OpenVPN Server - loss of internal LAN access when applying settings

[RDK]

Hi all,

Hopefully I can appeal to your curiosity and collective expertise.

I'm utilising Asus-Merlin 384.14_2 along with Skynet v7.0.10 with two active and operational OpenVPN servers. Server 1 is LAN and Server 2 is LAN & WAN.

I've made minor changes to the OpenVPN server configuration (pushing DNS servers, as well as connect & disconnect scripts). Once the changes are committed and applied in the GUI, the OpenVPN Service restarts.

As I'm making these changes remotely (via VPN), I'm very conscious that I lose connectivity to the LAN (except the router) after the changes are applied. Note, there is noting erroneous within the configuration, because as soon as I reboot the router, access to the LAN via VPN is restored.

I've even tried to utilise the following commands via SSH to no avail;

service stop_vpnserver1
service start_vpnserver1

Is there any series of commands that I could execute that may flush any stale configuration (firewall, routing, etc.) without needing to reboot?

Any insight would be appreciated. Thanks.

 

[L&LD]

What router are we discussing here? How long do you wait to see if connectivity to the LAN returns?

Note that depending on your router model, RMerlin 384.15_0 stable has been released. Possibly with a fix for your issue?

Also, note that Skynet is currently at v7.10 too. Not sure if this will affect anything though.

Are you issuing those commands together? That might not be enough time for flushing the old settings used?

Are you able to use Server 1 and Server 2 configured with the settings desired? So that you connect to the OpenVPN Server with the functionality you want?

When I change any OpenVPN setting, even for another server instance, I lose the connection for at least a few tens of seconds. Even if it shows still 'connected' on my client device.

 

[RDK]

Thanks for the reply.

What router are we discussing here? How long do you wait to see if connectivity to the LAN returns?

ASUS RT-AC68U.
It has been a couple of hours now.

Note that depending on your router model, RMerlin 384.15_0 stable has been released. Possibly with a fix for your issue?

Perhaps, though nothing stood out when I perused the ChangeLog.

Also, note that Skynet is currently at v7.10 too. Not sure if this will affect anything though.

Not sure. I'll upgrade a little later and see what that does.

Are you issuing those commands together? That might not be enough time for flushing the old settings used?

Tried, one at a time ... and both together separated by a '&&'.

Are you able to use Server 1 and Server 2 configured with the settings desired? So that you connect to the OpenVPN Server with the functionality you want?

This is the most interesting and/or telling, that I can connect with the alternative Service and access the LAN without issue. This indicates that the issue is somehow isolated to that particular instance. I'm wondering if some configuration either firewall, iptables, routing, etc. has not been unloaded properly prior to the restart.

When I change any OpenVPN setting, even for another server instance, I lose the connection for at least a few tens of seconds. Even if it shows still 'connected' on my client device.

Agreed. I experience a similar delay.

 

[RDK]

To provide an update ... after a reboot of the router, LAN access via VPN has been restored.

Whilst this remains a solution, I'd like to understand if a more elegant solution exists.

Any further thoughts welcome.

 

[L&LD]

@RDK, this is a reboot of the OpenVPN Server router, correct? Am I also correct you're connecting with the OpenVPN client running on a PC? Or, are you connecting using a Router OpenVPN Client?

Would connecting to that remote server and restarting the SAMBA service help here? (I would be using the scMerlin script to do this, option '6').

 

[elorimer]

One way to do this is to connect to one server and only make changes to the other server. Then switch.

Also, you don't need to have one server be LAN, and one be LAN+Internet. You can set both to both, and control it from the client side with ignore push commands, assuming you trust whoever is connecting. Or control it from the server side with push commands.

 

[RDK]

Thanks for the replies.

@RDK, this is a reboot of the OpenVPN Server router, correct? Am I also correct you're connecting with the OpenVPN client running on a PC? Or, are you connecting using a Router OpenVPN Client

Yes. That is correct on both accounts. OpenVPN server on router, and rebooting that, as well as connecting from a computer.

Would connecting to that remote server and restarting the SAMBA service help here? (I would be using the scMerlin script to do this, option '6').

I haven’t had a chance to try, though I suspect it wouldn’t assist as I can’t even ping the machines let along connect via SMB.

One way to do this is to connect to one server and only make changes to the other server. Then switch.

I have tried this method as well as making changes to the connected server. Of course the advantage of applying changes to a single service is you don’t get disconnected by the change.

Also, you don't need to have one server be LAN, and one be LAN+Internet. You can set both to both,

Good thought. I hadn’t considered that option as I didn’t have a need for it, but certainly valid should the opportunity preset itself.

 

[elorimer]

Of course the advantage of applying changes to a single service is you don’t get disconnected by the change.

If it works. If it doesn't, you are locked out.