1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

OpenVPN initializing forever

Discussion in 'Asuswrt-Merlin' started by a-seus-am-i, Aug 12, 2019.

  1. a-seus-am-i

    a-seus-am-i New Around Here

    Joined:
    Dec 8, 2018
    Messages:
    9
    I just upgraded my RT-AC86u from stock to Merlin 384.13 and the OpenVPN server isn't working. When I go to the server page, it says "Initialinzing the settings of OpenVPN server now, please wait a few minutes to let the server to setup completed before VPN clients establish the connection." and it's spinning forever. Any ideas on how to address this?

    I even set it back to defaults and tried again but same hang.

    Note that
     
  2. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    31,343
    Location:
    Canada
    Check your System Log.
     
  3. Zonkd

    Zonkd Senior Member

    Joined:
    Oct 19, 2014
    Messages:
    474
    I’ve seen that before. How long are you waiting? Before VPN server starts for the very first time the router has to perform slow task of generating encrypted pki stuff. If it keeps getting stuck generating pki and you really want to get technical you could generate the pki manually on your PC at command line with easyrsa OpenSSL and openvpn2 then copy-paste pki keys and certs and dh to the server advanced settings. Personally I’d once more try clear nvram reset and cleanly flash firmware then reset one more time.
     
  4. martinr

    martinr Part of the Furniture

    Joined:
    Nov 27, 2014
    Messages:
    2,208
    Location:
    Manchester, United Kingdom
    Like Zonkd, I have also seen this when setting up OpenVPN Server. You didn’t say if the rest of the router was working or if you have connected to the Internet.

    You will get this behaviour if you try to set up OpenVPN without first connecting to the Internet.
     
  5. jsbeddow

    jsbeddow Regular Contributor

    Joined:
    Oct 21, 2016
    Messages:
    124
    Location:
    SF Bay Area
    I have also seen this, and my issue was resolved after clearing (formatting) the jffs partition. In my case I did not need to do the full nvram erase, but of course you will need to reconfigure your OpenVPN server and/or reimport the certs/config for that (not the full jffs backup of course).
     
    Last edited: Aug 13, 2019
  6. CaptainSTX

    CaptainSTX Part of the Furniture

    Joined:
    May 2, 2012
    Messages:
    2,084
    Have you set up DDNS and is it correctly reflected on the network map page?

    Is the IP shown a public IP? If it isn't a public IP and/or you are double NATed then getting the server to work is going to take some extra steps.

    If DDNS isn't functioning the server won't come up.

    Have you tried to also run a VPN client on your router? If you can't get either to work you may have a dysfunctional router.
     
  7. Grisu

    Grisu Part of the Furniture

    Joined:
    Aug 28, 2014
    Messages:
    2,594
    Merlin added DDNS support in Double NAT some releases ago, so it should work either with public or private IP.
     
  8. CaptainSTX

    CaptainSTX Part of the Furniture

    Joined:
    May 2, 2012
    Messages:
    2,084
    I know it can be made to work but in my experience it may take an extra step or two.

    When I have been fooling around with my AC86s in a bench setup double NATed behind another router it doesn't automatically function or at least it didn't for me. One issue I saw was the ovpn file it generates, to send to potential clients used the private LAN address issued by router 1 to router 2 as its WAN IP.

    I didn't spend any time tweaking settings on both routers as I was just interested in seeing if the repaired AC86 worked and since its 2.4 Ghz radio didn't I sent it back.
     
  9. a-seus-am-i

    a-seus-am-i New Around Here

    Joined:
    Dec 8, 2018
    Messages:
    9
    Thanks for all the replies! So the router is working fine and the internet is working. I have a gigabit fiber connection if that makes any difference. It was working on the stock firmware, just stopped working when I updated to merlin. DDNS says it's working ok on both the network map page and DDNS settings, although I see what looks like a new option labeled "Method to retrieve WAN IP". That's set to internal.

    I tried to clear the system log, set it to debug level, and try to start the VPN server but nothing seems to be getting logged now. Really confused as to why that is.

    I've waited up to 10 min and nothing.
     
  10. jsbeddow

    jsbeddow Regular Contributor

    Joined:
    Oct 21, 2016
    Messages:
    124
    Location:
    SF Bay Area
    I strongly suggest using the "format jffs partition on next reboot"option (on the administration page), followed by a reboot of course: this resolved my identical problem of the forever spinning circle on the OpenVPN server page, and it is now functioning correctly. Of course I did have to reconfigure the OpenVPN server and reimport my certs.
     
  11. a-seus-am-i

    a-seus-am-i New Around Here

    Joined:
    Dec 8, 2018
    Messages:
    9
    Thanks. Does this reset the entire router so I'll have to reconfigure everything again?
     
  12. jsbeddow

    jsbeddow Regular Contributor

    Joined:
    Oct 21, 2016
    Messages:
    124
    Location:
    SF Bay Area
    No, it is far less rework required. If you are running the scripts under the amtm "umbrella" (Diversion, Skynet, etc...), you will have to reinstall amtm and possibly the others. If you were running without any of the add-on scripts, it will require almost no reconfiguring, other than OpenVPN.
     
  13. a-seus-am-i

    a-seus-am-i New Around Here

    Joined:
    Dec 8, 2018
    Messages:
    9
    So I tried that and it didn't seem to do anything. It still won't connect. Also, is it supposed to wipe out all your previous configuration settings? Because it didn't do that either. I still see all the VPN settings I had previously. I can't seem to remove them either. I tried hitting the default button on the VPN page to reset them but it didn't.

    I tried hooking up my VPN client as well (PIA) and that didn't work either. I just imported the OVPN file provided by PIA and put in my user name and password but it won't connect.

    My system log seems to be working again after the reboot but I don't see any entries related to VPN in there. On an unrelated note, I cleared the log before reboot and when it started up it put in entries from way in the past first then jumped to today's date which is weird.
     
  14. CaptainSTX

    CaptainSTX Part of the Furniture

    Joined:
    May 2, 2012
    Messages:
    2,084
    Having both the VPN clients and VPN servers stop working was a frequent problem I have had with my AC86 and the replacements or repaired units ASUS sent me.

    The only way I could get them working was the nuclear reset as outlined by LD&D followed by a factory reset, format JFFS partition and then manually entering all the settings again. Also tried reflashing both ASUS and Merlin firmware. Never could get both the Server and Clients to work for more than a day or two.

    If the above doesn't work and can't get a stable router for you then consider returning the router or doing an RMA with ASUS.
     
  15. a-seus-am-i

    a-seus-am-i New Around Here

    Joined:
    Dec 8, 2018
    Messages:
    9
    Thanks. It looks like I'll have to go the factory reset and reconfigure route (not sure what you meant by LD&D nuclear reset). Both the server and client was working pre Merlin firmware update on the latest stock, so hopefully it's just the update that needs to get reconfigured.
     
  16. CaptainSTX

    CaptainSTX Part of the Furniture

    Joined:
    May 2, 2012
    Messages:
    2,084
    Look in member's L&LD's signature block. He outlines a very complete process for resetting and stabilizing a router.

    Hopefully it will help you get your router into a stable condition and everything will be good and VPNs will work. Didn't work for me, but perhaps it will for you and you won't have to enter into the ASUS RMA purgatory.

    Good luck.
     
  17. a-seus-am-i

    a-seus-am-i New Around Here

    Joined:
    Dec 8, 2018
    Messages:
    9
    Thanks. I got it reset (took a bunch of tries) and now it's working after reconfiguring everything. Thanks everyone for the help.
     
    jsbeddow and martinr like this.
  18. jsbeddow

    jsbeddow Regular Contributor

    Joined:
    Oct 21, 2016
    Messages:
    124
    Location:
    SF Bay Area
    Did this OpenVPN server connection stay up and stable for you? My server connection just went south (again, after behaving normally for a month or two), and I haven't had time to do a full reset to see if that solves it this time. I hope I don't have one of the (many?) problematic 86U routers, but am beginning to think that I do (2018 production date....yes, I have seen the other threads on this topic). Ugh, I am not sure if I am up for the battle to get a good one from the Asus RMA procedure hell.
     
  19. CaptainSTX

    CaptainSTX Part of the Furniture

    Joined:
    May 2, 2012
    Messages:
    2,084
    The good news is that if your signature block has your correct geographic location the turn around time for receiving a "refurbished router??????" will be much quicker than mine. ASUS's RMA location is in Newark, CA. In my case shipping the router back by FedEX ground from Florida takes 6-7 days from Florida to CA., 2-3 days in Newark and then another 6-7 days back to Florida.
     
    jsbeddow likes this.
  20. a-seus-am-i

    a-seus-am-i New Around Here

    Joined:
    Dec 8, 2018
    Messages:
    9
    It's been working ok for me. I don't connect to it a ton, only when I need to get to my home network, but so far I haven't had any issues.
     
    jsbeddow likes this.