What's new

ASUS AC86U after disable DHCP -- NTP SYNC Error ( VPN won't start)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

OLDTECHY

New Around Here
My ASUS AC86U ( updated with MERLIN firmware) to run OpenVPN service (PIA).
Until I made the ASUS setting changes discussed below, all was good ( AFIK).
----
This ASUS AC86U router is LAN wired to gateway device provided by the ISP (ATT Fiber).
(Router and Gateway Devices are ~66 ft. apart)
Originally, both devices had DHCP enabled and had different IP subnets.
Both devices use unique WiFi name SSID's


current issue : ASUS AC86U [after disable DHCP] -- NTP SYNC Error ( VPN won't start)
A) the ASUS WRT Merlin OPENVPN service with PIA VPN will NOT complete "... Connecting..."
B) the ASUS AC86U router repeatedly reports "NTP SYNC ERROR"

These issues may be related and started when I got the bright idea to disable the DHCP service on this ASUS router.
This was so that all my connected IP devices would have the local IP's assigned by the ATT Gateway device which would keep all devices on same subnet for management convenience.
That plan worked as desired. all devices have internet access (PC's, Tablet, ECHO-show, Firestick, Ring)

After the DHCP service is disabled, the OPenVPN Client service never attains service state "ON " - ( reports "connecting")

Is this caused by or related to (NTP SYNC error) as I suspect?

Is there a setting change, workaround, or fix to this problem that would allow all my connected IP devices to still be on same subnet and use both the Gateway and Asus router ?

I have included some images of ASUS setup webpages that may explain...
thank you

ADMIN SYSTEM  NTP.PNGDHCP  DISabled.PNGLog  SYNC Erro.PNGPIA VPN connecting.PNGWAN setting.PNG
 
I don't really follow how you've got you two routers wired together. The WAN socket on the Asus needs to be connected to the LAN socket on the gateway router. Both routers must have different LAN subnets. The Asus must be in "router mode". (I'm assuming the gateway device is also a router - maybe that's not the case?)

Without a working connection the the internet the Asus will not be able to set the correct date and time. And without the correct date and time the VPN will not start.
 
I don't really follow how you've got you two routers wired together. The WAN socket on the Asus needs to be connected to the LAN socket on the gateway router. Both routers must have different LAN subnets. The Asus must be in "router mode". (I'm assuming the gateway device is also a router - maybe that's not the case?)

Without a working connection the the internet the Asus will not be able to set the correct date and time. And without the correct date and time the VPN will not start.

---------
SIR:
Yes ATT Gateway is Full-featured WiFi Router

IF it will help FIX my Described Issue :
Can you SUPPORT / detail your strong (NEED MUST, MUST) statements :
AS you write
" The WAN socket on the Asus needs to be connected to the LAN socket on the gateway router.
Both routers must have different LAN subnets.
The Asus must be in "router mode" "


thank you
 
Last edited:
Asus has integrated the VPN client and server into the router's "router mode". That is why those options disappear from the GUI if you switch to "AP mode".

In router mode the Asus expects to be connected to the upstream device through its WAN port. A router "routes" between two different networks. For example, if the upstream device has a network of 192.168.1.1/24 the Asus' LAN network cannot be the same (or overlap).
 
Is it possible to load balance two routers in this config Colin?
 
WAN connection type would be Automatic IP. Everything else would be whatever you want it to be.

in this config, does it mean it will have to do double nating, if you want to reach from internet a device connected to the ASUS (assuming the public ip address is the same for both router) ?
thx
 
in this config, does it mean it will have to do double nating, if you want to reach from internet a device connected to the ASUS (assuming the public ip address is the same for both router) ?
thx
Yes double NAT. The ISP router would have the public IP address and the Asus would have a private IP address.
 
Yes, you will have a double NAT (both routers will not get the save public IP). The ISP router will have the public IP at it's WAN and the ASUS will have an IP provided by the ISP Router at it's WAN.

To reach the ASUS router from the internet, you will need to setup a port forward rule on the ISP router (have the ISP router hand out a fixed IP address to your ASUS Router and then set up a port forward rule on the ISP Router to forward all traffic received on the VPN port onto the ASUS IP Address.

Another option - if nothing else is connected to the ISP Router (only the ASUS router is connected), can you set the ISP Router to be a bridge, then use your ASUS as the primary router?

EDIT: Colin beat me to the punch :)
 
@ColinTaylor & @Jeffrey Young thanks for your answers.

@Jeffrey Young : in what you explained (do not get why VPN is mentioned!) regarding port fwd, would definning the ASUS router as DMZ on the ISP router do the job ? rather than port fwd all needed ports ?

N.B.: no way to put ISP modem/router in bridge mode, I currently connect the ASUS router via PPPoE so that it gets a second pulic IP address, but it could be this possibility will be supressed in the future
 
@GSpock Putting the Asus in the DMZ of the ISP router is exactly the same creating a forwarding rule for all ports. Some routers have a special pass-through mode, e.g. DMZPlus. I think @Jeffrey Young mentioned VPN because that is the subject of this thread, although it is only relevant for the VPN server not the VPN client.
 
Last edited:
"
current issue : ASUS AC86U [after disable DHCP] -- NTP SYNC Error ( VPN won't start)
A) the ASUS WRT Merlin OPENVPN service with PIA VPN will NOT complete "... Connecting..."
B) the ASUS AC86U router repeatedly reports "NTP SYNC ERROR"
"
thank you for all the comments. I have read and re-read them all a number of times..
I may be missing the conclusion , so if there is a solution, fix , workaround to my posted issue,
_ can someone summarize for me, the corrective steps to "FIX" my issue ?

thank you
p.s. while still maintaining the "Disabled" ASUS DHCP ( i.e. all connected IP devices on same Subnet )
 
p.s. while still maintaining the "Disabled" ASUS DHCP ( i.e. all connected IP devices on same Subnet )
As I explained in post #4 I don't believe this is possible. At least not without modifying the router's normal design with user scripts. I suggest you go back to your original configuration of two separate subnets.


If you want to experiment you could try adding a default static route on the Asus that points to your ATT gateway. That might solve the NTP error. So for example, if your ATT gateway address was 192.168.200.1 the static route would be:

Untitled.png
 
Last edited:

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top