380_65 VPN Client - Multiple client list

[AntirisK]

Hi,

I have upgraded to the latest 380_65 build. I'm running on a AC-RT3100 box. Since the upgrade, my VPN connection (Client 1) was showing as connected but no LAN nodes were able to access the internet.

I have been using "Rules" to control which client goes thru VPN and which does not. So I disabled that first. Still no go. I have to reset all of the parameters that I changed in the client definition page to the default values from the OVPN file I got from my provider. Still no go.

Long story short, the only way my VPN connection works is if I don't have any other clients defined other than 'Client 1'. So right now the only way I can switch to a different exit node for my VPN is to re-import a new OVPN file with a different country into the "Client 1" setup.

Was this a deliberate change? Sounds like a major bug.

 

[Zirescu]

My default is Client 3 and no issues. Suspect that you've got some incompatible settings kicking around from a prior firmware version.

 

[AntirisK]

My original setup (prior to build 65) was all 5 clients configured with various exit points and differing "Policy Rules". I did a reset on all the clients, then rebooted and then setup 2 new clients. Still no go. The only way it allows the LAN clients to go thru is if I have only one and particularly only the "Client 1" configured.

So I can't use more than 1 and I can't use other than the first. Am I left with the only option of fully resetting the router and starting over? Sigh! That is a tough one.

Anyway to export and import the settings of my choice? Thanks for you reply.

 

[Martineau]

My original setup (prior to build 65) was all 5 clients configured with various exit points and differing "Policy Rules". I did a reset on all the clients, then rebooted and then setup 2 new clients. Still no go. The only way it allows the LAN clients to go thru is if I have only one and particularly only the "Client 1" configured.

So I can't use more than 1 and I can't use other than the first. Am I left with the only option of fully resetting the router and starting over? Sigh! That is a tough one.

Anyway to export and import the settings of my choice? Thanks for you reply.

I suggest you try the same trouble shooting as in this thread

RT-AC68U: Unable to add 3rd OpenVPN client.

 

[Xentrk]

I find OpenVPN 2.4 Client and Server settings have some anomalies that did not exist in prior OpenVPN release. I will be writing a setup guide and hope to post it in a few days. Yorgi's setup guide in the VPN forum is very good and helped me greatly with prior OpenVPN release. But it does not address changes needed for OpenVPN 2.4 with Merlin 380.65 plus releases.

These are the nuances I have found to date;
OpenVPN Client Settings: Compression Setting - I always had this set to "None" in prior OpenVPN release. With 2.4, it only works with my vpn provider Torguard if I have it set to LZO Adaptive.

With Policy Routing turned on: Need to add the following option to prevent routing and other issues I won't go into for the sake of time:

dhcp-server DNS xxx.xxx.xxx.xxx
dhcp-server DNS xxx.xxx.xxx.xxx

where the xxx's are the DNS servers 1 and 2 of the VPN provider.

OpenVPN Server Settings: Compression Setting - I always had this set to "None" in prior OpenVPN releases. Once again, I found I need to specify LZO Adaptive or LZ4 in order to access the router web gui and other LAN resources remotely.

 

[AntirisK]

Thanks Xentrk.

I had to change the compression to Adaptive as well. I thought my provider messed it up. But now I know it's not :-(

So do I add the "dhcp-server DNS xxxxxxx" on the options pane at the bottom of the VPN Client setup page?

I may have to wait for your write up after all!

 

[Zirescu]

I find OpenVPN 2.4 Client and Server settings have some anomalies that did not exist in prior OpenVPN release. I will be writing a setup guide and hope to post it in a few days. Yorgi's setup guide in the VPN forum is very good and helped me greatly with prior OpenVPN release. But it does not address changes needed for OpenVPN 2.4 with Merlin 380.65 plus releases.

These are the nuances I have found to date;
OpenVPN Client Settings: Compression Setting - I always had this set to "None" in prior OpenVPN release. With 2.4, it only works with my vpn provider Torguard if I have it set to LZO Adaptive.

With Policy Routing turned on: Need to add the following option to prevent routing and other issues I won't go into for the sake of time:

dhcp-server DNS xxx.xxx.xxx.xxx
dhcp-server DNS xxx.xxx.xxx.xxx

where the xxx's are the DNS servers 1 and 2 of the VPN provider.

OpenVPN Server Settings: Compression Setting - I always had this set to "None" in prior OpenVPN releases. Once again, I found I need to specify LZO Adaptive or LZ4 in order to access the router web gui and other LAN resources remotely.

Weird - usually the export via the OpenVPN config generator for Torguard works fine for me: https://torguard.net/tgconf.php?action=vpn-openvpnconfig

Only thing I've noticed is that they incorrectly add the tun-mtu-extra 32 setting to the other options.

 

[AntirisK]

I'm using Windscribe. With 2.4, I'm unable to change the "compression" or "Accept DNS" or use "Policy Rules". I am practically forced to use the absolute default from Windscribe from the exported OVPN file. To top it off, I'm unable to use only Client 1.

So looks like build 65 may be a wrong choice to upgrade, particularly if somebody is using VPN. Looks like I may have to consider the fact that I may need to go back to the previous version.

 

[Xentrk]

Weird - usually the export via the OpenVPN config generator for Torguard works fine for me: https://torguard.net/tgconf.php?action=vpn-openvpnconfig

Only thing I've noticed is that they incorrectly add the tun-mtu-extra 32 setting to the other options.

I used it too based on you recommendation. But I had to change a few settings. I could not get it to work unless I had compression set to LZO Adaptive. I'm sure LZO will work as well and I will test that later as I put together a guide. None always worked for me in the past so I was surprised about this. II am finding the same thing now with OpenVPN Server. I can connect to the router with compression set to None. But I can not access the web interface or connect via SFTP or SSH. But once I change to LZO Adaptive or LZ4 it works! I did not try LZO on it's own. But I don't want to compress unless I have to. I think that is where the Adaptive comes in. When I get my first draft done, I will ask you for your input since you also are a TG customer. Thanks!

 

[Xentrk]

Thanks Xentrk.

I had to change the compression to Adaptive as well. I thought my provider messed it up. But now I know it's not :-(

So do I add the "dhcp-server DNS xxxxxxx" on the options pane at the bottom of the VPN Client setup page?

I may have to wait for your write up after all!

That is correct. Goes in the Custom config section at the bottom. It only seems to be required there if you have policy rules from my testing. The other router I use and have vpn runnig where all traffic uses the tunnel works okay without this additional config.

Will elaborate more later on the issues I discovered and why these changes fixed them. Need to go now...

The other day, I was doing some updates to my routers. One is All Traffic uses VPN and the other is policy rules. Everything worked great on the All Traffic uses VPN router. On this router, I have Accept DNS Configuration set to Exclusive. When I connected to the second router with VPN Policy Rules, I noticed Ad Blocking (AB Solution) was not working through the vpn tunnel. It did when not using the vpn tunnel. I found that to fix this problem, I had to change Accept DNS Configuration from Exclusive to Strict.

Then, last night..I issued the "cu" command to update AB Solution on the VPN Policy Rules router. I was not able to connect to the absolution server. I then tested the email function and noticed it gave me an error when trying to send the email. This all worked okay on 380.64_2. I logged back into the router where all traffic uses the VPN and verified these functions worked okay there and that my email settings where exactly the same. I then went back into the Policy Rules router, and added the lines to Custom Configuration:

dhcp-option DNS xxx.xxx.xxx.xxx

for the two Torguard DNS servers. I then applied the settings. I retested AB Solution update function and email and they all worked as normal.

So what I concluded is OpenVPN 2.4 has some anomalies about it. And some options that worked in the prior version don't work in 2.4 release. And as stated earlier, I had to set Compression to LZO Adaptive for it to work. On prior release, I had it set to None and it worked fine.

 

[Zirescu]

The TG opvn file that I get does specify comp-lzo adaptive so likely is required by the server to connect.