VPN selective routing keeps stopping

[BrettAltea]

Hi all

Just joined. I'm using the latest stable release of the Merlin firmware on my Asus rt-ac88u. Recently I just signed up for a VPN so I can access US Netflix from Australia. I then setup "Policy Rules" under "Redirect Internet Traffic" and assigned the static IP for my Samsung TV. This is so only our TV will use the VPN so as not to slow down the rest of our internet traffic.

This works well except for every couple of hours the TV stops being able to access the internet. To get it to work again I need to delete the SamsungTV from the section "Rules for routing client traffic through the tunnel", click "Apply", then re-enter the SamsungTV and click "Apply" again. Then the TV will be able to access the internet (and Netflix) again.

This has happened consistently since I set it up three days ago. Attached are screenshots of my setup, minus the username and password. Any assistance would be appreciated.

 

[BrettAltea]

In case it is pertinent the VPN provider I am using is VPNarea

 

[RMerlin]

Check your System Log to see if something is disrupting the tunnel.

 

[BrettAltea]

The only thing that looks different around the time of disconnect is the following:

Mar 22 18:09:18 pptpd[31226]: CTRL: EOF or bad error reading ctrl packet length.
Mar 22 18:09:18 pptpd[31226]: CTRL: couldn't read packet header (exit)
Mar 22 18:09:18 pptpd[31226]: CTRL: CTRL read failed

Otherwise every hour it is this:

Mar 22 18:27:03 openvpn[6465]: TLS: tls_process: killed expiring key
Mar 22 18:27:05 openvpn[6465]: TLS: soft reset sec=0 bytes=56960/-1 pkts=706/0
Mar 22 18:27:06 openvpn[6465]: VERIFY OK: depth=1, CN=Colibri CA
Mar 22 18:27:06 openvpn[6465]: Validating certificate key usage
Mar 22 18:27:06 openvpn[6465]: ++ Certificate has key usage 00a0, expects 00a0
Mar 22 18:27:06 openvpn[6465]: VERIFY KU OK
Mar 22 18:27:06 openvpn[6465]: Validating certificate extended key usage
Mar 22 18:27:06 openvpn[6465]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Mar 22 18:27:06 openvpn[6465]: VERIFY EKU OK
Mar 22 18:27:06 openvpn[6465]: VERIFY OK: depth=0, CN=colibri
Mar 22 18:27:08 openvpn[6465]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mar 22 18:27:08 openvpn[6465]: Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Mar 22 18:27:08 openvpn[6465]: Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mar 22 18:27:08 openvpn[6465]: Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Mar 22 18:27:08 openvpn[6465]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA

 

[skeal]

The only thing that looks different around the time of disconnect is the following:

Mar 22 18:09:18 pptpd[31226]: CTRL: EOF or bad error reading ctrl packet length.
Mar 22 18:09:18 pptpd[31226]: CTRL: couldn't read packet header (exit)
Mar 22 18:09:18 pptpd[31226]: CTRL: CTRL read failed

Otherwise every hour it is this:

Mar 22 18:27:03 openvpn[6465]: TLS: tls_process: killed expiring key
Mar 22 18:27:05 openvpn[6465]: TLS: soft reset sec=0 bytes=56960/-1 pkts=706/0
Mar 22 18:27:06 openvpn[6465]: VERIFY OK: depth=1, CN=Colibri CA
Mar 22 18:27:06 openvpn[6465]: Validating certificate key usage
Mar 22 18:27:06 openvpn[6465]: ++ Certificate has key usage 00a0, expects 00a0
Mar 22 18:27:06 openvpn[6465]: VERIFY KU OK
Mar 22 18:27:06 openvpn[6465]: Validating certificate extended key usage
Mar 22 18:27:06 openvpn[6465]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Mar 22 18:27:06 openvpn[6465]: VERIFY EKU OK
Mar 22 18:27:06 openvpn[6465]: VERIFY OK: depth=0, CN=colibri
Mar 22 18:27:08 openvpn[6465]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mar 22 18:27:08 openvpn[6465]: Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Mar 22 18:27:08 openvpn[6465]: Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mar 22 18:27:08 openvpn[6465]: Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Mar 22 18:27:08 openvpn[6465]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA

Looks like the first log you have here is about a pptp vpn connection. In the past I've found no way to use both openvpn and pptp protocols at the same time. Pptp doesn't allow a lot of options. If you have a pptp configuration or profile delete it and test.

 

[Martineau]

Looks like the first log you have here is about a pptp vpn connection. In the past I've found no way to use both openvpn and pptp protocols at the same time. Pptp doesn't allow a lot of options. If you have a pptp configuration or profile delete it and test.

PPTPD is the PPTP Server.

The OP has probably enabled it (either by design or accident) and the messages indicate that there has been a random access attempt from the Internet by someone (or more likely a port scanner) hoping to find a weak password.

P.S. In the past I have run 2 OpenVPN Servers, 3 OpenVPN Clients, 1 PPTPD Server and either a PPTP or L2TP Client concurrently - tricky but it does work.

 

[skeal]

PPTPD is the PPTP Server.

The OP has probably enabled it (either by design or accident) and the messages indicate that there has been a random access attempt from the Internet by someone (or more likely a port scanner) hoping to find a weak password.

P.S. In the past I have run 2 OpenVPN Servers, 3 OpenVPN Clients, 1 PPTPD Server and either a PPTP or L2TP Client concurrently - tricky but it does work.

Wow! Your my go to for all things vpn that's "fo shizel". Thanks for the clarification.