Have Merlin + RT86U + OpenVPN Server: OVPN configuration 'expires' for lack of better term

[mdover]

Would appreciate a little help here if possible. I'm probably missing something simple.

As per the title, my OVPN configuration file seems to 'expire' after an undetermined amount of time. It's happened twice now. The first was after multiple months of working properly, the second time was just now and probably a month since the last time.

I have the certificates on a few devices (including two firesticks which are a pain in the butt to update), so it is a bit of a hassle to export new configuration files and install on the handful of devices I've imported them to. I've now had to update them twice over a 4-5 week span.

Any idea why they would expire and what I might do to avoid it?

Thanks

 

[mdover]

Anyone have insight?

 

[RMerlin]

What does your log says?

 

[mdover]

What does your log says?

I don't get any response in the log when I try to connect from the OVPN configuration files that no longer connect. I went back and looked at when I exported the prior one which no longer works and it was March 12th. The one I created March 31st continues to function and is acknowledged in the log when I toggle it on from my phone.

I recall seeing something flash on screen with 'renew' when I was troubleshooting an overall connection error with my ISP and I ignored it, maybe if I hit 'renew' it would have kept them active? I have no idea why I would be presented with the renew button while dealing with a network problem and I don't know if that might be coincidence or related.

'Renew' gives the warning below, so I didn't select it as it appears I'd need to update all my OVPN configuration files if I did.
"Do you want to regenerate your keys and certificates? This will require updating your client config files afterward."

So in summary, I stumped why my OVPN configuration files have stopped working twice now (once after a few months, once after about 3 weeks) and if there is anything I can do to avoid it. The reason I posted here is they are being generated by the router and I do have Merlin installed as well.

Thank you for any assistance.

 

[RMerlin]

I don't get any response in the log when I try to connect from the OVPN configuration files that no longer connect.

You have to look on the client side, not the server side. It will tell you what's failing.

My first guess is your config file isn't using DDNS, so every time your IP changes, your config file stops working. That can be diagnosed by seeing the client log stating it's unable to connect at all with the server.

 

[mdover]

Hey Mr. Merlin - I think you solved it, thanks!

I went through my old OVPN config files and compared to the current and the DDNS name changed.

In my oldest, it had DDNS host name 'A'. Then I had a router failing so I swapped my node with my primary router and setup the old node from factory (and made my primary a node) and I lost my host name in the process as I forgot to deregister it. I'll bet that's when the old OVPN file failed.

Then I setup new OVPN files and they had IP addresses rather than host names as the remote address, so I presume I set them up prior to registering my new host name 'B'. I probably sat down for an hour or two and just redid all setting in my router at once and it probably never occurred to me that the host name should be assigned prior to the OVPN config file generation. I'm not certain that this is what happened, but it seems very plausible.

And most recently, my ISP had a shut down for network upgrades last week and I'll bet my IP changed in the process - hence the OVPN config file can no longer 'call home'.

So - I've now generated new config files that have my current host name 'B' and I'll upload them into my firesticks and so on.

I really appreciate the help. I didn't want to have to update these files every few weeks at random intervals but now it seems there's a pretty clear explanation for what happened.

I can provide the log from the iphone / client if you'd like, but at this point I think with your guidance I now have the cause and how to manage it.

 

[RMerlin]

I can provide the log from the iphone / client if you'd like

No need to. The log would have probably shown that either the hostname couldn't be resolved, or that connecting would fail before even reaching the TLS stage.