OpenVPN Client no longer connecting

[58chev]

I was trying to VPN into home yesterday and my client would not connect.

First 5 lines of my client1.ovpn file
client
dev tun
proto udp
remote **********.asuscomm.com 9915
float

So when I got home, I checked the router and it had a renewed WAN IP.

I exported a new client.ovpn file and noticed that line 4 had the IP Address and not FQDN.

Imported the new files and my client now connects.

How do I get my PC or Phone to forget the old IP tied to the FQDN?

I'd hate to have to resort to changing the client file every time I get a new WAN IP Assigned to my router.

om my PC ran ipconfig /flushdns and powershell command Clear-DnsClientCache with no luck.

 

[eibgrad]

Aren't you using a DDNS that you keep updated w/ the DDNS client in the router (Advanced Settings->WAN->DDNS)??

 

[58chev]

@eibgrad,
These are the settings on that page. OpenVPN running for almost a year before this issue a couple of days ago. I don't recall doing anything with the settings on this page.

Enable the DDNS Client Yes
Method to retrieve WAN IP Internal
Server WWW.ASUS.COM
Host Name *********.asuscomm.com
Forced update interval (in days) 21
HTTPS/SSL Certificate Let's Encrypt
Server Certificate
Status : OK
Issued to : *******.asuscomm.com
SAN : *******.asuscomm.com
Issued by : Let's Encrypt Authority X3
Expires on : 2019/5/20


How would that affect what my work PC or cell phone sees for an IP address associated with my DDNS name?

 

[eibgrad]

The purpose of DDNS is to associate a domain name that you keep updated w/ the current public IP assigned to your WAN. You then reference that DDNS name in your OpenVPN client (PC, phone, etc.) so it always has the correct remote IP.

 

[58chev]

Do my settings that I posted up look OK?

Would the following error in my logs suggest otherwise?
this pops up every 5 minutes

Apr  8 21:30:00 rc_service: service 5832:notify_rc restart_letsencrypt
Apr  8 21:35:01 rc_service: service 5971:notify_rc restart_letsencrypt
Apr  8 21:40:00 rc_service: service 6092:notify_rc restart_letsencrypt
Apr  8 21:45:00 rc_service: service 6220:notify_rc restart_letsencrypt
Apr  8 21:50:00 rc_service: service 6344:notify_rc restart_letsencrypt
Apr  8 21:55:00 rc_service: service 6471:notify_rc restart_letsencrypt
Apr  8 22:00:00 rc_service: service 6596:notify_rc restart_letsencrypt
Apr  8 22:05:01 rc_service: service 6968:notify_rc restart_letsencrypt
Apr  8 22:10:01 rc_service: service 7088:notify_rc restart_letsencrypt

 

[L&LD]

Do my settings that I posted up look OK?

Would the following error in my logs suggest otherwise?
this pops up every 5 minutes

Apr  8 21:30:00 rc_service: service 5832:notify_rc restart_letsencrypt
Apr  8 21:35:01 rc_service: service 5971:notify_rc restart_letsencrypt
Apr  8 21:40:00 rc_service: service 6092:notify_rc restart_letsencrypt
Apr  8 21:45:00 rc_service: service 6220:notify_rc restart_letsencrypt
Apr  8 21:50:00 rc_service: service 6344:notify_rc restart_letsencrypt
Apr  8 21:55:00 rc_service: service 6471:notify_rc restart_letsencrypt
Apr  8 22:00:00 rc_service: service 6596:notify_rc restart_letsencrypt
Apr  8 22:05:01 rc_service: service 6968:notify_rc restart_letsencrypt
Apr  8 22:10:01 rc_service: service 7088:notify_rc restart_letsencrypt

Please don't crosspost. A single report with a link back to it, if needed, from another thread is a better approach.

https://www.snbforums.com/threads/t...-in-my-logs-now-what.55950/page-3#post-479892

 

[58chev]

@L&LD
I only posted the error here to see it it is the cause of my VPN Issue.

As now my client file has to have the WAN IP and not the DDNS Name.

 

[eibgrad]

Do my settings that I posted up look OK?

Would the following error in my logs suggest otherwise?
this pops up every 5 minutes

Apr  8 21:30:00 rc_service: service 5832:notify_rc restart_letsencrypt
Apr  8 21:35:01 rc_service: service 5971:notify_rc restart_letsencrypt
Apr  8 21:40:00 rc_service: service 6092:notify_rc restart_letsencrypt
Apr  8 21:45:00 rc_service: service 6220:notify_rc restart_letsencrypt
Apr  8 21:50:00 rc_service: service 6344:notify_rc restart_letsencrypt
Apr  8 21:55:00 rc_service: service 6471:notify_rc restart_letsencrypt
Apr  8 22:00:00 rc_service: service 6596:notify_rc restart_letsencrypt
Apr  8 22:05:01 rc_service: service 6968:notify_rc restart_letsencrypt
Apr  8 22:10:01 rc_service: service 7088:notify_rc restart_letsencrypt

Not sure. Frankly, I have no idea why it's necessary or even wise to enable Let's Encrypt on the DDNS client in the first place. Normally that's used provide https/ssl certificates to your own domain. I don't see what that has to do w/ configuring a DDNS client. You could try disabling that option and see if it helps. Just guessing at this point.

P.S. Perhaps the www.asus.com/www.asuscomm.com domain uses Let's Encrypt and it's trying to lookup the certificate, but it can't due the problem reported in the syslog, so the DDNS update fails??? Just guessing at this point. I suppose you could always try a different DDNS provider, one that doesn't require https/ssl (e.g., dnsomatic.com, at least last time I checked).

 

[58chev]

@eibgrad
I will give another DDNS provider a shot.

Thanks for your assistance.