RT-AC68U VPN client successfully connect but no internet access

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Micu

New Around Here
Hi,

I have an AC68U router which I'm using, whenever I'm not home, to connect all devices to a secure network.

I've installed the latest Merlin firmware.

I've configured 1 OpenVPN client and 1 L2TP client. When I enable either one of them is showing connection successful but all devices connected to the router are loosing the internet connection. When I disable the VPN client, the internet connection is working again.

The DNS server is set to manual, and I've selected the OpenDNS servers.

Some logs:

nslookup www.cnn.com
;; connection timed out; no servers could be reached

L2TP client connection logs:
Jul 8 07:35:11 pppd[1384]: Overriding mtu 1500 to 1400
Jul 8 07:35:11 pppd[1384]: Overriding mru 1500 to mtu value 1400
Jul 8 07:35:13 pppd[1384]: Overriding mru 1500 to mtu value 1400
Jul 8 07:35:13 pppd[1384]: CHAP authentication succeeded
Jul 8 07:35:13 pppd[1384]: local IP address 10.0.10.1
Jul 8 07:35:13 pppd[1384]: remote IP address 10.255.255.0
Jul 8 07:35:13 pppd[1384]: primary DNS address 192.168.1.1
Jul 8 07:35:13 pppd[1384]: secondary DNS address 192.168.1.1
Jul 8 07:35:13 dnsmasq[1111]: ignoring nameserver 192.168.1.1 - local interface
Jul 8 07:35:13 dnsmasq[1111]: ignoring nameserver 192.168.1.1 - local interface



Open VPN client connection logs:
Jul 8 07:24:03 ovpn-client1[3451]: OPTIONS IMPORT: adjusting link_mtu to 1626
Jul 8 07:24:03 ovpn-client1[3451]: OPTIONS IMPORT: data channel crypto options modified
Jul 8 07:24:03 ovpn-client1[3451]: Data Channel: using negotiated cipher 'AES-256-GCM'
Jul 8 07:24:03 ovpn-client1[3451]: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jul 8 07:24:03 ovpn-client1[3451]: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jul 8 07:24:03 ovpn-client1[3451]: TUN/TAP device tun11 opened
Jul 8 07:24:03 ovpn-client1[3451]: TUN/TAP TX queue length set to 1000
Jul 8 07:24:03 ovpn-client1[3451]: /usr/sbin/ip link set dev tun11 up mtu 1500
Jul 8 07:24:04 ovpn-client1[3451]: /usr/sbin/ip link set dev tun11 up
Jul 8 07:24:04 ovpn-client1[3451]: /usr/sbin/ip addr add dev tun11 10.8.0.3/24
Jul 8 07:24:04 ovpn-client1[3451]: ovpn-up 1 client tun11 1500 1554 10.8.0.3 255.255.255.0 init
Jul 8 07:24:06 ovpn-client1[3451]: /usr/sbin/ip route add "my actual IP"/32 via 192.168.8.1
Jul 8 07:24:06 ovpn-client1[3451]: /usr/sbin/ip route add 0.0.0.0/1 via 10.8.0.1
Jul 8 07:24:06 ovpn-client1[3451]: /usr/sbin/ip route add 128.0.0.0/1 via 10.8.0.1
Jul 8 07:24:06 openvpn-routing: Configuring policy rules for client 1
Jul 8 07:24:07 openvpn-routing: Tunnel re-established, restoring WAN access to clients
Jul 8 07:24:07 acsd: selected channel spec: 0xe29b (157/80)
Jul 8 07:24:07 acsd: Adjusted channel spec: 0xe29b (157/80)
Jul 8 07:24:07 acsd: selected channel spec: 0xe29b (157/80)
Jul 8 07:24:07 acsd: acs_set_chspec: 0xe29b (157/80) for reason APCS_CSTIMER
Jul 8 07:24:07 ovpn-client1[3451]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Jul 8 07:24:07 ovpn-client1[3451]: Initialization Sequence Completed

Do you know what might be wrong in the settings?

Thanks
 

L&LD

Part of the Furniture
Sigh, what is the 'latest' RMerlin firmware that you are using?
 

ColinTaylor

Part of the Furniture
My first guess would be that the LAN subnet address range of your client router is the same as (or overlapping) that of the destination router.
 

Micu

New Around Here
Thanks Colin, I've changed the LAN IP from 192.168.1.1 to 192.168.2.1 and now the L2TP VPN connection is working.

OpenVPN client connection still the same, no internet after connection.
 

ColinTaylor

Part of the Furniture
I'd have to see the complete openvpn connection log rather than just the part you showed to know any more.

When you says there's no internet can you ping a destination by IP? e.g. ping 8.8.8.8
 

Micu

New Around Here
ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2




OpenVPN connection logs:
Jul 10 08:22:59 rc_service: httpd 740:notify_rc start_vpnclient1
Jul 10 08:23:01 ovpn-client1[1282]: OpenVPN 2.5.2 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jun 6 2021
Jul 10 08:23:01 ovpn-client1[1282]: library versions: OpenSSL 1.1.1k 25 Mar 2021, LZO 2.08
Jul 10 08:23:01 ovpn-client1[1283]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jul 10 08:23:01 ovpn-client1[1283]: Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Jul 10 08:23:01 ovpn-client1[1283]: Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Jul 10 08:23:01 ovpn-client1[1283]: Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Jul 10 08:23:01 ovpn-client1[1283]: Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Jul 10 08:23:01 ovpn-client1[1283]: TCP/UDP: Preserving recently used remote address: [AF_INET]"my real ip":8080
Jul 10 08:23:01 ovpn-client1[1283]: Socket Buffers: R=[87380->87380] S=[16384->16384]
Jul 10 08:23:01 ovpn-client1[1283]: Attempting to establish TCP connection with [AF_INET]"my real ip":8080 [nonblock]
Jul 10 08:23:02 ovpn-client1[1283]: TCP connection established with [AF_INET]"my real ip":8080
Jul 10 08:23:02 ovpn-client1[1283]: TCP_CLIENT link local: (not bound)
Jul 10 08:23:02 ovpn-client1[1283]: TCP_CLIENT link remote: [AF_INET]"my real ip":8080
Jul 10 08:23:02 ovpn-client1[1283]: TLS: Initial packet from [AF_INET]"my real ip":8080, sid=b1276dbc 317d564e
Jul 10 08:23:02 ovpn-client1[1283]: VERIFY OK: depth=1, CN=ChangeMe
Jul 10 08:23:02 ovpn-client1[1283]: VERIFY KU OK
Jul 10 08:23:02 ovpn-client1[1283]: Validating certificate extended key usage
Jul 10 08:23:02 ovpn-client1[1283]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Jul 10 08:23:02 ovpn-client1[1283]: VERIFY EKU OK
Jul 10 08:23:02 ovpn-client1[1283]: VERIFY X509NAME OK: CN=server_PYRpqFgThGzwcxWE
Jul 10 08:23:02 ovpn-client1[1283]: VERIFY OK: depth=0, CN=server_PYRpqFgThGzwcxWE
Jul 10 08:23:03 ovpn-client1[1283]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1571', remote='link-mtu 1572'
Jul 10 08:23:03 ovpn-client1[1283]: WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
Jul 10 08:23:03 ovpn-client1[1283]: Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
Jul 10 08:23:03 ovpn-client1[1283]: [server_PYRpqFgThGzwcxWE] Peer Connection Initiated with [AF_INET]"my real ip":8080
Jul 10 08:23:04 ovpn-client1[1283]: SENT CONTROL [server_PYRpqFgThGzwcxWE]: 'PUSH_REQUEST' (status=1)
Jul 10 08:23:04 ovpn-client1[1283]: PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,block-outside-dns,redirect-gateway def1,route-gateway 10.8.0.1,topology subnet,ping 1800,ping-restart 3600,ifconfig 10.8.0.3 255.255.255.0,peer-id 0,cipher AES-256-GCM'
Jul 10 08:23:04 ovpn-client1[1283]: Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:3: block-outside-dns (2.5.2)
Jul 10 08:23:04 ovpn-client1[1283]: WARNING: You have specified redirect-gateway and redirect-private at the same time (or the same option multiple times). This is not well supported and may lead to unexpected results
Jul 10 08:23:04 ovpn-client1[1283]: OPTIONS IMPORT: timers and/or timeouts modified
Jul 10 08:23:04 ovpn-client1[1283]: OPTIONS IMPORT: --ifconfig/up options modified
Jul 10 08:23:04 ovpn-client1[1283]: OPTIONS IMPORT: route options modified
Jul 10 08:23:04 ovpn-client1[1283]: OPTIONS IMPORT: route-related options modified
Jul 10 08:23:04 ovpn-client1[1283]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Jul 10 08:23:04 ovpn-client1[1283]: OPTIONS IMPORT: peer-id set
Jul 10 08:23:04 ovpn-client1[1283]: OPTIONS IMPORT: adjusting link_mtu to 1626
Jul 10 08:23:04 ovpn-client1[1283]: OPTIONS IMPORT: data channel crypto options modified
Jul 10 08:23:04 ovpn-client1[1283]: Data Channel: using negotiated cipher 'AES-256-GCM'
Jul 10 08:23:04 ovpn-client1[1283]: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jul 10 08:23:04 ovpn-client1[1283]: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jul 10 08:23:04 ovpn-client1[1283]: TUN/TAP device tun11 opened
Jul 10 08:23:04 ovpn-client1[1283]: TUN/TAP TX queue length set to 1000
Jul 10 08:23:04 ovpn-client1[1283]: /usr/sbin/ip link set dev tun11 up mtu 1500
Jul 10 08:23:04 ovpn-client1[1283]: /usr/sbin/ip link set dev tun11 up
Jul 10 08:23:04 ovpn-client1[1283]: /usr/sbin/ip addr add dev tun11 10.8.0.3/24
Jul 10 08:23:04 ovpn-client1[1283]: ovpn-up 1 client tun11 1500 1554 10.8.0.3 255.255.255.0 init
Jul 10 08:23:06 ovpn-client1[1283]: /usr/sbin/ip route add "my real ip"/32 via 192.168.8.1
Jul 10 08:23:06 ovpn-client1[1283]: /usr/sbin/ip route add 0.0.0.0/1 via 10.8.0.1
Jul 10 08:23:06 ovpn-client1[1283]: /usr/sbin/ip route add 128.0.0.0/1 via 10.8.0.1
Jul 10 08:23:06 ovpn-client1[1283]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Jul 10 08:23:06 ovpn-client1[1283]: Initialization Sequence Completed
 

ColinTaylor

Part of the Furniture
Try removing the depreciated "comp-lzo" option from the server configuration.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top