ASUS RT-AX86U slowed down to unrecoverable state (VPN related)

[pink.skyline]

Hello, my first post here. Let me know if I can provide more details or something.

ASUS RT-AX86U
386.5_2

My problem is the following:
I'm experimenting with some different setups within the 'VPN > VPN Client' menu. I was configuring NordVPN as one of the clients following the tutorial on their site.
I was switching the 'Client State' on and off a whole lot because I was troubleshooting some specific issue I had (outside of scope of this question).

That's when at one of such 'On'-presses, after initial loading screen, the whole router got slowed into a crawl.
Everything got extremely slow. I could not get to the dashboard getting 'connection reset' errors, the quality of the internet call a network client was in progressively degraded into nonexistent.
I could not get into the router anymore since my HTTP dashboard was off and HTTPS was too much too ask from the router. I restarted it. Auto-start of the VPN ensured I was locked out from my router for good.
I had barely a few seconds after the boot when the router dash would work then it would all freeze again. I had to reset the entire thing and upload me backup config.

Button in question:

This whole thing happened twice. Both times I pressed the 'Off' button to enable the config (I don't think I really changed config either, it was just a Off-On cycle).
Either way, this should not happen with any kind of bogus config (if there were any), this feels more sort of memory-leak/fork-bombing or some resource exhaustion scenario.
I could not get to any performance stats to confirm any of it.

Interestingly, there is a piece describing this situation in a different menu in a different VPN (Mullvad) guide for merlin located here: https://mullvad.net/en/help/asus-merlin-and-mullvad-vpn/
That states:

Note: Merlin firmware version 386.5_2 may fail this step and make the router inaccessible. If this happens you can install a newer firmware version or the older 386.5 instead.

So does any of this make sense? Is this a known issue?
I'm holding my breath every time I turn the clients VPNs on at this point.

 

[ColinTaylor]

IIRC the NordVPN instructions are badly written and were for an older firmware version. The main thing is to not change your WAN DNS servers to the NordVPN one's. Use "normal" WAN DNS server settings.

Regarding the Mullvad instructions, do not change the router's LAN DHCP settings. This would be bad advice regardless of who the VPN provider was.

 

[pink.skyline]

IIRC the NordVPN instructions are badly written and were for an older firmware version. The main thing is to not change your WAN DNS servers to the NordVPN one's. Use "normal" WAN DNS server settings.

Regarding the Mullvad instructions, do not change the router's LAN DHCP settings. This would be bad advice regardless of who the VPN provider was.

The DNS settings were not changed when the issue described happened.
The LAN DHCP settings were also not changed, I am referencing to the Mallvad guide as it is describing similar symptoms to my problem.
In either case the router should not freeze and lock me out like it did, whether instructions are good or bad.
I think this should be investigated if it's not a known issue at this point.
As I mentioned, the settings worked, then I pressed Off-On and it all broke, in other words it happens with a seemingly functioning configuration.

 

[ColinTaylor]

I've not personally experienced this, or remember seeing anybody else report it. But then I'm not constantly changing the VPN config and switching it on and off.

If it happens again save a copy of the router's syslog and upload it to pastebin.com so that we can take a look.

 

[Viktor Jaep]

The DNS settings were not changed when the issue described happened.
The LAN DHCP settings were also not changed, I am referencing to the Mallvad guide as it is describing similar symptoms to my problem.
In either case the router should not freeze and lock me out like it did, whether instructions are good or bad.
I think this should be investigated if it's not a known issue at this point.
As I mentioned, the settings worked, then I pressed Off-On and it all broke, in other words it happens with a seemingly functioning configuration.

The other really interesting thing to me would be some screenshots of your VPN client slots, as well as your WAN page. I've provided some screenshots at the link below on how I've configured NordVPN, and the custom config settings that seem to work really well:

vpnmon - VPNMON-R2 v2.0 -Jul 10, 2022- Monitor your VPN connection's Health (New: AMTM, Fastest Connection Switching + Nord/SurfShark/PerfectPrivacy) (#1)

v2.0 - Now with even more SuperRandom(tm) goodness!! Updated July 10 2022 Executive Summary: VPNMON-R2 v2.0 (VPNMON-R2.SH) is an all-in-one script that works for any VPN service of your choice, but is optimized for NordVPN, SurfShark VPN and Perfect Privacy VPN services. It can also compliment...

www.snbforums.com

 

[pink.skyline]

The other really interesting thing to me would be some screenshots of your VPN client slots, as well as your WAN page. I've provided some screenshots at the link below on how I've configured NordVPN, and the custom config settings that seem to work really well:

vpnmon - VPNMON-R2 v2.0 -Jul 10, 2022- Monitor your VPN connection's Health (New: AMTM, Fastest Connection Switching + Nord/SurfShark/PerfectPrivacy) (#1)

v2.0 - Now with even more SuperRandom(tm) goodness!! Updated July 10 2022 Executive Summary: VPNMON-R2 v2.0 (VPNMON-R2.SH) is an all-in-one script that works for any VPN service of your choice, but is optimized for NordVPN, SurfShark VPN and Perfect Privacy VPN services. It can also compliment...

www.snbforums.com

Due to me resetting the whole router, I can't guarantee that the pages you're asking me are exactly the same as when it froze, unfortunately.
For instance the custom config was the one from NordVPN guide:

remote-cert-tls server
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping-timer-rem
reneg-sec 0

#log /tmp/vpn.log

Other than that, it was probably the same. I now start do doubt myself if the DNS were changed too (as per guide). But I am fairly confident that the DNS were not NordVPN's when the freeze happened, they were most likely the usual (my pihole). Should not matter that much I suspect.

I perhaps should also mention that I had changed some NTP settings, but this was done weeks ago and I do not know if that is somehow connected to this or not. I know that the following linked thread (with no real explanation) describes something that I definitely can relate to.
https://www.snbforums.com/threads/v...ntp-does-not-work-suddenly.78467/#post-757684

It is mentioned that 'pool.ntp.org' is not reliable for instance, the one I was using. And it's mentioned that 'Intercept client NTP requests' set to 'Off' fixed it (mine was 'On' previously). As I said, don't know if connected or totally unrelated.

Configs you asked for, I hope you don't mind the redacted parts:

 

[Viktor Jaep]

Due to me resetting the whole router, I can't guarantee that the pages you're asking me are exactly the same as when it froze, unfortunately.
For instance the custom config was the one from NordVPN guide:


Other than that, it was probably the same. I now start do doubt myself if the DNS were changed too (as per guide). But I am fairly confident that the DNS were not NordVPN's when the freeze happened, they were most likely the usual (my pihole). Should not matter that much I suspect.

I perhaps should also mention that I had changed some NTP settings, but this was done weeks ago and I do not know if that is somehow connected to this or not. I know that the following linked thread (with no real explanation) describes something that I definitely can relate to.
https://www.snbforums.com/threads/v...ntp-does-not-work-suddenly.78467/#post-757684

It is mentioned that 'pool.ntp.org' is not reliable for instance, the one I was using. And it's mentioned that 'Intercept client NTP requests' set to 'Off' fixed it (mine was 'On' previously). As I said, don't know if connected or totally unrelated.

Configs you asked for, I hope you don't mind the redacted parts:
View attachment 41515View attachment 41516
View attachment 41517

Hmmm... yeah, other than may changing out your custom config with the one I have, it does seem to help speed things up a bit more. Everything else seems pretty normal. Then again, I don't use pihole, and I don't have my DNS configuration set to "strict" mostly due to me wanting to use DoH. I also don't have much experience with the killswitch (I don't have that enabled), and how it behaves if VPN goes down... but you'd think that would cause a lot of mayhem if it can't get out to the internet or resolve things. Perhaps shutting that off first and seeing how it behaves from there on out?

remote-random
resolv-retry infinite
remote-cert-tls server
ping 15
ping-restart 0
ping-timer-rem
persist-key
persist-tun
reneg-sec 0
fast-io
disable-occ
mute-replay-warnings
auth-nocache
sndbuf 524288
rcvbuf 524288
push "sndbuf 524288"
push "rcvbuf 524288"
pull-filter ignore "auth-token"
pull-filter ignore "ifconfig-ipv6"
pull-filter ignore "route-ipv6"
explicit-exit-notify 3
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450

 

[pink.skyline]

Had to give up on NordVPN due to various issues. A lot of troubleshooting with their support eventually led to "Our servers are fine, your setup is at fault".
After switching to a different provider all the issues automagically went away, so I figured that NordVPN tutorial is really bad. Their support kept insisting it is up to date and 100% functional despite many attempts to explain that is not the case.
The DNS should however not be responsible for any of this, as I was attempting to reach the router with the IP as well as the hostname, so at least the first one should have succeeded.
I guess I will avoid tampering too much with these settings, something is very unstable about them, causing this grind to halt for the entire system.

 

[Viktor Jaep]

Had to give up on NordVPN due to various issues. A lot of troubleshooting with their support eventually led to "Our servers are fine, your setup is at fault".
After switching to a different provider all the issues automagically went away, so I figured that NordVPN tutorial is really bad. Their support kept insisting it is up to date and 100% functional despite many attempts to explain that is not the case.
The DNS should however not be responsible for any of this, as I was attempting to reach the router with the IP as well as the hostname, so at least the first one should have succeeded.
I guess I will avoid tampering too much with these settings, something is very unstable about them, causing this grind to halt for the entire system.

Meh - I agree... I think their setup tutorial is pretty poor at best... it takes some digging on these forums on getting things right. But I've had pretty good luck now for over a year with NordVPN. It's definitely speedy. And my script randomly resets the connection at least 1x/day to a different city/country without a hiccup. Yeah, it definitely sounds like something got borked pretty bad. Glad you're back up & running!