OpenVPN issues on AC88u using latest 384.19

[mongodb]

Hi, not sure if your problem is now fixed but I have a similar issue with vpn and wired client performance with the Ac88u and merlin 384.19.

In my case, the router is OK for a couple days after reboot and then the cpu starts ticking up and stays there even if vpn tunnels aren't that busy. It'll get to a point after 5 days where I must restart or my wired machine (non-VPN client) starts seeing drops and slowness too.

 

[mongodb]

I'm even considering going back to an older version of merlin that I know works well with everything staying up for months. I really shouldn't have upgraded especially now that me and the gf are working from home mostly. I just want to be able to work normally and not have to investigate this so often.

 

[Phk]

I'm even considering going back to an older version of merlin that I know works well with everything staying up for months. I really shouldn't have upgraded especially now that me and the gf are working from home mostly. I just want to be able to work normally and not have to investigate this so often.

Hello, I've never been able to totally fix the issue. For now I received a new ax88u so my ac88u is stored.

Using exactly the same setup scenario, I'm getting 4MB/s in VPN instead of 0.7MB/s, and the wired clients do not lose connection when I'm testing (similar to your issue).

It's a really hard bug to trace, to be honest I was left without many ideas to help this project/trace the issue..

 

[Expose11]

Regarding replay warnings, I tried to resolve that issue myself and found only 2 options that would resolve it (given more time for research maybe more options would have been uncovered) :

First was config - - mute-replay-warnings, second was use TCP tunnel. I went with option 2 after testing no issues with performance (not usually recommended but it worked for me so went with it).

Regarding security, using a non standard port is good (e.g. 11944), prevents a bunch of malicious bot activity on the port 1194. And enable TLS control channel security "encrypted channel", which for me, stopped log messages appearing from random apparently malicious IPs.

Regarding speed issues and rebooting, temperature hasn't been a common issue with these routers, but it could be worth looking at if your workloads are high enough.

I'm new at this and am wondering, can I just change that port on my end or is there more to it? I mean literally just type in 11944 and hit apply and I'm good to go? Also, is there a range of ports I can use?

 

[Phk]

I'm new at this and am wondering, can I just change that port on my end or is there more to it? I mean literally just type in 11944 and hit apply and I'm good to go? Also, is there a range of ports I can use?

Hi, just use a high port in these settings. Then, when you download the openvpn configuration, the new port setting is built-in. The wan interface also gets the inbound-NAT automatically done, meaning, you don't need to configure port forwarding.