ASUS AC86U after disable DHCP -- NTP SYNC Error ( VPN won't start)

OLDTECHY

New Around Here
My ASUS AC86U ( updated with MERLIN firmware) to run OpenVPN service (PIA).
Until I made the ASUS setting changes discussed below, all was good ( AFIK).
----
This ASUS AC86U router is LAN wired to gateway device provided by the ISP (ATT Fiber).
(Router and Gateway Devices are ~66 ft. apart)
Originally, both devices had DHCP enabled and had different IP subnets.
Both devices use unique WiFi name SSID's


current issue : ASUS AC86U [after disable DHCP] -- NTP SYNC Error ( VPN won't start)
A) the ASUS WRT Merlin OPENVPN service with PIA VPN will NOT complete "... Connecting..."
B) the ASUS AC86U router repeatedly reports "NTP SYNC ERROR"

These issues may be related and started when I got the bright idea to disable the DHCP service on this ASUS router.
This was so that all my connected IP devices would have the local IP's assigned by the ATT Gateway device which would keep all devices on same subnet for management convenience.
That plan worked as desired. all devices have internet access (PC's, Tablet, ECHO-show, Firestick, Ring)

After the DHCP service is disabled, the OPenVPN Client service never attains service state "ON " - ( reports "connecting")

Is this caused by or related to (NTP SYNC error) as I suspect?

Is there a setting change, workaround, or fix to this problem that would allow all my connected IP devices to still be on same subnet and use both the Gateway and Asus router ?

I have included some images of ASUS setup webpages that may explain...
thank you

ADMIN SYSTEM  NTP.PNGDHCP  DISabled.PNGLog  SYNC Erro.PNGPIA VPN connecting.PNGWAN setting.PNG
 

ColinTaylor

Part of the Furniture
I don't really follow how you've got you two routers wired together. The WAN socket on the Asus needs to be connected to the LAN socket on the gateway router. Both routers must have different LAN subnets. The Asus must be in "router mode". (I'm assuming the gateway device is also a router - maybe that's not the case?)

Without a working connection the the internet the Asus will not be able to set the correct date and time. And without the correct date and time the VPN will not start.
 

OLDTECHY

New Around Here
I don't really follow how you've got you two routers wired together. The WAN socket on the Asus needs to be connected to the LAN socket on the gateway router. Both routers must have different LAN subnets. The Asus must be in "router mode". (I'm assuming the gateway device is also a router - maybe that's not the case?)

Without a working connection the the internet the Asus will not be able to set the correct date and time. And without the correct date and time the VPN will not start.
---------
SIR:
Yes ATT Gateway is Full-featured WiFi Router

IF it will help FIX my Described Issue :
Can you SUPPORT / detail your strong (NEED MUST, MUST) statements :
AS you write
" The WAN socket on the Asus needs to be connected to the LAN socket on the gateway router.
Both routers must have different LAN subnets.
The Asus must be in "router mode" "


thank you
 
Last edited:

ColinTaylor

Part of the Furniture
Asus has integrated the VPN client and server into the router's "router mode". That is why those options disappear from the GUI if you switch to "AP mode".

In router mode the Asus expects to be connected to the upstream device through its WAN port. A router "routes" between two different networks. For example, if the upstream device has a network of 192.168.1.1/24 the Asus' LAN network cannot be the same (or overlap).
 

GSpock

Senior Member
WAN connection type would be Automatic IP. Everything else would be whatever you want it to be.
in this config, does it mean it will have to do double nating, if you want to reach from internet a device connected to the ASUS (assuming the public ip address is the same for both router) ?
thx
 

ColinTaylor

Part of the Furniture
in this config, does it mean it will have to do double nating, if you want to reach from internet a device connected to the ASUS (assuming the public ip address is the same for both router) ?
thx
Yes double NAT. The ISP router would have the public IP address and the Asus would have a private IP address.
 

Jeffrey Young

Regular Contributor
Yes, you will have a double NAT (both routers will not get the save public IP). The ISP router will have the public IP at it's WAN and the ASUS will have an IP provided by the ISP Router at it's WAN.

To reach the ASUS router from the internet, you will need to setup a port forward rule on the ISP router (have the ISP router hand out a fixed IP address to your ASUS Router and then set up a port forward rule on the ISP Router to forward all traffic received on the VPN port onto the ASUS IP Address.

Another option - if nothing else is connected to the ISP Router (only the ASUS router is connected), can you set the ISP Router to be a bridge, then use your ASUS as the primary router?

EDIT: Colin beat me to the punch :)
 

GSpock

Senior Member
@ColinTaylor & @Jeffrey Young thanks for your answers.

@Jeffrey Young : in what you explained (do not get why VPN is mentioned!) regarding port fwd, would definning the ASUS router as DMZ on the ISP router do the job ? rather than port fwd all needed ports ?

N.B.: no way to put ISP modem/router in bridge mode, I currently connect the ASUS router via PPPoE so that it gets a second pulic IP address, but it could be this possibility will be supressed in the future
 

ColinTaylor

Part of the Furniture
@GSpock Putting the Asus in the DMZ of the ISP router is exactly the same creating a forwarding rule for all ports. Some routers have a special pass-through mode, e.g. DMZPlus. I think @Jeffrey Young mentioned VPN because that is the subject of this thread, although it is only relevant for the VPN server not the VPN client.
 
Last edited:

OLDTECHY

New Around Here
"
current issue : ASUS AC86U [after disable DHCP] -- NTP SYNC Error ( VPN won't start)
A) the ASUS WRT Merlin OPENVPN service with PIA VPN will NOT complete "... Connecting..."
B) the ASUS AC86U router repeatedly reports "NTP SYNC ERROR"
"
thank you for all the comments. I have read and re-read them all a number of times..
I may be missing the conclusion , so if there is a solution, fix , workaround to my posted issue,
_ can someone summarize for me, the corrective steps to "FIX" my issue ?

thank you
p.s. while still maintaining the "Disabled" ASUS DHCP ( i.e. all connected IP devices on same Subnet )
 

ColinTaylor

Part of the Furniture
p.s. while still maintaining the "Disabled" ASUS DHCP ( i.e. all connected IP devices on same Subnet )
As I explained in post #4 I don't believe this is possible. At least not without modifying the router's normal design with user scripts. I suggest you go back to your original configuration of two separate subnets.


If you want to experiment you could try adding a default static route on the Asus that points to your ATT gateway. That might solve the NTP error. So for example, if your ATT gateway address was 192.168.200.1 the static route would be:

Untitled.png
 
Last edited:

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top