RT-BE88U Openvpn only working on same lan

stephane_lunas · Nov 27, 2025

Hi all, I have been using the openvpn option on RT-AX88U and now on RT-BE88U but since a few days it just stopped working. I didn't change anything and was away for work and couldn't connect to it anymore.
When I got back home I¡ve reboot the router but no luck. I've then installed latest firmware and reset to factory and reload my prevous conf but still not working. I've disabled special DNS options and left it disabled and it worked only during 30 mins.
I really don't know what to do.
Here is the log:

Nov 27 11:43:20 rc_service: httpd 3714:notify_rc stop_vpnserver1
Nov 27 11:43:20 ovpn-server1[9767]: event_wait : Interrupted system call (fd=-1,code=4)
Nov 27 11:43:20 ovpn-server1[9767]: Closing TUN/TAP interface
Nov 27 11:43:20 ovpn-server1[9767]: /usr/sbin/ip addr del dev tun21 10.8.0.1/24
Nov 27 11:43:20 ovpn-server1[9767]: ovpn-down 1 server tun21 1500 0 10.8.0.1 255.255.255.0 init
Nov 27 11:43:20 ovpn-server1[9767]: PLUGIN_CLOSE: /usr/lib/openvpn-plugin-auth-pam.so
Nov 27 11:43:20 ovpn-server1[9767]: PLUGIN AUTH-PAM: Error signaling background process to exit: Connection refused (errno=111)
Nov 27 11:43:20 ovpn-server1[9767]: SIGTERM[hard,] received, process exiting
Nov 27 11:43:43 rc_service: httpd 3714:notify_rc restart_chpass;restart_vpnserver1
Nov 27 11:43:43 ovpn-server1[10930]: WARNING: POTENTIALLY DANGEROUS OPTION --verify-client-cert none|optional may accept clients which do not present a certificate
Nov 27 11:43:43 ovpn-server1[10930]: OpenVPN 2.6.16 arm-buildroot-linux-gnueabi [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Nov 27 11:43:43 ovpn-server1[10930]: library versions: OpenSSL 1.1.1w 11 Sep 2023, LZO 2.10
Nov 27 11:43:43 ovpn-server1[10931]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Nov 27 11:43:43 ovpn-server1[10931]: PLUGIN AUTH-PAM: initialization succeeded (fg)
Nov 27 11:43:43 ovpn-server1[10931]: PLUGIN_INIT: POST /usr/lib/openvpn-plugin-auth-pam.so '[/usr/lib/openvpn-plugin-auth-pam.so] [openvpn]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY
Nov 27 11:43:43 ovpn-server1[10931]: Diffie-Hellman initialized with 2048 bit key
Nov 27 11:43:43 ovpn-server1[10931]: TUN/TAP device tun21 opened
Nov 27 11:43:43 ovpn-server1[10931]: TUN/TAP TX queue length set to 1000
Nov 27 11:43:43 ovpn-server1[10931]: /usr/sbin/ip link set dev tun21 up mtu 1500
Nov 27 11:43:43 vpnserver1[10933]: PLUGIN AUTH-PAM: BACKGROUND: initialization succeeded
Nov 27 11:43:43 ovpn-server1[10931]: /usr/sbin/ip link set dev tun21 up
Nov 27 11:43:43 ovpn-server1[10931]: /usr/sbin/ip addr add dev tun21 10.8.0.1/24 broadcast +
Nov 27 11:43:43 ovpn-server1[10931]: ovpn-up 1 server tun21 1500 0 10.8.0.1 255.255.255.0 init
Nov 27 11:43:43 ovpn-server1[10931]: Socket Buffers: R=[524288->524288] S=[524288->524288]
Nov 27 11:43:43 ovpn-server1[10931]: UDPv4 link local (bound): [AF_INET][undef]:2025
Nov 27 11:43:43 ovpn-server1[10931]: UDPv4 link remote: [AF_UNSPEC]
Nov 27 11:43:43 ovpn-server1[10931]: MULTI: multi_init called, r=256 v=256
Nov 27 11:43:43 ovpn-server1[10931]: IFCONFIG POOL IPv4: base=10.8.0.2 size=253
Nov 27 11:43:43 ovpn-server1[10931]: Initialization Sequence Completed
Nov 27 11:43:44 ovpn-server1[10931]: *.*.*.*:33294 peer info: IV_VER=3.11.1
Nov 27 11:43:44 ovpn-server1[10931]: *.*.*.*:33294 peer info: IV_PLAT=android
Nov 27 11:43:44 ovpn-server1[10931]: *.*.*.*:33294 peer info: IV_NCP=2
Nov 27 11:43:44 ovpn-server1[10931]: *.*.*.*:33294 peer info: IV_TCPNL=1
Nov 27 11:43:44 ovpn-server1[10931]: *.*.*.*:33294 peer info: IV_PROTO=8094
Nov 27 11:43:44 ovpn-server1[10931]: *.*.*.*:33294 peer info: IV_MTU=1600
Nov 27 11:43:44 ovpn-server1[10931]: *.*.*.*:33294 peer info: IV_CIPHERS=AES-128-CBC:AES-192-CBC:AES-256-CBC:AES-128-GCM:AES-192-GCM:AES-256-GCM:CHACHA20-POLY1305
Nov 27 11:43:44 ovpn-server1[10931]: *.*.*.*:33294 peer info: IV_GUI_VER=net.openvpn.connect.android_3.7.1-10568
Nov 27 11:43:44 ovpn-server1[10931]: *.*.*.*:33294 peer info: IV_SSO=webauth,crtext
Nov 27 11:43:44 ovpn-server1[10931]: *.*.*.*:33294 peer info: IV_BS64DL=1
Nov 27 11:43:44 ovpn-server1[10931]: *.*.*.*:33294 PLUGIN_CALL: POST /usr/lib/openvpn-plugin-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
Nov 27 11:43:44 ovpn-server1[10931]: *.*.*.*:33294 TLS: Username/Password authentication succeeded for username 'Admin' [CN SET]
Nov 27 11:43:44 ovpn-server1[10931]: *.*.*.*:33294 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
Nov 27 11:43:44 ovpn-server1[10931]: *.*.*.*:33294 TLS: tls_multi_process: initial untrusted session promoted to trusted
Nov 27 11:43:44 ovpn-server1[10931]: *.*.*.*:33294 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, peer temporary key: 253 bits X25519
Nov 27 11:43:44 ovpn-server1[10931]: *.*.*.*:33294 [Admin] Peer Connection Initiated with [AF_INET]*.*.*.*:33294 (via [AF_INET]*.*.*.*%ppp0)
Nov 27 11:43:44 ovpn-server1[10931]: Admin/*.*.*.*:33294 MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=(Not enabled)
Nov 27 11:43:44 ovpn-server1[10931]: Admin/*.*.*.*:33294 MULTI: Learn: 10.8.0.2 -> Admin/*.*.*.*:33294
Nov 27 11:43:44 ovpn-server1[10931]: Admin/*.*.*.*:33294 MULTI: primary virtual IP for Admin/*.*.*.*:33294: 10.8.0.2
Nov 27 11:43:44 ovpn-server1[10931]: Admin/*.*.*.*:33294 SENT CONTROL [Admin]: 'PUSH_REPLY,route 192.168.50.0 255.255.255.0 vpn_gateway 500,dhcp-option DNS 192.168.50.1,redirect-gateway def1,route-gateway 10.8.0.1,topology subnet,ping 15,ping-restart 60,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM,protocol-flags cc-exit tls-ekm dyn-tls-crypt,tun-mtu 1500' (status=1)
Nov 27 11:43:44 ovpn-server1[10931]: Admin/*.*.*.*:33294 PUSH: Received control message: 'PUSH_REQUEST'
Nov 27 11:43:45 ovpn-server1[10931]: Admin/*.*.*.*:33294 Data Channel: cipher 'AES-256-GCM', peer-id: 0
Nov 27 11:43:45 ovpn-server1[10931]: Admin/*.*.*.*:33294 Timers: ping 15, ping-restart 120
Nov 27 11:43:45 ovpn-server1[10931]: Admin/*.*.*.*:33294 Protocol options: protocol-flags cc-exit tls-ekm dyn-tls-crypt
Nov 27 11:43:54 kernel: SBF: DNGL SBFTBL[1.0.0] hme [0xffffff8013207000] size [4096]
Nov 27 11:43:54 kernel: SBF: entries [512] type [0] offsets [16] [1040]
Nov 27 11:43:54 kernel: SBF: HOST SBFTBL[1.0.0] Initialized Type [0]
Nov 27 11:43:54 kernel: SBF: hdr [0xffffff8013207000] bfwtbl [0xffffff8013207010] addrtbl [0xffffff8013207410]
Nov 27 11:43:54 kernel: SBF: Table dump: (entries w/ all-zero MAC@s will be skipped)
Nov 27 11:43:54 kernel: SBF: entry SBF MAC
Nov 27 11:43:54 kernel: SBF: dhd1: INIT [9e:d4:9f:f0:33:fd] ID 65535 BFW 65535 THRSH 2048
Nov 27 11:43:54 wlceventd: wlceventd_proc_event(695): wl1.1: ReAssoc 9E

4:9F:F0:33:FD, status: Successful (0), rssi:-65
Nov 27 11:43:58 ovpn-server1[10931]: Admin/*.*.*.*:33294 Delayed exit in 5 seconds
Nov 27 11:43:58 ovpn-server1[10931]: read UDPv4 [CMSG=8|ECONNREFUSED]: Connection refused (fd=10,code=111)
Nov 27 11:43:59 ovpn-server1[10931]: read UDPv4 [CMSG=8|ECONNREFUSED]: Connection refused (fd=10,code=111)
Nov 27 11:43:59 ovpn-server1[10931]: read UDPv4 [CMSG=8|ECONNREFUSED]: Connection refused (fd=10,code=111)
Nov 27 11:44:00 ovpn-server1[10931]: read UDPv4 [CMSG=8|ECONNREFUSED]: Connection refused (fd=10,code=111)
Nov 27 11:44:00 ovpn-server1[10931]: read UDPv4 [CMSG=8|ECONNREFUSED]: Connection refused (fd=10,code=111)
Nov 27 11:44:01 ovpn-server1[10931]: read UDPv4 [CMSG=8|ECONNREFUSED]: Connection refused (fd=10,code=111)
Nov 27 11:44:03 ovpn-server1[10931]: Admin/*.*.*.*:33294 SIGTERM[soft,delayed-exit] received, client-instance exiting
Nov 27 11:44:24 wlceventd: wlceventd_proc_event(645): wl0.1: Deauth_ind 9E

4:9F:F0:33:FD, status: 0, reason: Disassociated due to inactivity (4), rssi:-61
Nov 27 11:44:24 kernel: WLC_SCB_DEAUTHORIZE error (-30)
Nov 27 11:44:24 kernel: update bss - wpa_ie and wpa2_ie is not null
Nov 27 11:45:18 ovpn-server1[10931]: read UDPv4 [CMSG=8|ECONNREFUSED|CMSG=8|ECONNREFUSED]: Connection refused (fd=10,code=111)
Nov 27 11:45:18 ovpn-server1[10931]: read UDPv4 [CMSG=8|ECONNREFUSED]: Connection refused (fd=10,code=111)
Nov 27 11:45:21 ovpn-server1[10931]: read UDPv4 [CMSG=8|ECONNREFUSED|CMSG=8|ECONNREFUSED]: Connection refused (fd=10,code=111)
Nov 27 11:45:25 ovpn-server1[10931]: read UDPv4 [CMSG=8|ECONNREFUSED|CMSG=8|ECONNREFUSED]: Connection refused (fd=10,code=111)
Nov 27 11:45:50 ovpn-server1[10931]: read UDPv4 [CMSG=8|ECONNREFUSED|CMSG=8|ECONNREFUSED]: Connection refused (fd=10,code=111)
Nov 27 11:46:18 ovpn-server1[10931]: *.*.*.*:38895 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Nov 27 11:46:18 ovpn-server1[10931]: *.*.*.*:38895 TLS Error: TLS handshake failed
Nov 27 11:46:18 ovpn-server1[10931]: *.*.*.*:38895 SIGUSR1[soft,tls-error] received, client-instance restarting

I also have try wireguard and it gives me the same error, only working in lan but timeout form outside my net.

stephane_lunas · Nov 30, 2025

Anyone ?

secCrazy · Monday at 10:39 PM

Hello stephane... DID YOU SOLVE YOUR ISSUE? I am having a related issue that I have posted as secCrazy which I have posted here again. Any pointers?

ASUS router (BE-88U) was working fine until last week and it just stopped connecting to internet. I use proton vpn and never had issues with it. Contacted ISP, Proton and ASUS. ISP and Proton said it is not their problem and suggested talking to ASUS.
So, the issue happens only when the VPN is turned on. Otherwise, I am able to access the internet. The last update of the firmware was in October 2025. I am using the stock firmware and *not* merlin. ASUS does mention that they will push security updates whenever there is one necessary. So, I am not sure whether a silent security update happened or not. ASUS is yet to confirm the issue. But, their support phone call has an option (option 9) that has a prerecorded message that their security update caused several routers to go offline. Their suggestion was to save settings, do a factory reset and restore settings. I have done that about 3 times. But, the VPN and router do not get along.

Is anyone having this issue with Proton VPN and ASUS router with the latest firmware update? The Firmware version is 3.0.0.6.102_39112, release date: 10/29/2025
Any solution will be much appreciated.

Thanks...

Thread starter	Title	Forum	Replies	Date
J	RT-BE88U: IPv6 routing fails for LAN clients	ASUS BE Routers & Adapters (Wi-Fi 7)	29	Feb 16, 2026
	RT-BE88U and logs	ASUS BE Routers & Adapters (Wi-Fi 7)	12	Feb 14, 2026
	RT-BE88U seems to have its power cord switched in early 2024.	ASUS BE Routers & Adapters (Wi-Fi 7)	1	Feb 3, 2026
J	Adding RT-BE88U guest network messes up Spotify Connect for IOT network devices	ASUS BE Routers & Adapters (Wi-Fi 7)	10	Jan 11, 2026
J	RT-BE88u 2.4ghz network dying	ASUS BE Routers & Adapters (Wi-Fi 7)	20	Jan 7, 2026
Z	BE88U replace AX88U with VLAN	ASUS BE Routers & Adapters (Wi-Fi 7)	35	Dec 12, 2025
G	BE88U - showing "Not Secure" since firmware update	ASUS BE Routers & Adapters (Wi-Fi 7)	14	Nov 22, 2025
	Bluetooth coexistence setting missing on the RT-BE88U in professional settings?	ASUS BE Routers & Adapters (Wi-Fi 7)	2	Nov 19, 2025
	Asus RT-BE88U - missing 160mhz channel bandwidth	ASUS BE Routers & Adapters (Wi-Fi 7)	25	Nov 18, 2025
	RT-BE88U wifi.....slows?	ASUS BE Routers & Adapters (Wi-Fi 7)	10	Nov 18, 2025

Search

Search

RT-BE88U Openvpn only working on same lan

stephane_lunas

New Around Here

stephane_lunas

New Around Here

secCrazy

Occasional Visitor

Similar threads

Similar threads

Latest threads

Support SNBForums w/ Amazon

Sign Up For SNBForums Daily Digest

Members online

We value your privacy