wmdanielintx, welcome. Is your router an Asus RT-AC68 or a reflashed tmobile TMAC1900? Either way it's an excellent unit. There's a vast trove of information on the forum, and you've only begun to scratch the surface. Start with the wiki, FAQ and all topics regarding your model. Yorgi wrote an excellent VPN guide which may help you. The longer you read/research, the less you will need to post or wait for someone to see your post and answer. Any problem or question you can think of has probably been asked/answered in several ways over time. After years of reading, I pick up great tips every day from all sections.
First, check your OpenVPN client page, there should be a number next to the field named "connection retry" representing the number of seconds the config waits until attempting to reconnect to your provider when the tunnel drops for any reason. You provider's support section should be able to sort this out for you, or you can contact your provider directly to ask why you have so many disconnects with a config or server. Drops are caused for any number of reasons, bad connections, server congestion, etc. If you know the date/times of the disconnects, you can provide that info to your provider; it might help them fix the problem. Perhaps they can provide an updated config that can solve the disconnect problem.
You get what you pay for, more or less, but it includes your VPN provider's support service; most are responsive when things go wrong, but aren't keen to give lessons or support configuring user's routers or firmware. Exceptions; some of the better providers have specific illustrations, tutorials or videos for configuring Asuswrt-Merlin firmware on your router, i.e., Nord, HMA, and others. If you feel your provider isn't helpful or won't provide you with adequate support on your issue, consider taking your business to another provider. There are a rew good domestic providers who are always happy to add good customers.
Try removing all DNS server listings on the WAN page and be sure you've checked 'NO' for the 'connect to DNS server automatically' button, then save/apply. On the LAN DHCP page, place only your VPN provider's DNS address - as long as you don't have any devices that must have access to WAN/ ISP. If you have a finicky device that won't work after you set the DNS this way, you can try entering a second DNS such as google's public DNS server, i.e., 8.8.8.8 as a secondary DNS, or a good address from OpenNIC. Make sure you understand which OpenNIC DNS servers you shouldn't list. For instance, if there's an accidental tunnel drop and somehow you spring a leak, a bad DNS server might suddenly begin broadcasting to your ISP that you're Hong Kong or the Antarctica, which is best avoided, unless of course you don't mind them knowing your business. We list only the VPN provider's DNS address in that field for that reason, and it works well for us.
If you've assigned a static IP for your devices, also be sure to enter the the correct address range for the devices traveling over your OpenVPN tunnels. On the same LAN DHCP page, the IP Pool Starting/Ending Address range should read 192.168.1.2 to 192.168.1.100 (save/apply), unless of course you have other address ranges you have to consider for your network. The topmost address should always be 192.168.1.100 to ensure that the devices all work properly with this firmware. Please, read RMerlin's wiki on this specific topic, to be sure my phrasing doesn't throw you off. I do my best to be accurate in my description, but we all make mistakes at times.
Go to your VPN client page and try changing your policy rules to 'ALL' and save/apply, so that only the devices you have listed/routed to that client are all that's traveling through that tunnel. "Policy Rules-Strict" should work, but you can try it anyway since you can set it back if you discover there's no change. All of this can become trickier if there's actually a device somewhere that you want to drop to WAN/ISP. It's possible to force the router itself to go through your tunnel, which is covered elsewhere in the VPN wiki and in other threads/sections. If the router itself goes through the VPN tunnel, this may cause delays you find unacceptable. As long as -all- devices use only your VPN provider's network, and never drops to WAN/ISP, this method should work well for you. Crossed fingers
You can also set the provider's DNS server address manually in your devices/computer if necessary, so that if/when your tunnel drops for any reason, the DNS address listed is the only address the device sees or knows to look for. Since it won't have anywhere else to to go, it will sit there and keep trying it until it reconnects when your tunnel is up and running again. Most of the time, you should be able to leave your device network settings on automatic, since the router is responsible for providing the lookups for the devices. Note, if your VPN provider's DNS is manually entered into your router's DNS (or your device) per the above, the provider's network will either ignore that listing, or translate that DNS address internally to the correct destination using their DNS wizard-magic.
I hope this info is of help. Good luck and Cheers.
