What's new

(Asus AC86u / Merlin 384.16) OpenVPN client not saving cert file

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

distilled

Senior Member
"Oh. Never mind." (in my best Gilda Radner voice)

I had an issue I couldn't easily resolve, and decided to just reset and rebuild it from factory. For whatever reason, it no longer saves the CA for a site to site VPN.

I:

Removed the USB and restored factory settings, checking the "Initialize all the settings" box.

Waited a few minutes, then walked through the wizard, creating new SSIDs and users

Went into Administration / System and checked Format JFFS at next reboot, and hit Apply and reboot.

Wait a few minutes, then signed in and tried to set up the VPN.

Imported the .ovpn file, saved it, then went back and pasted the cert into CA and saved that. The cert field was still empty. Logs show:

Apr 13 17:16:12 rc_service: httpd 963:notify_rc start_vpnclient2
Apr 13 17:16:12 kernel: tun: Universal TUN/TAP device driver, 1.6
Apr 13 17:16:12 kernel: tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
Apr 13 17:16:12 ovpn-client2[3990]: Options error: You must define CA file (--ca) or CA path (--capath)
Apr 13 17:16:12 ovpn-client2[3990]: Use --help for more information.
Apr 13 17:16:12 init: VPN_LOG_ERROR: 488: Starting OpenVPN failed...

I couldn't get it to stick, so I factory reset again and went through this process a second time, just to see if maybe the gremlins would appreciate the sacrifice of few minutes of wasted effort, but no gold.

I am almost certainly doing some forehead-slappingly stupid thing here, forgetting to dot an i, but darn if I can figure out what it is. Can anyone see anything obvious standing out?

Woops, well now I feel dumb for asking. Walking through a reset the third time - this time including a manual power reset - and things lined right up and worked.

What a fine week I picked to stop sniffing glue. Sorry and thanks folks.
 
Last edited:
So this just keeps happening. It will not properly save the CA, even after full factory resets. It will occasionally work, after many tries and reboots, but I can find no pattern or rhyme or reason to when or why it works when it does.

I flashed stock firmware, and it immediately worked the first time. I am running stock now, but kinda miss some of the bells and whistles of Merlin. Diversion is great, but I could put up a PiHole, or use the AdGuard add-on in Home Assistant. But Skynet and YazFi help me sleep at night, and running with no DoT makes me feel like more of a gambler than I am comfortable with. Stock feels naked.

I am going to go back to Merlin and see if installing stock maybe magically fixed anything.
 
So this is still not working for me. I am being forced to stay on stock, and it is really bumming me out. I go to stock, everything works perfectly. Go to Merlin, and the CA just won't save for me.

Does anyone have any thoughts, or is it possible there is just some sort of corruption that isn't allowing this to save? I am at wit's end.
 
After a reboot a second ago, I noticed that it isn't saving the names that I have given devices in Client Status, everything is reverting to just MAC addresses. Something is actually wrong somewhere, sadly.
 
How did you fix this issue. I have the same problem. I also followed your steps in setting up dns which is how I ended up with this problem. :)
 
Try selecting Format JFFS on Next Reboot, hit Apply, and then reboot. When it comes back up, reboot again without reformatting JFFS.

Please post if this fixes it. This is a very annoying problem, and it would be interesting to hear that the same fix worked for someone else.
 
would be interesting to hear that the same fix worked for someone else.

My RT-AC86U ended up in similar situation after upgrading stock 81930 to 81992. Partitions got messed up. Whatever had to be stored in jffs disappeared and manually restored settings wouldn't survive reboot. Another fellow reported missing DHCP client names, etc. in 81992 thread. Same fix as yours. Reset everything and do it again. I've seen that 3 times already with different RT-AC86U routers. One of my reasons to switch to different equipment.
 
Yeah, it was pretty unusual to see the Asus community so lethargic toward an issue that could foreshadow more serious hardware problems.


more
 
Well, the crashing GUI is another issue SNB community prefers to ignore. After additions in Merlin 384.15 it was happening pretty often on my Merlin router. This is why I flashed both routers with Asus stock after years of Merlin use. Asus stock messed up the partitions after few fw upgrades. Now you know I had no choice but to look elsewhere. What else to use on this router?
 
Firmware from 6 months ago isn't giving anyone issues running current firmware today.

Time to stop commenting on what you aren't using (or know about) anymore?
 
Which a full reset fixed for many...
 
I know of many (50+) RT-AC86U's that I have reset once and haven't had an issue with them since. Not following your statements that they need it more than any other routers I've used. In fact, only normal.
 
@distilled, if you run a business and your VPNs are critical, look at site-to-site business VPN solutions. More expensive, but you do it once and you know you have it. I was using Asus routers at home, but Netgate and UniFi in my office. Netgate and Omada at home now. Very happy with the performance, BTW. Much better compared to the 2 RT-AC86Us.
 
@distilled, if you run a business and your VPNs are critical, look at site-to-site business VPN solutions. More expensive, but you do it once and you know you have it. I was using Asus routers at home, but Netgate and UniFi in my office. Netgate and Omada at home now. Very happy with the performance, BTW. Much better compared to the 2 RT-AC86Us.
At the risk of starting a flame war, I have to ask @K-2SO, why do you still post here if you have completely "moved on" from Asus networking equipment? It almost seems as if you take satisfaction in berating Asus, when the rest of us are genuinely here to help other users with their Asus gear (and not continually suggest that we replace it with another setup).
 
At the risk of starting a flame war

No risk at all. l can certainly stop doing it, if the community is so sensitive. No problem with that. In this thread I'm sharing my experience with more than one product and giving suggestions to another user. @distilled is the one to decide, based on needs and budget. In case he is interested, I can provide more details and tech advice. I process information in real life. The more of it, the better outcome. Signing out.

;)
 
Yeah, thanks for the suggestions @K-2SO, I do think there are some issues here that should be addressed, but none are really showstoppers for the Asus line for me. I have had years of faithful service from them, with just a few bugs that are most likely result from my own tinkering and trying to make a home router act like a business class machine. Making a midrange gaming router support lots of additional scripts to satisfy our professional (and personal geek) needs is fun, but getting mad at it when it doesn't do what I want it to is on me, not Asus or Merlin. I DO think something is botching JFFS and causing an issue, but...it just isn't something I feel good complaining too loudly about, considering the way I use the device. I do get a bit annoyed by the lack of AImesh support for guest networks, and the occasional poor AImesh reliability, but meh, it is a home router. You get what you pay for.

I have had it in the back of my mind to put PFsense on a NUC and just use the Asus as an AP, so I hadn't been sweating the minor issues, but one of the IT guys pointed me to a really good deal on a TZ350W. It is overkill for home, but since work is splurging, ostensibly to help us work from home, why not? I used to manage some Sonicwall devices and the ecosystem is pretty tight, so heck, as long as I manage it myself, that is my future.
 
Was having the same problem setting up Private internet access for the MLB season. Checked the clear JFFS on reboot and now the CA is saving.

Thanks for the suggestion.
 
I apologize for the late response. Couldn't get my family off the internet during these Covid times.

This did not work for me. I'm still looking for a solution. I even tried hard resetting and following your instructions.

This is such an annoying issue.


Try selecting Format JFFS on Next Reboot, hit Apply, and then reboot. When it comes back up, reboot again without reformatting JFFS.

Please post if this fixes it. This is a very annoying problem, and it would be interesting to hear that the same fix worked for someone else.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top