cplay
Senior Member
Hello Everyone,
Would love some of your intelligent feedback on quite an irritating issue - I am sure there are many of you who will most likely know why this is happening and how to fix!
So,
I have two OPVN clients set up on client 1 and client 3 on my router.
Astrill in client 1 and Torguard in Client 3.
Astrill has only 3 IP addresses that use it (192.168.1.7/8/9), Torguard has all addresses after 192.168.1.10
They are both set up with a kill switch and policy rules (strict).
The issue is this:
Every 24 hours my ISP changes my IP, the new ip renews on the router perfectly BUT Astrill (openvpn client 1) fails to connect and provides this error:
Nov 1 15:39:05 kernel: eth0 (Int switch port: 3) (Logical Port: 3) Link DOWN.
Nov 1 15:39:08 kernel: eth0 (Int switch port: 3) (Logical Port: 3) Link UP 1000 mbps full duplex
Nov 1 15:40:24 ovpn-client1[28358]: 192 variation(s) on previous 20 message(s) suppressed by --mute
Nov 1 15:40:24 ovpn-client1[28358]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Nov 1 15:40:24 ovpn-client1[28358]: TLS Error: TLS handshake failed
Not only does it fail to connect, but it ALSO blocks internet access to ALL addresses in the 192.168.1.xxx range INCLUDING all of the IP addresses in the Torguard policy rules section. Torguard vpn client reconnects perfectly and has no TLS handshake issue BUT there is no access to the internet as client 1 is blocking access to the internet of all the 192.168.1xxx range even though I have only specified for Astrill (client 1) to be used on only 3 devices not the entire range.
So, to summarise I have two issues;
1. Astrill VPN TLS Handshake failing every 24 hours when the ISP changes IP.
This causes issue number two:
2. Client 1 (Astrill VPN) then blocks internet access to ALL clients on the 192.168.1.xxx range instead of just 192.168.1.7/8/9.
The only way to fix this is to turn off client 1, disable auto start of client 1 and then restart the router.
I have attached to the thread my settings and policy rules for both of the clients in case I am just configuring something wrong.
I have attached below custom config for each client;
Client 1;
setenv FORWARD_COMPATIBLE 1
setenv UV_SERVERID 429
mssfix 1418
link-mtu 1418
ns-cert-type server
tls-version-min 1.2 or-highest
push-peer-info
explicit-exit-notify
mute 20
mute-replay-warnings
max-routes 1000
block-outside-dns
fast-io
Client 3;
remote-cert-tls server
resolv-retry infinite
tls-version-min 1.2
tun-mtu-extra 32
fast-io
Would love some of your intelligent feedback on quite an irritating issue - I am sure there are many of you who will most likely know why this is happening and how to fix!
So,
I have two OPVN clients set up on client 1 and client 3 on my router.
Astrill in client 1 and Torguard in Client 3.
Astrill has only 3 IP addresses that use it (192.168.1.7/8/9), Torguard has all addresses after 192.168.1.10
They are both set up with a kill switch and policy rules (strict).
The issue is this:
Every 24 hours my ISP changes my IP, the new ip renews on the router perfectly BUT Astrill (openvpn client 1) fails to connect and provides this error:
Nov 1 15:39:05 kernel: eth0 (Int switch port: 3) (Logical Port: 3) Link DOWN.
Nov 1 15:39:08 kernel: eth0 (Int switch port: 3) (Logical Port: 3) Link UP 1000 mbps full duplex
Nov 1 15:40:24 ovpn-client1[28358]: 192 variation(s) on previous 20 message(s) suppressed by --mute
Nov 1 15:40:24 ovpn-client1[28358]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Nov 1 15:40:24 ovpn-client1[28358]: TLS Error: TLS handshake failed
Not only does it fail to connect, but it ALSO blocks internet access to ALL addresses in the 192.168.1.xxx range INCLUDING all of the IP addresses in the Torguard policy rules section. Torguard vpn client reconnects perfectly and has no TLS handshake issue BUT there is no access to the internet as client 1 is blocking access to the internet of all the 192.168.1xxx range even though I have only specified for Astrill (client 1) to be used on only 3 devices not the entire range.
So, to summarise I have two issues;
1. Astrill VPN TLS Handshake failing every 24 hours when the ISP changes IP.
This causes issue number two:
2. Client 1 (Astrill VPN) then blocks internet access to ALL clients on the 192.168.1.xxx range instead of just 192.168.1.7/8/9.
The only way to fix this is to turn off client 1, disable auto start of client 1 and then restart the router.
I have attached to the thread my settings and policy rules for both of the clients in case I am just configuring something wrong.
I have attached below custom config for each client;
Client 1;
setenv FORWARD_COMPATIBLE 1
setenv UV_SERVERID 429
mssfix 1418
link-mtu 1418
ns-cert-type server
tls-version-min 1.2 or-highest
push-peer-info
explicit-exit-notify
mute 20
mute-replay-warnings
max-routes 1000
block-outside-dns
fast-io
Client 3;
remote-cert-tls server
resolv-retry infinite
tls-version-min 1.2
tun-mtu-extra 32
fast-io