1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

OpenVPN question

Discussion in 'Asuswrt-Merlin' started by mongodb, Mar 20, 2019.

  1. mongodb

    mongodb New Around Here

    Joined:
    Feb 2, 2019
    Messages:
    9
    Hi, I noticed an anomaly with using OpenVPN with Merlin and thought I'd ask here. Scenario is:

    1) connect using my Android phone to the VPN server hosted on the Asus Merlin router- everything looks good and I can access internal 192.168.1.x resource
    2) later on the in the evening had to issue the service restart_vpnserver1 command- service came back up and looked OK until I tried accessing internal 192.168.1.x resource. No joy accessing anything internally, iptables and ip route looks good to me.
    3) reboot the router via the GUI- tried connecting back in via the OpenVPN Server and can access internal resources again.

    So I guess the question is- does a manual service restart not apply some network policy that breaks accessing internal resource?

    Any thoughts on this please?

    Thanks in advance.
     
  2. eibgrad

    eibgrad Regular Contributor

    Joined:
    Feb 20, 2017
    Messages:
    72
    I thought the command was ...

    Code:
    service vpnserver1 restart
    Just a guess, but it might be that issuing a "restart" (your method or mine) might only issue (what OpenVPN calls) a "soft restart".

    Code:
    killall -s SIGUSR1 openvpn
    What this does is only partially bring down the server before the restart. For example, it usually doesn't disturb the current routing tables. But I have seen situations where the firmware on tomato (the basis for Merlin) doesn't handle the soft restart correctly.

    I would instead try the following:

    Code:
    service vpnserver1 stop && sleep 5 && service vpnserver1 start
    The above is sure to do a complete stop and clean restart.
     
    L&LD likes this.
  3. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    8,104
    Location:
    UK
    No, that is incorrect. mongodb's syntax is correct. Your service command is typical for a traditional Linux distribution.
     
    L&LD likes this.
  4. skeal

    skeal Part of the Furniture

    Joined:
    Apr 30, 2016
    Messages:
    2,925
    Location:
    /etc
    So the command would be?
    Code:
    service stop_vpnserver1 && sleep 5 && service start_vpnserver1
     
  5. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    8,104
    Location:
    UK
    Correct. Although that is the same as what restart_vpnserver1 does, albeit without the 5 second delay.

    Either way the the openvpn process is terminated with a "SIGTERM[hard,]".
     
    L&LD and skeal like this.
  6. mongodb

    mongodb New Around Here

    Joined:
    Feb 2, 2019
    Messages:
    9
    Thanks. During the issue, I did a quick tcpdump on the Asus router and was seeing returning traffic from the internal 192.168.1.x host headed towards the VPN 10.8.0.x address but never reached my phone and the browser timed out.