OpenVPN server fails after reboot

[sanderveeken]

Hi,

I'm using an AC88U and am running the latest available Merlin firmware. Since a few months, I've been using the built in OpenVPN server to securely access my home server when away from home.

The connection itself works great, was easy enough to set up and configure and is very stable and fast. My problem is that whenever the router reboots, the OpenVPN server fails to restart and this is because the word "up" somehow gets added to the "custom configuration" field at the bottom. Even if I log in to the router and try to start OpenVPN server manually, it will fail ("daemon failed to start") until I clear the "custom configuration" field and hit apply. Then it starts and runs fine again.

This wouldn't even be a huge issue except that I have the router reboot weekly (Sunday night) just to clear up stuff. When I didn't, it would sometimes (infrequently) hang or be very slow randomly and this was an easy and painless way to deal with that has no adverse effects - until now.

I'd like to know why the field keeps being refilled after a reboot, and if there is a way to reliably restart OpenVPN server after a reboot.

 

[RMerlin]

Your router is most likely infected by a malware if that field keeps getting filled up. What is the exact content of the custom field?

 

[sanderveeken]

That seems quite serious. There are no other adverse effects that I can tell, just the OpenVPN thing won't start. Nothing else has ever been off about the router, and I have only started using OpenVPN a couple of months ago, if that helps.

The custom configuration field only contains "up". If I delete those two letters and hit "apply" the daemon instantly starts and works fine.

Is there a safe (i.e. "keep my configuration") way to reset the router if it is malware, or some other test I could do? And if it is a specific piece of malware that targets Asus routers or Merlin routers I could find out about it somewhere?

Failing all that, how would I go about doing a full reset if I have to, making sure I got rid of the malware?

 

[sanderveeken]

FWIW, if I port scan my home IP from my mobile connection using nmap - Pn - sV I get only one open port (21) which I assume is a service port from my ISP. But I'm really not that experienced with network tech (if you couldn't already tell) so I'm not sure if that is helpful.

 

[RMerlin]

You ccan check the content of /jffs/configs and /jffs/scripts as these are usually where these malwares that inject themselves into the VPN server tend to reside. It's possible that Asus' security daemon already cleaned it, but there are some leftovers present in these two directories. Usually "up" is followed by the malicious script that gets executed when the VPN server is launched, so this is odd.

In case of doubt, I would do a factory default reset, making sure to also check the checkbox that says "Initialize" next to the reset option.

 

[sanderveeken]

I did have one custom JFF script at one point which was simply to redirect some public minecraft bedrock server address to a local ip server. But I didn't need it anymore after setting up a pihole instance. The whole JFF thing was pretty much voodoo to me so perhaps this is where I messed up something? FWIW, custom JFFs are disabled in the config panel and I also removed the line redirecting the server from the file. I don't know if there's something else I'd need to "reset" to make all that go back to factory default?

 

[L&LD]

A virus won't care about a setting that JFFS is disabled.

The only way to be sure of a full reset.

[Wireless Router] When Standard Reset Isn’t Working: Hard Factory Reset - Models list | Official Support | ASUS USA

Nuclear Reset https://www.snbforums.com/threads/major-issues-w-rt-ac86u.56342/page-4#post-495710


Not using just one (reset) option, but all of them, consecutively, without having the router connected to the ISP at all.