Menu
What's new
By:
Filters Better Search

OpenVPN routing stops working when VPN drops

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

B

BigSnicker

Occasional Visitor
Recently I've noticed that when my OpenVPN provider server stops working, my two devices that use the VPN lose their internet access. The router's OpenVPN client status stays in a state of "connecting" and the devices aren't routed via the WAN (which I'd love), despite "Block routed clients if tunnel goes down" being set to No and a "Strict" DNS configuration.

Am I missing anything in the configuration? I'm using a pretty simple setup on an RT-AC68U, and the only non-standard thing I can think of is a redundant wan-start script that makes sure OpenVPN client 1 is restarted (I have previously had issues with Startup on WAN working). Policy rules only have two lines specifying that each manual device IP should be routed to VPN if destination is '0.0.0.0', assuming that everything else goes to WAN by default.

Apart from that, everything's working beautifully and otherwise loving the firmware's OpenVPN implementation!
 
I should add that this is what the log was saying while the vpn was down, on repeat:

Apr 23 13:01:55 openvpn[23027]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 23 13:01:55 openvpn[23027]: Socket Buffers: R=[122880->122880] S=[122880->122880]
Apr 23 13:01:55 openvpn[23027]: UDPv4 link local: [undef]
Apr 23 13:01:55 openvpn[23027]: UDPv4 link remote: [AF_INET]184.75.213.118:1194
Apr 23 13:02:25 openvpn[23027]: [UNDEF] Inactivity timeout (--ping-restart), restarting
Apr 23 13:02:25 openvpn[23027]: SIGUSR1[soft,ping-restart] received, process restarting
Apr 23 13:02:25 openvpn[23027]: Restart pause, 2 second(s)
 
What DNS servers are provided by your server? If the servers are specific to your server, then your problem is that with the tunnel down, your clients are no longer able to access those DNS servers.
 
I hardcoded the VPN provider's two publicly available DNS servers under LAN->DHCP->DHCP Server Setting.

So given that I was able to switch VPN servers manually and use another one successfully, there wasn't a problem with their DNS servers going down, and I would have expected the router's clients to be able to use them if they were able to access the WAN after the VPN dropped. I also don't recall seeing any DNS issues in the system log, but I'll double check the next time I see this behaviour.
 
You must log in or register to reply here.

Similar threads

E
VPN Killswitch not working on RT-AC68U 386.12_4
Replies
0
Views
355
eddy3702
E
S
VPN blocking MMS text messages
Replies
8
Views
598
Piotrek
P
E
VPN Director question
Replies
2
Views
793
elorimer
E
J
Correctly using VPN Director?
Replies
2
Views
587
jetpack42
J
J
Reverse internet access through Asus-Merlin OpenVPN client.
Replies
0
Views
459
Johnco2
J
Similar threads
Thread starter Title Forum Replies Date
M OpenVPN / site to site with special security/routing constraints Asuswrt-Merlin 7
bengalih Need help with OpenVPN server configured in non-routing mode Asuswrt-Merlin 1
E OpenVPN TAP internet access problem Asuswrt-Merlin 0
M OpenVPN clients cannot connect to LAN computers. Asuswrt-Merlin 0
R OpenVPN keeps on turning itself off Asuswrt-Merlin 40
M Best router for wireguard or openVPN Asuswrt-Merlin 1
W OpenVPN Server set to LAN only allows browsing Asuswrt-Merlin 14
A Upgraded my ASUS, issues with NordVPN via OpenVPN Asuswrt-Merlin 4
G openvpn server: can not change/select data cipher Asuswrt-Merlin 1
Blankedy AC86U OpenVPN server whilst in AP mode Asuswrt-Merlin 3

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 909 (members: 17, guests: 892)
Top