Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

RT-N66U - OpenVPN Client Issues - Firmware 380.68_4

Discussion in 'Asuswrt-Merlin' started by PeaceNoWar, Oct 11, 2017.

  1. PeaceNoWar

    PeaceNoWar Occasional Visitor

    Joined:
    Dec 23, 2015
    Messages:
    11
    I'm starting to wonder if I'm the only person on the planet using the OpenVPN client option.
    It's always been buggy and after every update it either stays the same or gets worse.
    At the moment, it's the worst it's ever been.
    It's having trouble turning on with WAN and having trouble staying on when turned on manually.
    Also, clicking the OpenVPN Servers tab now often causes the interface to become unresponsive (I don't use the server option; just the client option - this is just another bug I happened to noticed).
    Eventually, I couldn't get the client to turn on any more and reverted back to older firmware.
    If you need me to test anything specific for you, let me know, and I'll put the new firmware back on.


    Router: RT-N66U
    Firmware: 380.68_4
     
  2. Zirescu

    Zirescu Very Senior Member

    Joined:
    Jul 16, 2013
    Messages:
    668
    Location:
    Kelowna, BC
    What does the system log report when you have issues? My client runs 24/7 without issues, if you haven't done a factory reset recently and manual setting setup I'd recommend doing so. Don't restore settings from a previous version.
     
    PeaceNoWar likes this.
  3. st3v3n

    st3v3n Occasional Visitor

    Joined:
    Feb 24, 2016
    Messages:
    12
    Location:
    cent US
    Hi Peace, I wondered the same thing, after my latest update to 380.68_4, and when I shut the openvpn server off since it wasn't needed, I likely forgot to save a step somewhere. The result was that I had to spend a good bit of time getting the router GUI back up (it got lost somewhere, different thread). I don' especially need or use the server, but I do experiment with different openvpn configs from my VPN provider. If you do don't turn off a client off and save everything before proceding to input a new one, or adjust parameters, then save it before proceeding, it tends to have a negative effect, that will mess with the router and your state of being. With my AC3200, if a complete reset is required, it takes longer now than it ever did before, at least it feels that way, but as long as you input a new config in the proper sequence each time after a reset, then save, logout, power down and reboot, it's usually worked for me; YMMV. It's good to be a creature of habit (I log my procedures) when working with theses beasties. I have to put on my old guy retired mainframe operator's hat, anytime I think about futzing with the router. Sometimes when I'm playing with the router it's seems that I'm in the past, working on Sperry Univac models in the early 80s, but we only had 300bps back then. Hope this is helpful to you, good luck.
     
    PeaceNoWar likes this.
  4. PeaceNoWar

    PeaceNoWar Occasional Visitor

    Joined:
    Dec 23, 2015
    Messages:
    11
    Thank you for the suggestion. I put the new firmware back on and did a factory reset and, so far, the VPN and interface seems to be working properly. Though at one point, while saving a setting, the interface did become unresponsive instead of refreshing. I'll just have to see how things go after using the router for a while.


    I appreciate you sharing that information. That just happens to be exactly what I was doing shortly before the VPN stopped working altogether. Now that I have the VPN working again with the new firmware, I'm going to put it through some normal use for a while to see if any of the old buggy behavior resurfaces. If not, I'll try various things (such as what you mentioned) to see if I can trigger bugs and report back here with details.


    EDIT: The issues returned shortly after I posted this (upon turning the VPN client off via the web UI). When turned back on, the VPN client wouldn't stay turned on and wouldn't turn on automatically with WAN when set to do so. I reverted back to older firmware again. I'll try updating to latest firmware again in a few months to see if it's all been resolved.
     
    Last edited: Oct 13, 2017 at 11:26 AM
  5. st3v3n

    st3v3n Occasional Visitor

    Joined:
    Feb 24, 2016
    Messages:
    12
    Location:
    cent US
    PeaceNoWar; Glad to help. Everytime I go through a FW update, I backup/save everything before log out, then I remove the power from the router before firing it up and logging back in. I know, some claim the routine is overkill and isn't needed, but it's always saved me a lot of grief. I used Asus factory FW once, for about 20 minutes some years ago. I went directly to RMerlin's fork and never looked back. His (or John's) fork is the only option for Asus routers for my two cents, and many (hundreds of) thousands of RMerlin (and John's fork) users can't be wrong. Weird things happen to everyone, so faith in hardware FW/software only goes so far. Things almost always go right, but I still fetch a fresh config from the provider before starting the routine each upgrade and place it on the openvpn client afterwards; it loads/savesquickly, and no former settings are left to give you a headache - unless they left a bug in the config; it happens. Most VPN nets will populate within a few seconds or minutes. If the client takes more than an hour, you can wait or bit longer and/or reload a different config/server the next day. Check everything in the router at least three times, remain patient and calm. You can check with support at your VPN provider for their status. I use a couple of external IP pages up to alert me on the computer, checking response times or if the IP changes. I'm not always logged into the router. If your system is only partially up for the day, somedays I only watch TV or use a tablet, and the outside IP displays on an iPad with a couple of extra apps that shows where the client is and if there's errant leakage. You could try using the Asus mobile tool, or other more elaborate apps that exist for iOS. I quit using android for a while, since my android tablet can't be upgraded without serious pain, but there are apps for those too, if you can stand ads, or pay for them. I keep a current openvpn config waiting in the iPad, in case the router or openvpn client has issues, to tell me it's time to futz around inside the router. The iPad runs slower when it has to run the openvpnconnect client and VPN provider config, an L2TP config would be faster still be fairly safe. Some VPN provider's have their own iOS client; anything beats having the system vulnerable when you have router/config problems.

    I respect what Zirescu said; many people run their home systems 24/7, I just don't have a need to. It saves us a bundle on today's electric bill. Nothing gets through to the system when it's totally removed from power. If you're not using the router/system overnight or are gone for the day, modern gear isn't harmed if you power it down properly. I've never lost a piece of gear doing so, not counting a few old Maxtor HDDs. It takes only a short time to power the gear up to be running again, and you don't have to program the router to restart automatically every so often. ISPs claim you should never to turn off their modems, but we own ours, and I've always ignored them. Many guys have worked for ISPs or networks and understand how it works these days. ISP's know most of us all use VPNs now, and to claim they can't connect us if we turn the gear off, is bogus. Their systems take less than one minute to sync to your service. If you aren't secured when you connect, they're logging and selling all of your traffic, (or someone else is). Ahem. Our router/entire system is powered down at night and up the next morning in sequence, getting the Asus a clean start. It just works for me. Our router/modem is also on it's own UPS battery backup in case of voltage fluctuations that will cause a VPN connection to drop/corrupt; the system is on another. A power panel with seperate switches makes the sequence each day easy. If money or gear isn't an issue, ignore this bit. I still don't need 24/7 access. From the power fluctiuation-security aspect, if the openvpn client isn't settling down, and doesn't resolve to any setting or to any openclient/route you place in the box, there's something else to consider. Before Asus's20-year probation, bad things happened to people who depended on Asus, from shoddy work; RMerlin (and John among others) work on it constantly. I was running an older RMerlin build before the holes in question were patched, but that had nothing to do with his work. Somehow, a nasty critter made his way through our VPN, the modem, the router/firewall/openvpn client one night (true and humbling) before hitting the internal firewall (NSA and others do it, and the extremely skilled bad dudes). If you're not involved in anything untoward, that scenerio is unlikely, but the film, 'Firewall' comes to mind. Only once, in 20 years at home, I had proof on our router log we'd been punked. A day's worth of logs at minimum, on a flash or an encrypted hard drive connected to the router, helps you track down what happens in the router. You'll be happier and troubleshooting is easier. Later I learned our VPN provider had been attacked for a full month, 24/7 by non-state actors. They flew a guy in to help get a handle on things and alerts went up the ladder. Everyone's being hammered continually now. Some guy got through to us, didn't damage us, so lessons learned. If your client continues acts strangely for more than a day so, you don't have to take it for granted it's the router or a flaky openvpn client, they generally just work quite well. If you've swapped configs and tried all of the tricks, it never takes very long for openvpn tunnels to resolve. The RAM in the router usually sorts things out fairly rapidly, unless you've really got a lot going on inside, without a flash or HDD attached.. You won't get anywhere asking your ISP for assistance, but check your cables and fittings anyway. I've seen old cable or wires cause problems, and had to resort to a service call, but there are times you think aliens are inside the box.

    Try an L2TP config before giving up, or ask an experienced tech friend to lay a friendly set of eyes on the problem. Ask your VPN support contact if they've been severely attacked during this period, tell them the connection you've had issues with. They'll know before you do and probably tell you if you're a good customer, if you contact them directly, not in the customer forum. It's probably the route/router rather than the provider and I've asked for monitoring assistance only once after I knew my router wasn't at fault. Most VPNs in the US are run by decent guys. I've trusted our provider for years, but you could try a month's worth of VPN service with another provider if you suspect the VPN service (that's all I can think of for today). If there's no internal security issue or problem with the box you can idenity, borrow someone's backup router if possible, if you don't have a backup. I keep three older Asus boxes loaded with as current FW as they can handle, because they can and do eventually fail. If someone -is- attacking a provider, as in our case, you can wait it out if they're on top of the problem. We pay reputable VPNs in this country -not- to log/monitor us, so before you ask them monitor your connection, be sure your side is clean (I'm sure it is). Most people won't ask for that kind of help, but you're paying them for your service, and they're usually ahead of the curve. I keep a day's worth of logs for the router, to be certain, but openvpn routes should be set to drop instead of failing to the ISP. With the limited amount of RAM in the Asus, especially if you have lots of backgroung things going on, you can never have enough data to help you figure out a problem. If your Asus is old or hasn't been turned off for years or suffered a power hit, you still probably don't need a new router, but they're getting less expensive. If you're still stumped after a week, post back and someone will likely try to help. I didn't intend to ramble. Peace, no pun intended.
     
    Last edited: Oct 18, 2017 at 6:27 PM
    PeaceNoWar likes this.

Share This Page