What's new

OpenVPN client (ExpressVPN) on Asus Merlin 386.1 not uploading correctly? VPN client disconnects after midnight.

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Daniel LaRusso

Occasional Visitor
Something strange is happening to my OpenVPN file after I upload it to the client tab. I'll select the file and upload, it states it's successful, but then reloads and disappears, but everything seems to be connected. However, about every two days, it disconnects in the middle of the night and when I wake up, the VPN is off. My log is flooded with: "ovpn-client1[29111]: AEAD Decrypt error: bad packet ID (may be a replay)" messages. There's also a log that reads: "ns-cert-type is DEPRECATED. Use remote-cert-tls instead. I've uploaded some screenshots. Don't know why the OpenVPN file reloads after uploading it, then basically disappears. Would appreciate any help or hints.
 

Attachments

  • Screen Shot 2021-02-18 at 11.43.03 AM.png
    Screen Shot 2021-02-18 at 11.43.03 AM.png
    209.7 KB · Views: 185
  • Screen Shot 2021-02-18 at 9.50.05 AM.png
    Screen Shot 2021-02-18 at 9.50.05 AM.png
    305 KB · Views: 156
  • Screen Shot 2021-02-18 at 9.49.29 AM.png
    Screen Shot 2021-02-18 at 9.49.29 AM.png
    377.9 KB · Views: 146
  • Screen Shot 2021-02-18 at 9.49.00 AM.png
    Screen Shot 2021-02-18 at 9.49.00 AM.png
    524.5 KB · Views: 160
Something strange is happening to my OpenVPN file after I upload it to the client tab. I'll select the file and upload, it states it's successful, but then reloads and disappears, but everything seems to be connected. However, about every two days, it disconnects in the middle of the night and when I wake up, the VPN is off. My log is flooded with: "ovpn-client1[29111]: AEAD Decrypt error: bad packet ID (may be a replay)" messages. There's also a log that reads: "ns-cert-type is DEPRECATED. Use remote-cert-tls instead. I've uploaded some screenshots. Don't know why the OpenVPN file reloads after uploading it, then basically disappears. Would appreciate any help or hints.
I forgot to add, I'm using an ASUS RT-AC86U.
 
The warning about ns-cert-type is just that; a warning. It has nothing to do w/ this problem. It can be eliminated by NOT including that directive, which I presume was added to the custom config field (by now, I would assume the GUI is no longer using it).

As for the rest of it …


P.S. Dealing w/ this name resolution problem might also be solvable by using Strict for "Accept DNS configuration", since then at least your ISP's DNS servers are still available as a backup and accessible over the WAN. The one downside is if for some reason the VPN provider's DNS servers fail (highly unlikely but you have to at least acknowledge the possibility), then of course you have the potential for a DNS leak. That's why many users prefer Exclusive, but it *may* be problematic in some cases.

Of course, the other option is to NOT use a domain name at all for the Server Address field (or additional remote directives) and instead explicit IPs, but that would make use of the OpenVPN client a bit of a hassle. But at the very least it would prove this was the problem if the OpenVPN client was to continue working normally.
 
Last edited:
I am having the exact same problem on a RT-AC68P

After a good while receiving the "ovpn-client1[29111]: AEAD Decrypt error: bad packet ID (may be a replay)" messages my router resets the wan , with this messages:

ovpn-client1[6325]: AEAD Decrypt error: bad packet ID (may be a replay): [ #408806 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
WAN(0)_Connection: ISP's DHCP did not function properly.
WAN(0)_Connection: WAN was restored.

The AEAD Decrypt rrrors continue appearing but clients remain blocked until I reset the OpenVPN connection.

So the problem is not exclusive to the RT-AX88

Here is my current OpenVPN configuration:
1613679399348.png


Any help, would be appreciated
 
I am having the exact same problem on a RT-AC68P

After a good while receiving the "ovpn-client1[29111]: AEAD Decrypt error: bad packet ID (may be a replay)" messages my router resets the wan , with this messages:

ovpn-client1[6325]: AEAD Decrypt error: bad packet ID (may be a replay): [ #408806 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
WAN(0)_Connection: ISP's DHCP did not function properly.
WAN(0)_Connection: WAN was restored.

The AEAD Decrypt rrrors continue appearing but clients remain blocked until I reset the OpenVPN connection.

So the problem is not exclusive to the RT-AX88

Here is my current OpenVPN configuration:
View attachment 30930

Any help, would be appreciated
I actually reached out to ExpressVPN's support chat, and the support staff told me that it seemed as if the OpenVPN file was not properly uploaded/imported because the file should still show up in the GUI. I don't know if this is unique to Asus Merlin, but after importing the OpenVPN file, the page reloads and it "disappears." However, I am connected to the VPN. Maybe this is just something that is unique to Merlin?
 
OpenVPN file, the page reloads and it "disappears."

This is normal. Settings are applied to the router, the router does not use the config file itself.
 
This is normal. Settings are applied to the router, the router does not use the config file itself.
Oh ok, thanks for the explanation. The support person at ExpressVPN was telling me this was unusual and could be a problem. Good to know this isn’t the culprit.
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top