RT-BE88U Openvpn only working on same lan

stephane_lunas · 2025-11-27T05:51:24-0500

Hi all, I have been using the openvpn option on RT-AX88U and now on RT-BE88U but since a few days it just stopped working. I didn't change anything and was away for work and couldn't connect to it anymore.
When I got back home I¡ve reboot the router but no luck. I've then installed latest firmware and reset to factory and reload my prevous conf but still not working. I've disabled special DNS options and left it disabled and it worked only during 30 mins.
I really don't know what to do.
Here is the log:

Nov 27 11:43:20 rc_service: httpd 3714:notify_rc stop_vpnserver1
Nov 27 11:43:20 ovpn-server1[9767]: event_wait : Interrupted system call (fd=-1,code=4)
Nov 27 11:43:20 ovpn-server1[9767]: Closing TUN/TAP interface
Nov 27 11:43:20 ovpn-server1[9767]: /usr/sbin/ip addr del dev tun21 10.8.0.1/24
Nov 27 11:43:20 ovpn-server1[9767]: ovpn-down 1 server tun21 1500 0 10.8.0.1 255.255.255.0 init
Nov 27 11:43:20 ovpn-server1[9767]: PLUGIN_CLOSE: /usr/lib/openvpn-plugin-auth-pam.so
Nov 27 11:43:20 ovpn-server1[9767]: PLUGIN AUTH-PAM: Error signaling background process to exit: Connection refused (errno=111)
Nov 27 11:43:20 ovpn-server1[9767]: SIGTERM[hard,] received, process exiting
Nov 27 11:43:43 rc_service: httpd 3714:notify_rc restart_chpass;restart_vpnserver1
Nov 27 11:43:43 ovpn-server1[10930]: WARNING: POTENTIALLY DANGEROUS OPTION --verify-client-cert none|optional may accept clients which do not present a certificate
Nov 27 11:43:43 ovpn-server1[10930]: OpenVPN 2.6.16 arm-buildroot-linux-gnueabi [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Nov 27 11:43:43 ovpn-server1[10930]: library versions: OpenSSL 1.1.1w 11 Sep 2023, LZO 2.10
Nov 27 11:43:43 ovpn-server1[10931]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Nov 27 11:43:43 ovpn-server1[10931]: PLUGIN AUTH-PAM: initialization succeeded (fg)
Nov 27 11:43:43 ovpn-server1[10931]: PLUGIN_INIT: POST /usr/lib/openvpn-plugin-auth-pam.so '[/usr/lib/openvpn-plugin-auth-pam.so] [openvpn]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY
Nov 27 11:43:43 ovpn-server1[10931]: Diffie-Hellman initialized with 2048 bit key
Nov 27 11:43:43 ovpn-server1[10931]: TUN/TAP device tun21 opened
Nov 27 11:43:43 ovpn-server1[10931]: TUN/TAP TX queue length set to 1000
Nov 27 11:43:43 ovpn-server1[10931]: /usr/sbin/ip link set dev tun21 up mtu 1500
Nov 27 11:43:43 vpnserver1[10933]: PLUGIN AUTH-PAM: BACKGROUND: initialization succeeded
Nov 27 11:43:43 ovpn-server1[10931]: /usr/sbin/ip link set dev tun21 up
Nov 27 11:43:43 ovpn-server1[10931]: /usr/sbin/ip addr add dev tun21 10.8.0.1/24 broadcast +
Nov 27 11:43:43 ovpn-server1[10931]: ovpn-up 1 server tun21 1500 0 10.8.0.1 255.255.255.0 init
Nov 27 11:43:43 ovpn-server1[10931]: Socket Buffers: R=[524288->524288] S=[524288->524288]
Nov 27 11:43:43 ovpn-server1[10931]: UDPv4 link local (bound): [AF_INET][undef]:2025
Nov 27 11:43:43 ovpn-server1[10931]: UDPv4 link remote: [AF_UNSPEC]
Nov 27 11:43:43 ovpn-server1[10931]: MULTI: multi_init called, r=256 v=256
Nov 27 11:43:43 ovpn-server1[10931]: IFCONFIG POOL IPv4: base=10.8.0.2 size=253
Nov 27 11:43:43 ovpn-server1[10931]: Initialization Sequence Completed
Nov 27 11:43:44 ovpn-server1[10931]: *.*.*.*:33294 peer info: IV_VER=3.11.1
Nov 27 11:43:44 ovpn-server1[10931]: *.*.*.*:33294 peer info: IV_PLAT=android
Nov 27 11:43:44 ovpn-server1[10931]: *.*.*.*:33294 peer info: IV_NCP=2
Nov 27 11:43:44 ovpn-server1[10931]: *.*.*.*:33294 peer info: IV_TCPNL=1
Nov 27 11:43:44 ovpn-server1[10931]: *.*.*.*:33294 peer info: IV_PROTO=8094
Nov 27 11:43:44 ovpn-server1[10931]: *.*.*.*:33294 peer info: IV_MTU=1600
Nov 27 11:43:44 ovpn-server1[10931]: *.*.*.*:33294 peer info: IV_CIPHERS=AES-128-CBC:AES-192-CBC:AES-256-CBC:AES-128-GCM:AES-192-GCM:AES-256-GCM:CHACHA20-POLY1305
Nov 27 11:43:44 ovpn-server1[10931]: *.*.*.*:33294 peer info: IV_GUI_VER=net.openvpn.connect.android_3.7.1-10568
Nov 27 11:43:44 ovpn-server1[10931]: *.*.*.*:33294 peer info: IV_SSO=webauth,crtext
Nov 27 11:43:44 ovpn-server1[10931]: *.*.*.*:33294 peer info: IV_BS64DL=1
Nov 27 11:43:44 ovpn-server1[10931]: *.*.*.*:33294 PLUGIN_CALL: POST /usr/lib/openvpn-plugin-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
Nov 27 11:43:44 ovpn-server1[10931]: *.*.*.*:33294 TLS: Username/Password authentication succeeded for username 'Admin' [CN SET]
Nov 27 11:43:44 ovpn-server1[10931]: *.*.*.*:33294 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
Nov 27 11:43:44 ovpn-server1[10931]: *.*.*.*:33294 TLS: tls_multi_process: initial untrusted session promoted to trusted
Nov 27 11:43:44 ovpn-server1[10931]: *.*.*.*:33294 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, peer temporary key: 253 bits X25519
Nov 27 11:43:44 ovpn-server1[10931]: *.*.*.*:33294 [Admin] Peer Connection Initiated with [AF_INET]*.*.*.*:33294 (via [AF_INET]*.*.*.*%ppp0)
Nov 27 11:43:44 ovpn-server1[10931]: Admin/*.*.*.*:33294 MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=(Not enabled)
Nov 27 11:43:44 ovpn-server1[10931]: Admin/*.*.*.*:33294 MULTI: Learn: 10.8.0.2 -> Admin/*.*.*.*:33294
Nov 27 11:43:44 ovpn-server1[10931]: Admin/*.*.*.*:33294 MULTI: primary virtual IP for Admin/*.*.*.*:33294: 10.8.0.2
Nov 27 11:43:44 ovpn-server1[10931]: Admin/*.*.*.*:33294 SENT CONTROL [Admin]: 'PUSH_REPLY,route 192.168.50.0 255.255.255.0 vpn_gateway 500,dhcp-option DNS 192.168.50.1,redirect-gateway def1,route-gateway 10.8.0.1,topology subnet,ping 15,ping-restart 60,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM,protocol-flags cc-exit tls-ekm dyn-tls-crypt,tun-mtu 1500' (status=1)
Nov 27 11:43:44 ovpn-server1[10931]: Admin/*.*.*.*:33294 PUSH: Received control message: 'PUSH_REQUEST'
Nov 27 11:43:45 ovpn-server1[10931]: Admin/*.*.*.*:33294 Data Channel: cipher 'AES-256-GCM', peer-id: 0
Nov 27 11:43:45 ovpn-server1[10931]: Admin/*.*.*.*:33294 Timers: ping 15, ping-restart 120
Nov 27 11:43:45 ovpn-server1[10931]: Admin/*.*.*.*:33294 Protocol options: protocol-flags cc-exit tls-ekm dyn-tls-crypt
Nov 27 11:43:54 kernel: SBF: DNGL SBFTBL[1.0.0] hme [0xffffff8013207000] size [4096]
Nov 27 11:43:54 kernel: SBF: entries [512] type [0] offsets [16] [1040]
Nov 27 11:43:54 kernel: SBF: HOST SBFTBL[1.0.0] Initialized Type [0]
Nov 27 11:43:54 kernel: SBF: hdr [0xffffff8013207000] bfwtbl [0xffffff8013207010] addrtbl [0xffffff8013207410]
Nov 27 11:43:54 kernel: SBF: Table dump: (entries w/ all-zero MAC@s will be skipped)
Nov 27 11:43:54 kernel: SBF: entry SBF MAC
Nov 27 11:43:54 kernel: SBF: dhd1: INIT [9e:d4:9f:f0:33:fd] ID 65535 BFW 65535 THRSH 2048
Nov 27 11:43:54 wlceventd: wlceventd_proc_event(695): wl1.1: ReAssoc 9E

4:9F:F0:33:FD, status: Successful (0), rssi:-65
Nov 27 11:43:58 ovpn-server1[10931]: Admin/*.*.*.*:33294 Delayed exit in 5 seconds
Nov 27 11:43:58 ovpn-server1[10931]: read UDPv4 [CMSG=8|ECONNREFUSED]: Connection refused (fd=10,code=111)
Nov 27 11:43:59 ovpn-server1[10931]: read UDPv4 [CMSG=8|ECONNREFUSED]: Connection refused (fd=10,code=111)
Nov 27 11:43:59 ovpn-server1[10931]: read UDPv4 [CMSG=8|ECONNREFUSED]: Connection refused (fd=10,code=111)
Nov 27 11:44:00 ovpn-server1[10931]: read UDPv4 [CMSG=8|ECONNREFUSED]: Connection refused (fd=10,code=111)
Nov 27 11:44:00 ovpn-server1[10931]: read UDPv4 [CMSG=8|ECONNREFUSED]: Connection refused (fd=10,code=111)
Nov 27 11:44:01 ovpn-server1[10931]: read UDPv4 [CMSG=8|ECONNREFUSED]: Connection refused (fd=10,code=111)
Nov 27 11:44:03 ovpn-server1[10931]: Admin/*.*.*.*:33294 SIGTERM[soft,delayed-exit] received, client-instance exiting
Nov 27 11:44:24 wlceventd: wlceventd_proc_event(645): wl0.1: Deauth_ind 9E

4:9F:F0:33:FD, status: 0, reason: Disassociated due to inactivity (4), rssi:-61
Nov 27 11:44:24 kernel: WLC_SCB_DEAUTHORIZE error (-30)
Nov 27 11:44:24 kernel: update bss - wpa_ie and wpa2_ie is not null
Nov 27 11:45:18 ovpn-server1[10931]: read UDPv4 [CMSG=8|ECONNREFUSED|CMSG=8|ECONNREFUSED]: Connection refused (fd=10,code=111)
Nov 27 11:45:18 ovpn-server1[10931]: read UDPv4 [CMSG=8|ECONNREFUSED]: Connection refused (fd=10,code=111)
Nov 27 11:45:21 ovpn-server1[10931]: read UDPv4 [CMSG=8|ECONNREFUSED|CMSG=8|ECONNREFUSED]: Connection refused (fd=10,code=111)
Nov 27 11:45:25 ovpn-server1[10931]: read UDPv4 [CMSG=8|ECONNREFUSED|CMSG=8|ECONNREFUSED]: Connection refused (fd=10,code=111)
Nov 27 11:45:50 ovpn-server1[10931]: read UDPv4 [CMSG=8|ECONNREFUSED|CMSG=8|ECONNREFUSED]: Connection refused (fd=10,code=111)
Nov 27 11:46:18 ovpn-server1[10931]: *.*.*.*:38895 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Nov 27 11:46:18 ovpn-server1[10931]: *.*.*.*:38895 TLS Error: TLS handshake failed
Nov 27 11:46:18 ovpn-server1[10931]: *.*.*.*:38895 SIGUSR1[soft,tls-error] received, client-instance restarting

I also have try wireguard and it gives me the same error, only working in lan but timeout form outside my net.

Thread starter	Title	Forum	Replies	Date
G	BE88U - showing "Not Secure" since firmware update	ASUS BE Routers & Adapters (Wi-Fi 7)	14	Saturday at 4:52 AM
	Bluetooth coexistence setting missing on the RT-BE88U in professional settings?	ASUS BE Routers & Adapters (Wi-Fi 7)	2	Nov 19, 2025
	Asus RT-BE88U - missing 160mhz channel bandwidth	ASUS BE Routers & Adapters (Wi-Fi 7)	25	Nov 18, 2025
	RT-BE88U wifi.....slows?	ASUS BE Routers & Adapters (Wi-Fi 7)	10	Nov 18, 2025
S	RT-BE88U AiCloud 2.0 SSL stop working after few hours	ASUS BE Routers & Adapters (Wi-Fi 7)	9	Nov 6, 2025
T	BE88U traffic analyzer	ASUS BE Routers & Adapters (Wi-Fi 7)	8	Nov 2, 2025
	BE88U - 10GBe SPF+ and RJ45	ASUS BE Routers & Adapters (Wi-Fi 7)	7	Oct 21, 2025
	Stupid question about the RT-BE88U	ASUS BE Routers & Adapters (Wi-Fi 7)	27	Oct 14, 2025
M	Best way to extend range on RT-BE88U? Small dead spot that I need to get coverage to.	ASUS BE Routers & Adapters (Wi-Fi 7)	20	Oct 13, 2025
	BE88U struggling to join PS5 voice chat channel	ASUS BE Routers & Adapters (Wi-Fi 7)	7	Oct 13, 2025

Search

Search

RT-BE88U Openvpn only working on same lan

stephane_lunas

New Around Here

Similar threads

Similar threads

Latest threads

Support SNBForums w/ Amazon

Sign Up For SNBForums Daily Digest

Members online