What's new

Unable to connect to internet with OpenVPN

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

aaronac8

Occasional Visitor
I just upgraded my Merlin firmware to 384.11_2 and am unable to connect to the internet when I enable my OpenVPN (both with NordVPN and SaferVPN). I have followed the setup per my VPN providers. When I use policy rules, the clients associated with my VPN do not have internet access when the other clients do. Anyone else have this problem after upgrading?
 
Post your OpenVPN client configuration. My first guess is your issue lies with DNS mode, which for some providers need to be set to Exclusive.
 
Any error message in the system log when you connect it?

I personally use NordVPN here for testing, and it's working fine for me.
 

Surely this setting must be NO ?

upload_2019-6-20_19-53-18.png
 
When I upload the ovpn file, it has text in the custom configuration section. Yet my VPN tells me to enter different text there. Do I delete what was entered by the ovpn file and paste what my VPN provider tells me to enter or do I add to what is already there?
 
I don’t understand....if it is NO then how will I connect?

OpenVPN connections are secure because they use PKI certificates to ensure a secure authenticated logon.

i.e. without the secure keys a potential hacker would have to guess them which is probably isn't possible/worth the effort.

upload_2019-6-20_20-52-9.png


If 'Username/Password Auth. Only=YES', then the PKI certificates are ignored as it is deemed the OpenVPN server doesn't support them, so now the potential hacker would only need to guess the Username and Password....much easier, which is why by default this value should always be set to 'NO' when connecting to a commercial VPN provider.
 
I was told by saferVPN support to use L2TP instead of OpenVPN...thoughts?

Unlike OpenVPN, L2TP does not provide confidentiality or strong authentication by itself.
IPsec is often used to secure L2TP packets by providing confidentiality, authentication, and integrity.
The combination of these two protocols is generally known as L2TP/IPsec.

Whilst AsusWRT-Merlin does support an L2TP/IPsec server on HND models, does the firmware support an L2TP/IPSec client? - NO
 
Last edited:
Please see admin file log.... Still unable to connect to internet with no problem connecting to vpn
Well the VPN Client 1 connection appears to be successful.....
Code:
Jun 21 07:00:14 ovpn-client1[2450]: Initialization Sequence Completed
then weirdly, 8 seconds later the connection is terminated:
Code:
Jun 21 07:00:22 ovpn-client1[2450]: [SaferVPN] Inactivity timeout (--ping-restart), restarting
Jun 21 07:00:22 ovpn-client1[2450]: SIGUSR1[soft,ping-restart] received, process restarting
Jun 21 07:00:22 ovpn-client1[2450]: Restart pause, 5 second(s)
and after the default 5 second delay, the connection is reattempted:
Code:
Jun 21 07:00:27 ovpn-client1[2450]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jun 21 07:00:27 ovpn-client1[2450]: TCP/UDP: Preserving recently used remote address: [AF_INET]66.23.202.66:1194
Jun 21 07:00:27 ovpn-client1[2450]: Socket Buffers: R=[122880->245760] S=[122880->245760]
Jun 21 07:00:27 ovpn-client1[2450]: UDP link local: (not bound)
Jun 21 07:00:27 ovpn-client1[2450]: UDP link remote: [AF_INET]66.23.202.66:1194
Jun 21 07:00:27 ovpn-client1[2450]: TLS: Initial packet from [AF_INET]66.23.202.66:1194, sid

I suggest you try and eliminate some of the SaferVPN pushed directives to see if the connection stays up more than 8 seconds

i.e. add the following to the VPN Client 1 cCustom configuration
Code:
auth-nocache
reneg-sec 86400
pull-filter ignore "sndbuf"
pull-filter ignore "rcvbuf"
pull-filter ignore "ping"
 
Well the VPN Client 1 connection appears to be successful.....
Code:
Jun 21 07:00:14 ovpn-client1[2450]: Initialization Sequence Completed
then weirdly, 8 seconds later the connection is terminated:
Code:
Jun 21 07:00:22 ovpn-client1[2450]: [SaferVPN] Inactivity timeout (--ping-restart), restarting
Jun 21 07:00:22 ovpn-client1[2450]: SIGUSR1[soft,ping-restart] received, process restarting
Jun 21 07:00:22 ovpn-client1[2450]: Restart pause, 5 second(s)
and after the default 5 second delay, the connection is reattempted:
Code:
Jun 21 07:00:27 ovpn-client1[2450]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jun 21 07:00:27 ovpn-client1[2450]: TCP/UDP: Preserving recently used remote address: [AF_INET]66.23.202.66:1194
Jun 21 07:00:27 ovpn-client1[2450]: Socket Buffers: R=[122880->245760] S=[122880->245760]
Jun 21 07:00:27 ovpn-client1[2450]: UDP link local: (not bound)
Jun 21 07:00:27 ovpn-client1[2450]: UDP link remote: [AF_INET]66.23.202.66:1194
Jun 21 07:00:27 ovpn-client1[2450]: TLS: Initial packet from [AF_INET]66.23.202.66:1194, sid

I suggest you try and eliminate some of the SaferVPN pushed directives to see if the connection stays up more than 8 seconds

i.e. add the following to the VPN Client 1 cCustom configuration
Code:
auth-nocache
reneg-sec 86400
pull-filter ignore "sndbuf"
pull-filter ignore "rcvbuf"
pull-filter ignore "ping"
Thank you for your reply!!!.....I am a nubbie at this, do I add what you wrote above AFTER what is already in the custom configuration?
 
Thank you for your reply!!!.....I am a nubbie at this, do I add what you wrote above AFTER what is already in the custom configuration?
I have no idea what the current custom directives are, so you should post them here, and replace all of them with the five directives.

The intention is to establish a reliable connection, then you may simply reapply the existing directives one-by-one and/or delete the 'pull-filter' filters one-by-one to identify which directive causes the 8 second restart.
 
I have no idea what the current custom directives are, so you should post them here, and replace all of them with the five directives.

The intention is to establish a reliable connection, then you may simply reapply the existing directives one-by-one and/or delete the 'pull-filter' filters one-by-one to identify which directive causes the 8 second restart.
This is what I have under custom config:

remote-cert-tls server
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping-timer-rem
reneg-sec 0
# log /tmp/vpn.log
 
Turns out, the error is on SaferVPN side....they are still trying to figure out the problem which appears to be with their servers or protocol. NordVPN is working fine with OpenVPN.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top