 -- Contacting 1.25.10.4:1194 via UDP

10:57:55.719 -- EVENT: WAIT

10:57:55.722 -- Connecting to [1.25.10.4]:1194 (1.25.10.4) via UDPv4

10:58:05.705 -- Server poll timeout, trying next remote entry...

10:58:05.706 -- EVENT: RECONNECTING

10:58:05.709 -- EVENT: RESOLVE

10:58:05.719 -- Contacting 1.25.10.4:1194 via UDP

10:58:05.720 -- EVENT: WAIT

10:58:05.723 -- Connecting to [1.25.10.4]:1194 (1.25.10.4) via UDPv4

10:58:15.714 -- Server poll timeout, trying next remote entry...

10:58:15.715 -- EVENT: RECONNECTING

10:58:15.747 -- EVENT: RESOLVE

10:58:15.766 -- Contacting 1.25.10.4:1194 via UDP

10:58:15.767 -- EVENT: WAIT

10:58:15.773 -- Connecting to 1.25.10.4:1194 (1.25.10.4) via UDPv4

10:58:25.708 -- Server poll timeout, trying next remote entry...

10:58:25.715 -- EVENT: RECONNECTING

10:58:25.718 -- EVENT: RESOLVE


Client config

# Config generated by Asuswrt-Merlin 386.2, requires OpenVPN 2.4.0 or newer.

client
dev tun
proto udp
remote 1.25.10.4 1194
resolv-retry infinite
nobind
float
ncp-ciphers AES-128-CBC
keepalive 15 60
auth-user-pass
remote-cert-tls server
<ca>

when i had original asus fw all was working but i was get max 13Mbps download on openvpn, than i upload Merlin with hope i can get at least 25Mbps but instead of that vpn not working at all ;)

i follow also this link but with no luck
 
Last edited:

Tech9

Very Senior Member
Not sure what your configuration is, but let me test that for you. Here is an example of a working OpenVPN server, port 1032 and TCP. Change the port and the protocol the way you like. Username/password - router's username/password. The port is open on my firewall, of course.

Untitled_ovpn1.jpg


Untitled_ovpn2.jpg


Setup process takes about 2 minutes, including OpenVPN app config file import on an iPhone. I had to restart the VPN server after setting it up because the connected iPhone wasn't picking up the DNS servers. After the restart all runs as it should. I can see my home ISP and my DNS on the iPhone now.
 

sat4all

Occasional Visitor
Not sure what your configuration is, but let me test that for you. Here is an example of a working OpenVPN server, port 1032 and TCP. Change the port and the protocol the way you like. Username/password - router's username/password. The port is open on my firewall, of course.

View attachment 34668

View attachment 34669

Setup process takes about 2 minutes, including OpenVPN app config file import on an iPhone. I had to restart the VPN server after setting it up because the connected iPhone wasn't picking up the DNS servers. After the restart all runs as it should. I can see my home ISP and my DNS on the iPhone now.
This is my setup on

merlin 386​

#which version are you running ?
1624904835030.png


and this i see in the server

Common Name
Username
Real Address
Virtual Address
MBytes ReceivedMBytes SentConnected Since
Clients
UNDEF192.168.0.105:542810.000.002021-06-27 10:41:30
UNDEF192.168.0.105:416830.000.002021-06-27 10:42:00
UNDEF192.168.0.105:431740.000.002021-06-27 10:41:50

192.168.0.105 is my android ph

and is not connection establish and app show this in the log

10:57:45.701 -- Server poll timeout, trying next remote entry...

10:57:45.702 -- EVENT: RECONNECTING

10:57:45.705 -- EVENT: RESOLVE

10:57:45.707 -- Contacting 1.25.10.4:1194 via UDP

10:57:45.708 -- EVENT: WAIT

10:57:45.727 -- Connecting to [1.25.10.4]:1194 (1.25.10.4) via UDPv4

10:57:55.703 -- Server poll timeout, trying next remote entry...

10:57:55.704 -- EVENT: RECONNECTING

10:57:55.707 -- EVENT: RESOLVE

10:57:55.719 -- Contacting 1.25.10.4:1194 via UDP

10:57:55.719 -- EVENT: WAIT

10:57:55.722 -- Connecting to [1.25.10.4]:1194 (1.25.10.4) via UDPv4

10:58:05.705 -- Server poll timeout, trying next remote entry...
 

Tech9

Very Senior Member
which version are you running ?

Works on both 384/386. My test router is AC66U_B1 on 384.18, the version before VPN re-write, but the same setup works on 386.2_4 and 386.2_6. I was testing few days back the VPN performance between 384 and 386. Found it better on 384. The router is the same hardware as yours and runs the same firmware.
 

sat4all

Occasional Visitor
Works on both 384/386. My test router is AC66U_B1 on 384.18, the version before VPN re-write, but the same setup works on 386.2_4 and 386.2_6. I was testing few days back the VPN performance between 384 and 386. Found it better on 384. The router is the same hardware as yours and runs the same firmware.
I will try 384.18 , thx
 

sat4all

Occasional Visitor
which one you will advise ? i need stable and fast vpn server connected to one client.

I use that to get ip from a different country
Both 384 and 386 firmware branches have pros and cons. Decide what firmware you prefer, OpenVPN server works on any firmware I have tried.
 

Tech9

Very Senior Member
which one you will advise ?

If the router is used as stand alone device, I would use 384.18, AiProtection enabled, Adaptive QoS with fq_codel (if needed) and DoT to Quad9 or Unbound with DNS firewall enabled. This way the router is safe and running mature firmware. If the router is used in AiMesh setup, I believe 386.2_6 is a better option with AiMesh 2.0 support. It's still buggy, but Asus is working on it. There is a Traffic Monitor spikes bug in 386, not resolved yet, no more fq_codel with Adaptive QoS (you need to use FlexQoS, I believe), Guest Network 1 is unstable, etc. It comes with dnsmasq fixes and you don't need workarounds. So, it really depends what you are going to use the router for. If your concern is OpenVPN server, it works on both 384/386.
 

sat4all

Occasional Visitor
If the router is used as stand alone device, I would use 384.18, AiProtection enabled, Adaptive QoS with fq_codel (if needed) and DoT to Quad9 or Unbound with DNS firewall enabled. This way the router is safe and running mature firmware. If the router is used in AiMesh setup, I believe 386.2_6 is a better option with AiMesh 2.0 support. It's still buggy, but Asus is working on it. There is a Traffic Monitor spikes bug in 386, not resolved yet, no more fq_codel with Adaptive QoS (you need to use FlexQoS, I believe), Guest Network 1 is unstable, etc. It comes with dnsmasq fixes and you don't need workarounds. So, it really depends what you are going to use the router for. If your concern is OpenVPN server, it works on both 384/386.
Thank you for your advise :)

For me main propose is to have 40Mbps speed (as i have 500/50 speed) on openvpn client on my laptop and i am very happy that merlin can do that because i test that today and is really works , dont know yet if is stable and will not start dropping connection but under testing.

1625013692745.png


For me dont need any security/AiMesh, router working at home in one country and if i am in the other country i can still have local ip for bits and pieces.
384.18 looks ok and my gratitude for Merlin team i never get that far with openwrt and gargoyle but that was maybe due to hardware limitation of TP-link and ubiquity.

I think i test asus stock and that show me only 15mbps on vpn client.

openvpn test on 240/25Mbps

1625012672826.png


During my testing lost the connection to vpn :(


GUI from WAN some time is all-over the place

1625013062691.png
 

Attachments

  • 1625012603736.png
    1625012603736.png
    24.1 KB · Views: 20
  • 1625013015734.png
    1625013015734.png
    305.8 KB · Views: 21
Last edited:

sat4all

Occasional Visitor
You don't need to have Web Access from WAN enabled when you have OpenVPN server running.
hello

I have to because gateway is the same if localy put 192.168.0.254 that will pick up my router but anyway that can be fix
 

Tech9

Very Senior Member
Enabling Web Access from WAN is a security risk. VPN connection gives you access to the GUI.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top