What's new

OpenVPN question

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

mongodb

Occasional Visitor
Hi, I noticed an anomaly with using OpenVPN with Merlin and thought I'd ask here. Scenario is:

1) connect using my Android phone to the VPN server hosted on the Asus Merlin router- everything looks good and I can access internal 192.168.1.x resource
2) later on the in the evening had to issue the service restart_vpnserver1 command- service came back up and looked OK until I tried accessing internal 192.168.1.x resource. No joy accessing anything internally, iptables and ip route looks good to me.
3) reboot the router via the GUI- tried connecting back in via the OpenVPN Server and can access internal resources again.

So I guess the question is- does a manual service restart not apply some network policy that breaks accessing internal resource?

Any thoughts on this please?

Thanks in advance.
 
I thought the command was ...

Code:
service vpnserver1 restart

Just a guess, but it might be that issuing a "restart" (your method or mine) might only issue (what OpenVPN calls) a "soft restart".

Code:
killall -s SIGUSR1 openvpn

What this does is only partially bring down the server before the restart. For example, it usually doesn't disturb the current routing tables. But I have seen situations where the firmware on tomato (the basis for Merlin) doesn't handle the soft restart correctly.

I would instead try the following:

Code:
service vpnserver1 stop && sleep 5 && service vpnserver1 start

The above is sure to do a complete stop and clean restart.
 
No, that is incorrect. mongodb's syntax is correct. Your service command is typical for a traditional Linux distribution.
So the command would be?
Code:
service stop_vpnserver1 && sleep 5 && service start_vpnserver1
 
So the command would be?
Code:
service stop_vpnserver1 && sleep 5 && service start_vpnserver1
Correct. Although that is the same as what restart_vpnserver1 does, albeit without the 5 second delay.

Either way the the openvpn process is terminated with a "SIGTERM[hard,]".
 
Thanks. During the issue, I did a quick tcpdump on the Asus router and was seeing returning traffic from the internal 192.168.1.x host headed towards the VPN 10.8.0.x address but never reached my phone and the browser timed out.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top