PeaceNoWar; Glad to help. Everytime I go through a FW update, I backup/save everything before log out, then I remove the power from the router before firing it up and logging back in. I know, some claim the routine is overkill and isn't needed, but it's always saved me a lot of grief. I used Asus factory FW once, for about 20 minutes some years ago. I went directly to RMerlin's fork and never looked back. His (or John's) fork is the only option for Asus routers for my two cents, and many (hundreds of) thousands of RMerlin (and John's fork) users can't be wrong. Weird things happen to everyone, so faith in hardware FW/software only goes so far. Things almost always go right, but I still fetch a fresh config from the provider before starting the routine each upgrade and place it on the openvpn client afterwards; it loads/savesquickly, and no former settings are left to give you a headache - unless they left a bug in the config; it happens. Most VPN nets will populate within a few seconds or minutes. If the client takes more than an hour, you can wait or bit longer and/or reload a different config/server the next day. Check everything in the router at least three times, remain patient and calm. You can check with support at your VPN provider for their status. I use a couple of external IP pages up to alert me on the computer, checking response times or if the IP changes. I'm not always logged into the router. If your system is only partially up for the day, somedays I only watch TV or use a tablet, and the outside IP displays on an iPad with a couple of extra apps that shows where the client is and if there's errant leakage. You could try using the Asus mobile tool, or other more elaborate apps that exist for iOS. I quit using android for a while, since my android tablet can't be upgraded without serious pain, but there are apps for those too, if you can stand ads, or pay for them. I keep a current openvpn config waiting in the iPad, in case the router or openvpn client has issues, to tell me it's time to futz around inside the router. The iPad runs slower when it has to run the openvpnconnect client and VPN provider config, an L2TP config would be faster still be fairly safe. Some VPN provider's have their own iOS client; anything beats having the system vulnerable when you have router/config problems.
I respect what Zirescu said; many people run their home systems 24/7, I just don't have a need to. It saves us a bundle on today's electric bill. Nothing gets through to the system when it's totally removed from power. If you're not using the router/system overnight or are gone for the day, modern gear isn't harmed if you power it down properly. I've never lost a piece of gear doing so, not counting a few old Maxtor HDDs. It takes only a short time to power the gear up to be running again, and you don't have to program the router to restart automatically every so often. ISPs claim you should never to turn off their modems, but we own ours, and I've always ignored them. Many guys have worked for ISPs or networks and understand how it works these days. ISP's know most of us all use VPNs now, and to claim they can't connect us if we turn the gear off, is bogus. Their systems take less than one minute to sync to your service. If you aren't secured when you connect, they're logging and selling all of your traffic, (or someone else is). Ahem. Our router/entire system is powered down at night and up the next morning in sequence, getting the Asus a clean start. It just works for me. Our router/modem is also on it's own UPS battery backup in case of voltage fluctuations that will cause a VPN connection to drop/corrupt; the system is on another. A power panel with seperate switches makes the sequence each day easy. If money or gear isn't an issue, ignore this bit. I still don't need 24/7 access. From the power fluctiuation-security aspect, if the openvpn client isn't settling down, and doesn't resolve to any setting or to any openclient/route you place in the box, there's something else to consider. Before Asus's20-year probation, bad things happened to people who depended on Asus, from shoddy work; RMerlin (and John among others) work on it constantly. I was running an older RMerlin build before the holes in question were patched, but that had nothing to do with his work. Somehow, a nasty critter made his way through our VPN, the modem, the router/firewall/openvpn client one night (true and humbling) before hitting the internal firewall (NSA and others do it, and the extremely skilled bad dudes). If you're not involved in anything untoward, that scenerio is unlikely, but the film, 'Firewall' comes to mind. Only once, in 20 years at home, I had proof on our router log we'd been punked. A day's worth of logs at minimum, on a flash or an encrypted hard drive connected to the router, helps you track down what happens in the router. You'll be happier and troubleshooting is easier. Later I learned our VPN provider had been attacked for a full month, 24/7 by non-state actors. They flew a guy in to help get a handle on things and alerts went up the ladder. Everyone's being hammered continually now. Some guy got through to us, didn't damage us, so lessons learned. If your client continues acts strangely for more than a day so, you don't have to take it for granted it's the router or a flaky openvpn client, they generally just work quite well. If you've swapped configs and tried all of the tricks, it never takes very long for openvpn tunnels to resolve. The RAM in the router usually sorts things out fairly rapidly, unless you've really got a lot going on inside, without a flash or HDD attached.. You won't get anywhere asking your ISP for assistance, but check your cables and fittings anyway. I've seen old cable or wires cause problems, and had to resort to a service call, but there are times you think aliens are inside the box.
Try an L2TP config before giving up, or ask an experienced tech friend to lay a friendly set of eyes on the problem. Ask your VPN support contact if they've been severely attacked during this period, tell them the connection you've had issues with. They'll know before you do and probably tell you if you're a good customer, if you contact them directly, not in the customer forum. It's probably the route/router rather than the provider and I've asked for monitoring assistance only once after I knew my router wasn't at fault. Most VPNs in the US are run by decent guys. I've trusted our provider for years, but you could try a month's worth of VPN service with another provider if you suspect the VPN service (that's all I can think of for today). If there's no internal security issue or problem with the box you can idenity, borrow someone's backup router if possible, if you don't have a backup. I keep three older Asus boxes loaded with as current FW as they can handle, because they can and do eventually fail. If someone -is- attacking a provider, as in our case, you can wait it out if they're on top of the problem. We pay reputable VPNs in this country -not- to log/monitor us, so before you ask them monitor your connection, be sure your side is clean (I'm sure it is). Most people won't ask for that kind of help, but you're paying them for your service, and they're usually ahead of the curve. I keep a day's worth of logs for the router, to be certain, but openvpn routes should be set to drop instead of failing to the ISP. With the limited amount of RAM in the Asus, especially if you have lots of backgroung things going on, you can never have enough data to help you figure out a problem. If your Asus is old or hasn't been turned off for years or suffered a power hit, you still probably don't need a new router, but they're getting less expensive. If you're still stumped after a week, post back and someone will likely try to help. I didn't intend to ramble. Peace, no pun intended.