What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Asus RT-AC56U - VPN routing issue.

H

Hitman

Regular Contributor
Hi,

I'm having difficulty getting the VPN working correctly on an AC56U to route certain clients on the network to use the VPN client connection for internet and all the rest to use a non VPN connection to the internet.

I have the client setup and running, no errors in the log and setup the routing config table (see image below) to allow certain devices to connect to the internet and all the rest to use the VPN client connection as per the table, but any devices in the table set to use the wan (non VPN connection) are unable to connect to the non-VPN internet, Laptop PC also in the table list reports DNS error, no internet but the devices not in the list can connect and are on the VPN client connection :/

I have tried removing everything in the table and an opposite solution (table named devices to use VPN, everything else NON-VPN, and just simply adding devices I want to use the VPN - set as VPN and nothing else and have no connection to anything, only the first setup as per the table below gives me half a working solution where VPN devices connect, table listed wan (non-VPN) devices do not connect - no internet.

Latest merlin Fork HGG 380.57.7

Please can you help getting me to a full working solution?

 
Try to remove 192.168.1.0/24 net and add every VPN and WAN one by one and try.
 
I removed the /24 network and added all devices individually for wan and vpn but now nothing connects to the internet, I also notice in the log an additional line (full log below) - event_wait : Interrupted system call (code=4)

I have all devices in the router LAN settings/DHCP added to the reservation list - Manually Assigned IP around the DHCP list, to reserve them to fixed IP addresses.

I have also tried reflashing to merlins latest 380.57 and still exactly the same.

Thanks.


Log (ignore ip's as they have changed from the old snip I posted in the OP but same settings)

Mar 20 09:22:08 openvpn[786]: /usr/sbin/ip route add 81.171.52.16/32 via 172.16.13.7
Mar 20 09:22:08 openvpn[786]: /usr/sbin/ip route add 0.0.0.0/1 via 172.21.94.1
Mar 20 09:22:08 openvpn[786]: /usr/sbin/ip route add 128.0.0.0/1 via 172.21.94.1
Mar 20 09:22:08 openvpn-routing: Configuring policy rules for client 1
Mar 20 09:22:08 openvpn-routing: Creating VPN routing table
Mar 20 09:22:08 openvpn-routing: Removing route for 0.0.0.0/1 to tun11 from routing tables
Mar 20 09:22:08 openvpn-routing: Removing route for 128.0.0.0/1 to tun11 from routing tables
Mar 20 09:22:08 openvpn-routing: Added 192.168.1.1 to 0.0.0.0 through WAN to routing policy
Mar 20 09:22:08 openvpn-routing: Added 192.168.1.2 to 0.0.0.0 through WAN to routing policy
Mar 20 09:22:08 openvpn-routing: Added 192.168.1.204 to 0.0.0.0 through WAN to routing policy
Mar 20 09:22:08 openvpn-routing: Added 192.168.1.56 to 0.0.0.0 through WAN to routing policy
Mar 20 09:22:08 openvpn-routing: Added 192.168.1.73 to 0.0.0.0 through WAN to routing policy
Mar 20 09:22:08 openvpn-routing: Added 192.168.1.133 to 0.0.0.0 through WAN to routing policy
Mar 20 09:22:09 openvpn-routing: Added 192.168.1.191 to 0.0.0.0 through WAN to routing policy
Mar 20 09:22:09 openvpn-routing: Added 192.168.1.205 to 0.0.0.0 through WAN to routing policy
Mar 20 09:22:09 openvpn-routing: Added 192.168.1.211 to 0.0.0.0 through WAN to routing policy
Mar 20 09:22:09 openvpn-routing: Added 192.168.1.250 to 0.0.0.0 through WAN to routing policy
Mar 20 09:22:09 openvpn-routing: Added 192.168.1.12 to 0.0.0.0 through WAN to routing policy
Mar 20 09:22:09 openvpn-routing: Added 192.168.1.121 to 0.0.0.0 through VPN to routing policy
Mar 20 09:22:09 openvpn-routing: Added 192.168.1.122 to 0.0.0.0 through VPN to routing policy
Mar 20 09:22:09 openvpn-routing: Added 192.168.1.123 to 0.0.0.0 through VPN to routing policy
Mar 20 09:22:09 openvpn-routing: Added 192.168.1.124 to 0.0.0.0 through VPN to routing policy
Mar 20 09:22:09 openvpn-routing: Added 192.168.1.218 to 0.0.0.0 through VPN to routing policy
Mar 20 09:22:09 openvpn-routing: Completed routing policy configuration
Mar 20 09:22:09 openvpn[786]: Initialization Sequence Completed
Mar 20 09:22:16 hour monitor: daemon is starting
Mar 20 09:22:26 crond[430]: time disparity of 334642 minutes detected
Mar 20 09:22:29 dnsmasq-dhcp[422]: DHCPREQUEST(br0) 192.168.1.191 60:d8:19:7e:6a:75
Mar 20 09:22:29 dnsmasq-dhcp[422]: DHCPACK(br0) 192.168.1.191 60:d8:19:7e:6a:75 CITYTECH-PC
Mar 20 09:22:29 dnsmasq-dhcp[422]: DHCPREQUEST(br0) 192.168.1.191 60:d8:19:7e:6a:75
Mar 20 09:22:29 dnsmasq-dhcp[422]: DHCPACK(br0) 192.168.1.191 60:d8:19:7e:6a:75 CITYTECH-PC
Mar 20 09:22:29 dnsmasq-dhcp[422]: DHCPREQUEST(br0) 192.168.1.191 60:d8:19:7e:6a:75
Mar 20 09:22:29 dnsmasq-dhcp[422]: DHCPACK(br0) 192.168.1.191 60:d8:19:7e:6a:75 CITYTECH-PC
Mar 20 09:22:42 openvpn[786]: event_wait : Interrupted system call (code=4)
Mar 20 09:22:42 openvpn[786]: OpenVPN STATISTICS
Mar 20 09:22:42 openvpn[786]: Updated,Sun Mar 20 09:22:42 2016
Mar 20 09:22:42 openvpn[786]: TUN/TAP read bytes,0
Mar 20 09:22:42 openvpn[786]: TUN/TAP write bytes,0
Mar 20 09:22:42 openvpn[786]: TCP/UDP read bytes,4157
Mar 20 09:22:42 openvpn[786]: TCP/UDP write bytes,1248
Mar 20 09:22:42 openvpn[786]: Auth read bytes,16
Mar 20 09:22:42 openvpn[786]: pre-compress bytes,0
Mar 20 09:22:42 openvpn[786]: post-compress bytes,0
Mar 20 09:22:42 openvpn[786]: pre-decompress bytes,0
Mar 20 09:22:42 openvpn[786]: post-decompress bytes,0
Mar 20 09:22:42 openvpn[786]: END
Mar 20 09:26:59 openvpn[786]: event_wait : Interrupted system call (code=4)
Mar 20 09:26:59 openvpn[786]: OpenVPN STATISTICS
Mar 20 09:26:59 openvpn[786]: Updated,Sun Mar 20 09:26:59 2016
Mar 20 09:26:59 openvpn[786]: TUN/TAP read bytes,0
Mar 20 09:26:59 openvpn[786]: TUN/TAP write bytes,0
Mar 20 09:26:59 openvpn[786]: TCP/UDP read bytes,5210
Mar 20 09:26:59 openvpn[786]: TCP/UDP write bytes,2301
Mar 20 09:26:59 openvpn[786]: Auth read bytes,224
Mar 20 09:26:59 openvpn[786]: pre-compress bytes,0
Mar 20 09:26:59 openvpn[786]: post-compress bytes,0
Mar 20 09:26:59 openvpn[786]: pre-decompress bytes,0
Mar 20 09:26:59 openvpn[786]: post-decompress bytes,0
Mar 20 09:26:59 openvpn[786]: END
 
Last edited:
Are you sure it connected? is service state green? Turn off policy routing and test.
Interrupted system call (code=4) is displayed in log every time you hit VPN-tab, its normal and no errors.
 
I see you are running the HGG fork.....can you recreate the problem on the standard Merlin release?

Also, you might try changing Accept DNS configuration from 'Exclusive' to 'Strict' and see if that helps.
 
Hi John,

Yes I added to my further post I've tried the standard/latest merlin build 380.57, with the same results - although as the builds between HGG and merlin show a slight build difference, I have kept the settings /without a factory reset, I don't know if the builds are significantly different to warrant a full reset and start from scratch re-entering all the settings again?

I will try the "strict" setting now....

Thanks.
 
Ok under the router VPN settings I now get VPN\ service state - Error - Routing conflict!

EDIT: even with the above I now get a correct internet connection on ALL network devices, although the VPN connection seems a little slow.

Doing a speed test I get 15mbps for up and down for the VPN, where I should get ~ 50mbps D/L 15 U/L on the 56U, CPU is at 70% on 1 core, is there a way to use both CPU cores?

Thanks.
 
Last edited:
Ok now the - Error routing conflict message has disappeared but still slower VPN connection, this the the current log...

Mar 20 10:19:35 rc_service: httpd 428:notify_rc start_vpnclient1
Mar 20 10:19:36 kernel: tun: Universal TUN/TAP device driver, 1.6
Mar 20 10:19:36 kernel: tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
Mar 20 10:19:37 openvpn[1252]: OpenVPN 2.3.8 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Dec 24 2015
Mar 20 10:19:37 openvpn[1252]: library versions: OpenSSL 1.0.2e 3 Dec 2015, LZO 2.08
Mar 20 10:19:37 openvpn[1253]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Mar 20 10:19:37 openvpn[1253]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mar 20 10:19:37 openvpn[1253]: Deprecated TLS cipher name 'DHE-RSA-AES256-SHA', please use IANA name 'TLS-DHE-RSA-WITH-AES-256-CBC-SHA'
Mar 20 10:19:37 openvpn[1253]: Socket Buffers: R=[122880->131072] S=[122880->131072]
Mar 20 10:19:37 openvpn[1253]: UDPv4 link local: [undef]
Mar 20 10:19:37 openvpn[1253]: UDPv4 link remote: [AF_INET]81.171.52.16:1194
Mar 20 10:19:37 openvpn[1253]: TLS: Initial packet from [AF_INET]81.171.52.16:1194, sid=894266ea 5eaa1cfa
Mar 20 10:19:37 openvpn[1253]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mar 20 10:19:37 openvpn[1253]: VERIFY OK: depth=1, C=US, ST=VPN, L=VPN, O=VPN, OU=VPN, CN=VPN, name=VPN, emailAddress=VPN
Mar 20 10:19:37 openvpn[1253]: VERIFY OK: depth=0, C=US, ST=VPN, L=VPN, O=VPN, OU=VPN, CN=vpn, name=VPN
Mar 20 10:19:38 openvpn[1253]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mar 20 10:19:38 openvpn[1253]: Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Mar 20 10:19:38 openvpn[1253]: Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mar 20 10:19:38 openvpn[1253]: Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Mar 20 10:19:38 openvpn[1253]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Mar 20 10:19:38 openvpn[1253]: [vpn] Peer Connection Initiated with [AF_INET]81.171.52.16:1194
Mar 20 10:19:40 openvpn[1253]: SENT CONTROL [vpn]: 'PUSH_REQUEST' (status=1)
Mar 20 10:19:40 openvpn[1253]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 198.18.0.1,dhcp-option DNS 198.18.0.2,rcvbuf 262144,explicit-exit-notify 5,route-gateway 172.21.94.1,topology subnet,ping 20,ping-restart 40,ifconfig 172.21.94.165 255.255.254.0'
Mar 20 10:19:40 openvpn[1253]: OPTIONS IMPORT: timers and/or timeouts modified
Mar 20 10:19:40 openvpn[1253]: OPTIONS IMPORT: explicit notify parm(s) modified
Mar 20 10:19:40 openvpn[1253]: OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Mar 20 10:19:40 openvpn[1253]: Socket Buffers: R=[131072->245760] S=[131072->131072]
Mar 20 10:19:40 openvpn[1253]: OPTIONS IMPORT: --ifconfig/up options modified
Mar 20 10:19:40 openvpn[1253]: OPTIONS IMPORT: route options modified
Mar 20 10:19:40 openvpn[1253]: OPTIONS IMPORT: route-related options modified
Mar 20 10:19:40 openvpn[1253]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mar 20 10:19:40 openvpn[1253]: TUN/TAP device tun11 opened
Mar 20 10:19:40 openvpn[1253]: TUN/TAP TX queue length set to 100
Mar 20 10:19:40 openvpn[1253]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mar 20 10:19:40 openvpn[1253]: /usr/sbin/ip link set dev tun11 up mtu 1500
Mar 20 10:19:40 openvpn[1253]: /usr/sbin/ip addr add dev tun11 172.21.94.165/23 broadcast 172.21.95.255
Mar 20 10:19:40 openvpn[1253]: updown.sh tun11 1500 1570 172.21.94.165 255.255.254.0 init
Mar 20 10:19:41 rc_service: service 1295:notify_rc updateresolv
Mar 20 10:19:41 dnsmasq[1215]: exiting on receipt of SIGTERM
Mar 20 10:19:41 dnsmasq[1301]: started, version 2.76-g41a8d9e cachesize 1500
Mar 20 10:19:41 dnsmasq[1301]: warning: interface ppp1* does not currently exist
Mar 20 10:19:41 dnsmasq[1301]: asynchronous logging enabled, queue limit is 5 messages
Mar 20 10:19:41 dnsmasq-dhcp[1301]: DHCP, IP range 192.168.1.2 -- 192.168.1.254, lease time 1d
Mar 20 10:19:41 dnsmasq[1301]: read /etc/hosts - 5 addresses
Mar 20 10:19:41 dnsmasq[1301]: read /etc/hosts.dnsmasq - 11 addresses
Mar 20 10:19:41 dnsmasq-dhcp[1301]: read /etc/ethers - 14 addresses
Mar 20 10:19:41 dnsmasq[1301]: using nameserver 198.18.0.1#53
Mar 20 10:19:41 dnsmasq[1301]: using nameserver 198.18.0.2#53
Mar 20 10:19:41 dnsmasq[1301]: using nameserver 31.55.185.18#53
Mar 20 10:19:41 dnsmasq[1301]: using nameserver 31.55.186.74#53
Mar 20 10:19:43 openvpn[1253]: Ignore conflicted routing rule: 81.171.52.16 255.255.255.255
Mar 20 10:19:43 openvpn[1253]: /usr/sbin/ip route add 0.0.0.0/1 via 172.21.94.1
Mar 20 10:19:44 openvpn[1253]: /usr/sbin/ip route add 128.0.0.0/1 via 172.21.94.1
Mar 20 10:19:44 openvpn-routing: Configuring policy rules for client 1
Mar 20 10:19:44 openvpn-routing: Creating VPN routing table
Mar 20 10:19:44 openvpn-routing: Removing route for 0.0.0.0/1 to tun11 from routing tables
Mar 20 10:19:44 openvpn-routing: Removing route for 128.0.0.0/1 to tun11 from routing tables
Mar 20 10:19:44 openvpn-routing: Removing rule 1001 from routing policy
Mar 20 10:19:44 openvpn-routing: Removing rule 1002 from routing policy
Mar 20 10:19:44 openvpn-routing: Removing rule 1003 from routing policy
Mar 20 10:19:44 openvpn-routing: Removing rule 1004 from routing policy
Mar 20 10:19:44 openvpn-routing: Removing rule 1005 from routing policy
Mar 20 10:19:44 openvpn-routing: Removing rule 1006 from routing policy
Mar 20 10:19:44 openvpn-routing: Removing rule 1007 from routing policy
Mar 20 10:19:44 openvpn-routing: Removing rule 1008 from routing policy
Mar 20 10:19:45 openvpn-routing: Removing rule 1009 from routing policy
Mar 20 10:19:45 openvpn-routing: Removing rule 1010 from routing policy
Mar 20 10:19:45 openvpn-routing: Removing rule 1011 from routing policy
Mar 20 10:19:45 openvpn-routing: Removing rule 1101 from routing policy
Mar 20 10:19:45 openvpn-routing: Removing rule 1102 from routing policy
Mar 20 10:19:45 openvpn-routing: Removing rule 1103 from routing policy
Mar 20 10:19:45 openvpn-routing: Removing rule 1104 from routing policy
Mar 20 10:19:45 openvpn-routing: Removing rule 1105 from routing policy
Mar 20 10:19:45 openvpn-routing: Added 192.168.1.1 to 0.0.0.0 through WAN to routing policy
Mar 20 10:19:45 openvpn-routing: Added 192.168.1.2 to 0.0.0.0 through WAN to routing policy
Mar 20 10:19:45 openvpn-routing: Added 192.168.1.204 to 0.0.0.0 through WAN to routing policy
Mar 20 10:19:45 openvpn-routing: Added 192.168.1.56 to 0.0.0.0 through WAN to routing policy
Mar 20 10:19:45 openvpn-routing: Added 192.168.1.73 to 0.0.0.0 through WAN to routing policy
Mar 20 10:19:46 openvpn-routing: Added 192.168.1.133 to 0.0.0.0 through WAN to routing policy
Mar 20 10:19:46 openvpn-routing: Added 192.168.1.191 to 0.0.0.0 through WAN to routing policy
Mar 20 10:19:46 openvpn-routing: Added 192.168.1.205 to 0.0.0.0 through WAN to routing policy
Mar 20 10:19:46 openvpn-routing: Added 192.168.1.211 to 0.0.0.0 through WAN to routing policy
Mar 20 10:19:46 openvpn-routing: Added 192.168.1.250 to 0.0.0.0 through WAN to routing policy
Mar 20 10:19:46 openvpn-routing: Added 192.168.1.12 to 0.0.0.0 through WAN to routing policy
Mar 20 10:19:46 openvpn-routing: Added 192.168.1.121 to 0.0.0.0 through VPN to routing policy
Mar 20 10:19:46 openvpn-routing: Added 192.168.1.122 to 0.0.0.0 through VPN to routing policy
Mar 20 10:19:46 openvpn-routing: Added 192.168.1.123 to 0.0.0.0 through VPN to routing policy
Mar 20 10:19:46 openvpn-routing: Added 192.168.1.124 to 0.0.0.0 through VPN to routing policy
Mar 20 10:19:47 openvpn-routing: Added 192.168.1.218 to 0.0.0.0 through VPN to routing policy
Mar 20 10:19:47 openvpn-routing: Completed routing policy configuration
Mar 20 10:19:47 openvpn[1253]: Initialization Sequence Completed
Mar 20 10:19:53 openvpn[1253]: event_wait : Interrupted system call (code=4)
 
I can se you have some same config and GUI and Custom config. Try remove those as is who is unneeded/duplicate.
 
Thanks,

I've shortened custom config to..

resolv-retry infinite
nobind
persist-key
persist-tun
persist-remote-ip
verb 3
auth SHA256
auth-nocache

Which gives the follow Log, no change in speeds.

Mar 20 11:16:11 openvpn[2127]: Authenticate/Decrypt packet error: packet HMAC authentication failed
Mar 20 11:16:25 rc_service: httpd 428:notify_rc restart_vpnclient1
Mar 20 11:16:26 openvpn[2127]: event_wait : Interrupted system call (code=4)
Mar 20 11:16:26 openvpn[2127]: SIGTERM received, sending exit notification to peer
Mar 20 11:16:28 dnsmasq[3557]: read /etc/hosts - 5 addresses
Mar 20 11:16:28 dnsmasq[3557]: read /etc/hosts.dnsmasq - 11 addresses
Mar 20 11:16:28 dnsmasq-dhcp[3557]: read /etc/ethers - 14 addresses
Mar 20 11:16:28 dnsmasq[3557]: using nameserver 31.55.186.70#53
Mar 20 11:16:28 dnsmasq[3557]: using nameserver 31.55.185.18#53
Mar 20 11:16:28 dnsmasq[3557]: exiting on receipt of SIGTERM
Mar 20 11:16:29 dnsmasq[3905]: started, version 2.76-g41a8d9e cachesize 1500
Mar 20 11:16:29 dnsmasq[3905]: warning: interface ppp1* does not currently exist
Mar 20 11:16:29 dnsmasq[3905]: asynchronous logging enabled, queue limit is 5 messages
Mar 20 11:16:29 dnsmasq-dhcp[3905]: DHCP, IP range 192.168.1.2 -- 192.168.1.254, lease time 1d
Mar 20 11:16:29 dnsmasq[3905]: read /etc/hosts - 5 addresses
Mar 20 11:16:29 dnsmasq[3905]: read /etc/hosts.dnsmasq - 11 addresses
Mar 20 11:16:29 dnsmasq-dhcp[3905]: read /etc/ethers - 14 addresses
Mar 20 11:16:29 dnsmasq[3905]: using nameserver 31.55.186.70#53
Mar 20 11:16:29 dnsmasq[3905]: using nameserver 31.55.185.18#53
Mar 20 11:16:29 kernel: tun: Universal TUN/TAP device driver, 1.6
Mar 20 11:16:29 kernel: tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
Mar 20 11:16:29 openvpn[3911]: OpenVPN 2.3.8 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Dec 24 2015
Mar 20 11:16:29 openvpn[3911]: library versions: OpenSSL 1.0.2e 3 Dec 2015, LZO 2.08
Mar 20 11:16:29 openvpn[3915]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Mar 20 11:16:29 openvpn[3915]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mar 20 11:16:29 openvpn[3915]: Socket Buffers: R=[122880->131072] S=[122880->131072]
Mar 20 11:16:29 openvpn[3915]: UDPv4 link local: [undef]
Mar 20 11:16:29 openvpn[3915]: UDPv4 link remote: [AF_INET]81.171.52.16:1194
Mar 20 11:16:29 openvpn[3915]: TLS: Initial packet from [AF_INET]81.171.52.16:1194, sid=780c5cff c3d12cb9
Mar 20 11:16:30 openvpn[3915]: VERIFY OK: depth=1, C=US, ST=VPN, L=VPN, O=VPN, OU=VPN, CN=VPN, name=VPN, emailAddress=VPN
Mar 20 11:16:30 openvpn[3915]: VERIFY OK: depth=0, C=US, ST=VPN, L=VPN, O=VPN, OU=VPN, CN=vpn, name=VPN
Mar 20 11:16:30 openvpn[3915]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mar 20 11:16:30 openvpn[3915]: Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Mar 20 11:16:30 openvpn[3915]: Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mar 20 11:16:30 openvpn[3915]: Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Mar 20 11:16:30 openvpn[3915]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Mar 20 11:16:30 openvpn[3915]: [vpn] Peer Connection Initiated with [AF_INET]81.171.52.16:1194
Mar 20 11:16:33 openvpn[3915]: SENT CONTROL [vpn]: 'PUSH_REQUEST' (status=1)
Mar 20 11:16:33 openvpn[3915]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 198.18.0.1,dhcp-option DNS 198.18.0.2,rcvbuf 262144,explicit-exit-notify 5,route-gateway 172.21.94.1,topology subnet,ping 20,ping-restart 40,ifconfig 172.21.94.165 255.255.254.0'
Mar 20 11:16:33 openvpn[3915]: OPTIONS IMPORT: timers and/or timeouts modified
Mar 20 11:16:33 openvpn[3915]: OPTIONS IMPORT: explicit notify parm(s) modified
Mar 20 11:16:33 openvpn[3915]: OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Mar 20 11:16:33 openvpn[3915]: Socket Buffers: R=[131072->245760] S=[131072->131072]
Mar 20 11:16:33 openvpn[3915]: OPTIONS IMPORT: --ifconfig/up options modified
Mar 20 11:16:33 openvpn[3915]: OPTIONS IMPORT: route options modified
Mar 20 11:16:33 openvpn[3915]: OPTIONS IMPORT: route-related options modified
Mar 20 11:16:33 openvpn[3915]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mar 20 11:16:33 openvpn[3915]: TUN/TAP device tun11 opened
Mar 20 11:16:33 openvpn[3915]: TUN/TAP TX queue length set to 100
Mar 20 11:16:33 openvpn[3915]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mar 20 11:16:33 openvpn[3915]: /usr/sbin/ip link set dev tun11 up mtu 1500
Mar 20 11:16:33 openvpn[3915]: /usr/sbin/ip addr add dev tun11 172.21.94.165/23 broadcast 172.21.95.255
Mar 20 11:16:33 openvpn[3915]: updown.sh tun11 1500 1570 172.21.94.165 255.255.254.0 init
Mar 20 11:16:34 rc_service: service 3957:notify_rc updateresolv
Mar 20 11:16:34 dnsmasq[3905]: exiting on receipt of SIGTERM
Mar 20 11:16:34 dnsmasq[3963]: started, version 2.76-g41a8d9e cachesize 1500
Mar 20 11:16:34 dnsmasq[3963]: warning: interface ppp1* does not currently exist
Mar 20 11:16:34 dnsmasq[3963]: asynchronous logging enabled, queue limit is 5 messages
Mar 20 11:16:34 dnsmasq-dhcp[3963]: DHCP, IP range 192.168.1.2 -- 192.168.1.254, lease time 1d
Mar 20 11:16:34 dnsmasq[3963]: read /etc/hosts - 5 addresses
Mar 20 11:16:34 dnsmasq[3963]: read /etc/hosts.dnsmasq - 11 addresses
Mar 20 11:16:34 dnsmasq-dhcp[3963]: read /etc/ethers - 14 addresses
Mar 20 11:16:34 dnsmasq[3963]: using nameserver 198.18.0.1#53
Mar 20 11:16:34 dnsmasq[3963]: using nameserver 198.18.0.2#53
Mar 20 11:16:34 dnsmasq[3963]: using nameserver 31.55.186.70#53
Mar 20 11:16:34 dnsmasq[3963]: using nameserver 31.55.185.18#53
Mar 20 11:16:36 openvpn[3915]: Ignore conflicted routing rule: 81.171.52.16 255.255.255.255
Mar 20 11:16:36 openvpn[3915]: /usr/sbin/ip route add 0.0.0.0/1 via 172.21.94.1
Mar 20 11:16:37 openvpn[3915]: /usr/sbin/ip route add 128.0.0.0/1 via 172.21.94.1
Mar 20 11:16:37 openvpn-routing: Configuring policy rules for client 1
Mar 20 11:16:37 openvpn-routing: Creating VPN routing table
Mar 20 11:16:37 openvpn-routing: Removing route for 0.0.0.0/1 to tun11 from routing tables
Mar 20 11:16:37 openvpn-routing: Removing route for 128.0.0.0/1 to tun11 from routing tables
Mar 20 11:16:37 openvpn-routing: Removing rule 1001 from routing policy
Mar 20 11:16:38 openvpn-routing: Removing rule 1002 from routing policy
Mar 20 11:16:38 openvpn-routing: Removing rule 1003 from routing policy
Mar 20 11:16:38 openvpn-routing: Removing rule 1004 from routing policy
Mar 20 11:16:38 openvpn-routing: Removing rule 1005 from routing policy
Mar 20 11:16:38 openvpn-routing: Removing rule 1006 from routing policy
Mar 20 11:16:38 openvpn-routing: Removing rule 1007 from routing policy
Mar 20 11:16:38 openvpn-routing: Removing rule 1008 from routing policy
Mar 20 11:16:38 openvpn-routing: Removing rule 1009 from routing policy
Mar 20 11:16:38 openvpn-routing: Removing rule 1010 from routing policy
Mar 20 11:16:38 openvpn-routing: Removing rule 1011 from routing policy
Mar 20 11:16:38 openvpn-routing: Removing rule 1101 from routing policy
Mar 20 11:16:38 openvpn-routing: Removing rule 1102 from routing policy
Mar 20 11:16:38 openvpn-routing: Removing rule 1103 from routing policy
Mar 20 11:16:38 openvpn-routing: Removing rule 1104 from routing policy
Mar 20 11:16:38 openvpn-routing: Removing rule 1105 from routing policy
Mar 20 11:16:38 openvpn-routing: Added 192.168.1.1 to 0.0.0.0 through WAN to routing policy
Mar 20 11:16:38 openvpn-routing: Added 192.168.1.2 to 0.0.0.0 through WAN to routing policy
Mar 20 11:16:38 openvpn-routing: Added 192.168.1.204 to 0.0.0.0 through WAN to routing policy
Mar 20 11:16:39 openvpn-routing: Added 192.168.1.56 to 0.0.0.0 through WAN to routing policy
Mar 20 11:16:39 openvpn-routing: Added 192.168.1.73 to 0.0.0.0 through WAN to routing policy
Mar 20 11:16:39 openvpn-routing: Added 192.168.1.133 to 0.0.0.0 through WAN to routing policy
Mar 20 11:16:39 openvpn-routing: Added 192.168.1.191 to 0.0.0.0 through WAN to routing policy
Mar 20 11:16:39 openvpn-routing: Added 192.168.1.205 to 0.0.0.0 through WAN to routing policy
Mar 20 11:16:39 openvpn-routing: Added 192.168.1.211 to 0.0.0.0 through WAN to routing policy
Mar 20 11:16:39 openvpn-routing: Added 192.168.1.250 to 0.0.0.0 through WAN to routing policy
Mar 20 11:16:39 openvpn-routing: Added 192.168.1.12 to 0.0.0.0 through WAN to routing policy
Mar 20 11:16:39 openvpn-routing: Added 192.168.1.121 to 0.0.0.0 through VPN to routing policy
Mar 20 11:16:39 openvpn-routing: Added 192.168.1.122 to 0.0.0.0 through VPN to routing policy
Mar 20 11:16:39 openvpn-routing: Added 192.168.1.123 to 0.0.0.0 through VPN to routing policy
Mar 20 11:16:39 openvpn-routing: Added 192.168.1.124 to 0.0.0.0 through VPN to routing policy
Mar 20 11:16:40 openvpn-routing: Added 192.168.1.218 to 0.0.0.0 through VPN to routing policy
Mar 20 11:16:40 openvpn-routing: Completed routing policy configuration
Mar 20 11:16:40 openvpn[3915]: Initialization Sequence Completed
 
Last edited:
Make sure this match on both sides client/server

Mar 20 11:12:35 openvpn[2127]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1570'
Mar 20 11:12:35 openvpn[2127]: WARNING: 'auth' is used inconsistently, local='auth SHA1', remote='auth SHA256'
Click to expand...


Mar 20 11:12:34 openvpn[2127]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Click to expand...

Try to add this to client: remote-cert-tls server
 
The latest Merlin builds introduced new DNS handling for Exclusive mode.

OpenVPN only can use a single core, but Merlin's builds include code to try and distribute the router and OpenVPN loads across both cores. There has been a recent fix in this area, but not sure if it would affect your use case.

Sorry, but I don't follow HGG's fork since there is no source code available and I don't know what HGG has or hasn't done.

A last observation, it looks like you are using auth/digest SHA256...that's a performance killer (the router just doesn't have the horsepower). Try going back to SHA1 if your provider supports it.
 
john9527 said:
The latest Merlin builds introduced new DNS handling for Exclusive mode.

A: For now you can use Aiprotection=> DNS-base filtering to handel dns to vpn-provider.

OpenVPN only can use a single core, but Merlin's builds include code to try and distribute the router and OpenVPN loads across both cores. There has been a recent fix in this area, but not sure if it would affect your use case.

A: Use Tun11 it is on core 1 (client1)

Sorry, but I don't follow HGG's fork since there is no source code available and I don't know what HGG has or hasn't done.

A: Most same as merlin has, with little tweak.

A last observation, it looks like you are using auth/digest SHA256...that's a performance killer (the router just doesn't have the horsepower). Try going back to SHA1 if your provider supports it.
Click to expand...
 
Thanks guy's,

I got around ~50 D/L speed last time I used the router for VPN

A: Most same as merlin has, with little tweak.
Is this a command line tweak and what is it?
 
Added the remote server cert request line and now the log looks good... (still no change in speed, and did get much higher as stated but can't remember how, maybe the a command tweak and I do remember using both CPU cores at the time).

Also turned on AIProtect - dns filtering /Router (lots of other options in the list, chose router) and turned off VPN / dns "Strict" to disabled, or should I leave this set to strict?

Log

Mar 20 11:37:00 openvpn[4811]: VERIFY OK: depth=1, C=US, ST=VPN, L=VPN, O=VPN, OU=VPN, CN=VPN, name=VPN, emailAddress=VPN
Mar 20 11:37:00 openvpn[4811]: Validating certificate key usage
Mar 20 11:37:00 openvpn[4811]: ++ Certificate has key usage 00a0, expects 00a0
Mar 20 11:37:00 openvpn[4811]: VERIFY KU OK
Mar 20 11:37:00 openvpn[4811]: Validating certificate extended key usage
Mar 20 11:37:00 openvpn[4811]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Mar 20 11:37:00 openvpn[4811]: VERIFY EKU OK
Mar 20 11:37:00 openvpn[4811]: VERIFY OK: depth=0, C=US, ST=VPN, L=VPN, O=VPN, OU=VPN, CN=vpn, name=VPN
Mar 20 11:37:01 openvpn[4811]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mar 20 11:37:01 openvpn[4811]: Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Mar 20 11:37:01 openvpn[4811]: Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mar 20 11:37:01 openvpn[4811]: Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Mar 20 11:37:01 openvpn[4811]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Mar 20 11:37:01 openvpn[4811]: [vpn] Peer Connection Initiated with [AF_INET]81.171.52.16:1194
Mar 20 11:37:03 openvpn[4811]: SENT CONTROL [vpn]: 'PUSH_REQUEST' (status=1)
Mar 20 11:37:03 openvpn[4811]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 198.18.0.1,dhcp-option DNS 198.18.0.2,rcvbuf 262144,explicit-exit-notify 5,route-gateway 172.21.94.1,topology subnet,ping 20,ping-restart 40,ifconfig 172.21.94.165 255.255.254.0'
Mar 20 11:37:03 openvpn[4811]: OPTIONS IMPORT: timers and/or timeouts modified
Mar 20 11:37:03 openvpn[4811]: OPTIONS IMPORT: explicit notify parm(s) modified
Mar 20 11:37:03 openvpn[4811]: OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Mar 20 11:37:03 openvpn[4811]: Socket Buffers: R=[131072->245760] S=[131072->131072]
Mar 20 11:37:03 openvpn[4811]: OPTIONS IMPORT: --ifconfig/up options modified
Mar 20 11:37:03 openvpn[4811]: OPTIONS IMPORT: route options modified
Mar 20 11:37:03 openvpn[4811]: OPTIONS IMPORT: route-related options modified
Mar 20 11:37:03 openvpn[4811]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mar 20 11:37:03 openvpn[4811]: TUN/TAP device tun11 opened
Mar 20 11:37:03 openvpn[4811]: TUN/TAP TX queue length set to 100
Mar 20 11:37:03 openvpn[4811]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mar 20 11:37:03 openvpn[4811]: /usr/sbin/ip link set dev tun11 up mtu 1500
Mar 20 11:37:03 openvpn[4811]: /usr/sbin/ip addr add dev tun11 172.21.94.165/23 broadcast 172.21.95.255
Mar 20 11:37:05 openvpn[4811]: Ignore conflicted routing rule: 81.171.52.16 255.255.255.255
Mar 20 11:37:05 openvpn[4811]: /usr/sbin/ip route add 0.0.0.0/1 via 172.21.94.1
Mar 20 11:37:05 openvpn[4811]: /usr/sbin/ip route add 128.0.0.0/1 via 172.21.94.1
Mar 20 11:37:06 openvpn-routing: Configuring policy rules for client 1
Mar 20 11:37:06 openvpn-routing: Creating VPN routing table
Mar 20 11:37:06 openvpn-routing: Removing route for 0.0.0.0/1 to tun11 from routing tables
Mar 20 11:37:06 openvpn-routing: Removing route for 128.0.0.0/1 to tun11 from routing tables
Mar 20 11:37:06 openvpn-routing: Removing rule 1001 from routing policy
Mar 20 11:37:06 openvpn-routing: Removing rule 1002 from routing policy
Mar 20 11:37:06 openvpn-routing: Removing rule 1003 from routing policy
Mar 20 11:37:06 openvpn-routing: Removing rule 1004 from routing policy
Mar 20 11:37:06 openvpn-routing: Removing rule 1005 from routing policy
Mar 20 11:37:06 openvpn-routing: Removing rule 1006 from routing policy
Mar 20 11:37:06 openvpn-routing: Removing rule 1007 from routing policy
Mar 20 11:37:07 openvpn-routing: Removing rule 1008 from routing policy
Mar 20 11:37:07 openvpn-routing: Removing rule 1009 from routing policy
Mar 20 11:37:07 openvpn-routing: Removing rule 1010 from routing policy
Mar 20 11:37:07 openvpn-routing: Removing rule 1011 from routing policy
Mar 20 11:37:07 openvpn-routing: Removing rule 1101 from routing policy
Mar 20 11:37:07 openvpn-routing: Removing rule 1102 from routing policy
Mar 20 11:37:07 openvpn-routing: Removing rule 1103 from routing policy
Mar 20 11:37:07 openvpn-routing: Removing rule 1104 from routing policy
Mar 20 11:37:07 openvpn-routing: Removing rule 1105 from routing policy
Mar 20 11:37:07 openvpn-routing: Added 192.168.1.1 to 0.0.0.0 through WAN to routing policy
Mar 20 11:37:07 openvpn-routing: Added 192.168.1.2 to 0.0.0.0 through WAN to routing policy
Mar 20 11:37:07 openvpn-routing: Added 192.168.1.204 to 0.0.0.0 through WAN to routing policy
Mar 20 11:37:07 openvpn-routing: Added 192.168.1.56 to 0.0.0.0 through WAN to routing policy
Mar 20 11:37:08 openvpn-routing: Added 192.168.1.73 to 0.0.0.0 through WAN to routing policy
Mar 20 11:37:08 openvpn-routing: Added 192.168.1.133 to 0.0.0.0 through WAN to routing policy
Mar 20 11:37:08 openvpn-routing: Added 192.168.1.191 to 0.0.0.0 through WAN to routing policy
Mar 20 11:37:08 openvpn-routing: Added 192.168.1.205 to 0.0.0.0 through WAN to routing policy
Mar 20 11:37:08 openvpn-routing: Added 192.168.1.211 to 0.0.0.0 through WAN to routing policy
Mar 20 11:37:08 openvpn-routing: Added 192.168.1.250 to 0.0.0.0 through WAN to routing policy
Mar 20 11:37:08 openvpn-routing: Added 192.168.1.12 to 0.0.0.0 through WAN to routing policy
Mar 20 11:37:08 openvpn-routing: Added 192.168.1.121 to 0.0.0.0 through VPN to routing policy
Mar 20 11:37:08 openvpn-routing: Added 192.168.1.122 to 0.0.0.0 through VPN to routing policy
Mar 20 11:37:08 openvpn-routing: Added 192.168.1.123 to 0.0.0.0 through VPN to routing policy
Mar 20 11:37:08 openvpn-routing: Added 192.168.1.124 to 0.0.0.0 through VPN to routing policy
Mar 20 11:37:09 openvpn-routing: Added 192.168.1.218 to 0.0.0.0 through VPN to routing policy
Mar 20 11:37:09 openvpn-routing: Completed routing policy configuration
Mar 20 11:37:09 openvpn[4811]: Initialization Sequence Completed
Mar 20 11:38:39 openvpn[4811]: event_wait : Interrupted system call (code=4)
Mar 20 11:38:39 openvpn[4811]: OpenVPN STATISTICS
Mar 20 11:38:39 openvpn[4811]: Updated,Sun Mar 20 11:38:39 2016
Mar 20 11:38:39 openvpn[4811]: TUN/TAP read bytes,30555801
Mar 20 11:38:39 openvpn[4811]: TUN/TAP write bytes,30334372
Mar 20 11:38:39 openvpn[4811]: TCP/UDP read bytes,32357130
Mar 20 11:38:39 openvpn[4811]: TCP/UDP write bytes,32214151
Mar 20 11:38:39 openvpn[4811]: Auth read bytes,30334388
Mar 20 11:38:39 openvpn[4811]: pre-compress bytes,4174
Mar 20 11:38:39 openvpn[4811]: post-compress bytes,4221
Mar 20 11:38:39 openvpn[4811]: pre-decompress bytes,0
Mar 20 11:38:39 openvpn[4811]: post-decompress bytes,0
Mar 20 11:38:39 openvpn[4811]: END
 
>>Provider push this, can be a problem.
Mar 20 11:37:03 openvpn[4811]: OPTIONS IMPORT: --sndbuf/--rcvbuf options modified (rcvbuf 262144)

>>Dont you use Compression? check if its needed.

A: Most same as merlin has, with little tweak.
Is this a command line tweak and what is it?
>>Its in program.

Best you can do is using core 1 to VPN its not possible to use both core.
 
Thanks, I further recall I did have 2 clients setup at the time to get the ~50 speeds, 1 client on 1 core is plenty for my needs today.

Yes I have checked and I need to use lzo compression, I've added the line - comp-lzo, to the custom config, do I leave the router VPN client setting /compression - adaptive or something else?
 
Current log with client comp - adaptive and lzo line added to custom...

I still see that I have

>>Provider push this, can be a problem.
Mar 20 11:37:03 openvpn[4811]: OPTIONS IMPORT: --sndbuf/--rcvbuf options modified (rcvbuf 262144) this problem.

Any help to resolve this?

Mar 20 12:41:15 rc_service: httpd 430:notify_rc restart_vpnclient1
Mar 20 12:41:16 openvpn[1253]: event_wait : Interrupted system call (code=4)
Mar 20 12:41:16 openvpn[1253]: SIGTERM received, sending exit notification to peer
Mar 20 12:41:18 dnsmasq[1301]: exiting on receipt of SIGTERM
Mar 20 12:41:19 dnsmasq[1701]: started, version 2.76-g41a8d9e cachesize 1500
Mar 20 12:41:19 dnsmasq[1701]: warning: interface ppp1* does not currently exist
Mar 20 12:41:19 dnsmasq[1701]: asynchronous logging enabled, queue limit is 5 messages
Mar 20 12:41:19 dnsmasq-dhcp[1701]: DHCP, IP range 192.168.1.2 -- 192.168.1.254, lease time 1d
Mar 20 12:41:19 dnsmasq[1701]: read /etc/hosts - 5 addresses
Mar 20 12:41:19 dnsmasq[1701]: read /etc/hosts.dnsmasq - 11 addresses
Mar 20 12:41:19 dnsmasq-dhcp[1701]: read /etc/ethers - 14 addresses
Mar 20 12:41:19 dnsmasq[1701]: using nameserver 31.55.186.70#53
Mar 20 12:41:19 dnsmasq[1701]: using nameserver 31.55.185.46#53
Mar 20 12:41:19 kernel: tun: Universal TUN/TAP device driver, 1.6
Mar 20 12:41:19 kernel: tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
Mar 20 12:41:19 openvpn[1710]: OpenVPN 2.3.8 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Dec 24 2015
Mar 20 12:41:19 openvpn[1710]: library versions: OpenSSL 1.0.2e 3 Dec 2015, LZO 2.08
Mar 20 12:41:19 openvpn[1711]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mar 20 12:41:19 openvpn[1711]: Socket Buffers: R=[122880->131072] S=[122880->131072]
Mar 20 12:41:19 openvpn[1711]: UDPv4 link local: [undef]
Mar 20 12:41:19 openvpn[1711]: UDPv4 link remote: [AF_INET]81.171.75.11:1194
Mar 20 12:41:19 openvpn[1711]: TLS: Initial packet from [AF_INET]81.171.75.11:1194, sid=d8189f2e 6e75ed0d
Mar 20 12:41:20 openvpn[1711]: VERIFY OK: depth=1, C=US, ST=VPN, L=VPN, O=VPN, OU=VPN, CN=VPN, name=VPN, emailAddress=VPN
Mar 20 12:41:20 openvpn[1711]: Validating certificate key usage
Mar 20 12:41:20 openvpn[1711]: ++ Certificate has key usage 00a0, expects 00a0
Mar 20 12:41:20 openvpn[1711]: VERIFY KU OK
Mar 20 12:41:20 openvpn[1711]: Validating certificate extended key usage
Mar 20 12:41:20 openvpn[1711]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Mar 20 12:41:20 openvpn[1711]: VERIFY EKU OK
Mar 20 12:41:20 openvpn[1711]: VERIFY OK: depth=0, C=US, ST=VPN, L=VPN, O=VPN, OU=VPN, CN=vpn, name=VPN
Mar 20 12:41:20 openvpn[1711]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mar 20 12:41:20 openvpn[1711]: Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Mar 20 12:41:20 openvpn[1711]: Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mar 20 12:41:20 openvpn[1711]: Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Mar 20 12:41:20 openvpn[1711]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Mar 20 12:41:20 openvpn[1711]: [vpn] Peer Connection Initiated with [AF_INET]81.171.75.11:1194
Mar 20 12:41:22 openvpn[1711]: SENT CONTROL [vpn]: 'PUSH_REQUEST' (status=1)
Mar 20 12:41:22 openvpn[1711]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 198.18.0.1,dhcp-option DNS 198.18.0.2,rcvbuf 262144,explicit-exit-notify 5,route-gateway 172.21.90.1,topology subnet,ping 20,ping-restart 40,ifconfig 172.21.90.4 255.255.254.0'
Mar 20 12:41:22 openvpn[1711]: OPTIONS IMPORT: timers and/or timeouts modified
Mar 20 12:41:22 openvpn[1711]: OPTIONS IMPORT: explicit notify parm(s) modified
Mar 20 12:41:22 openvpn[1711]: OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Mar 20 12:41:22 openvpn[1711]: Socket Buffers: R=[131072->245760] S=[131072->131072]
Mar 20 12:41:22 openvpn[1711]: OPTIONS IMPORT: --ifconfig/up options modified
Mar 20 12:41:22 openvpn[1711]: OPTIONS IMPORT: route options modified
Mar 20 12:41:22 openvpn[1711]: OPTIONS IMPORT: route-related options modified
Mar 20 12:41:22 openvpn[1711]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mar 20 12:41:22 openvpn[1711]: TUN/TAP device tun11 opened
Mar 20 12:41:22 openvpn[1711]: TUN/TAP TX queue length set to 100
Mar 20 12:41:22 openvpn[1711]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mar 20 12:41:22 openvpn[1711]: /usr/sbin/ip link set dev tun11 up mtu 1500
Mar 20 12:41:22 openvpn[1711]: /usr/sbin/ip addr add dev tun11 172.21.90.4/23 broadcast 172.21.91.255
Mar 20 12:41:22 openvpn[1711]: updown.sh tun11 1500 1570 172.21.90.4 255.255.254.0 init
Mar 20 12:41:23 rc_service: service 1753:notify_rc updateresolv
Mar 20 12:41:23 dnsmasq[1701]: exiting on receipt of SIGTERM
Mar 20 12:41:23 dnsmasq[1759]: started, version 2.76-g41a8d9e cachesize 1500
Mar 20 12:41:23 dnsmasq[1759]: warning: interface ppp1* does not currently exist
Mar 20 12:41:23 dnsmasq[1759]: asynchronous logging enabled, queue limit is 5 messages
Mar 20 12:41:23 dnsmasq-dhcp[1759]: DHCP, IP range 192.168.1.2 -- 192.168.1.254, lease time 1d
Mar 20 12:41:24 dnsmasq[1759]: read /etc/hosts - 5 addresses
Mar 20 12:41:24 dnsmasq[1759]: read /etc/hosts.dnsmasq - 11 addresses
Mar 20 12:41:24 dnsmasq-dhcp[1759]: read /etc/ethers - 14 addresses
Mar 20 12:41:24 dnsmasq[1759]: using nameserver 198.18.0.1#53
Mar 20 12:41:24 dnsmasq[1759]: using nameserver 198.18.0.2#53
Mar 20 12:41:24 dnsmasq[1759]: using nameserver 31.55.186.70#53
Mar 20 12:41:24 dnsmasq[1759]: using nameserver 31.55.185.46#53
Mar 20 12:41:25 openvpn[1711]: Ignore conflicted routing rule: 81.171.75.11 255.255.255.255
Mar 20 12:41:25 openvpn[1711]: /usr/sbin/ip route add 0.0.0.0/1 via 172.21.90.1
Mar 20 12:41:25 openvpn[1711]: /usr/sbin/ip route add 128.0.0.0/1 via 172.21.90.1
Mar 20 12:41:26 openvpn-routing: Configuring policy rules for client 1
Mar 20 12:41:26 openvpn-routing: Creating VPN routing table
Mar 20 12:41:26 openvpn-routing: Removing route for 0.0.0.0/1 to tun11 from routing tables
Mar 20 12:41:26 openvpn-routing: Removing route for 128.0.0.0/1 to tun11 from routing tables
Mar 20 12:41:26 openvpn-routing: Removing rule 1001 from routing policy
Mar 20 12:41:26 openvpn-routing: Removing rule 1002 from routing policy
Mar 20 12:41:26 openvpn-routing: Removing rule 1003 from routing policy
Mar 20 12:41:26 openvpn-routing: Removing rule 1004 from routing policy
Mar 20 12:41:26 openvpn-routing: Removing rule 1005 from routing policy
Mar 20 12:41:26 openvpn-routing: Removing rule 1006 from routing policy
Mar 20 12:41:26 openvpn-routing: Removing rule 1007 from routing policy
Mar 20 12:41:26 openvpn-routing: Removing rule 1008 from routing policy
Mar 20 12:41:26 openvpn-routing: Removing rule 1009 from routing policy
Mar 20 12:41:26 openvpn-routing: Removing rule 1010 from routing policy
Mar 20 12:41:27 openvpn-routing: Removing rule 1011 from routing policy
Mar 20 12:41:27 openvpn-routing: Removing rule 1101 from routing policy
Mar 20 12:41:27 openvpn-routing: Removing rule 1102 from routing policy
Mar 20 12:41:27 openvpn-routing: Removing rule 1103 from routing policy
Mar 20 12:41:27 openvpn-routing: Removing rule 1104 from routing policy
Mar 20 12:41:27 openvpn-routing: Removing rule 1105 from routing policy
Mar 20 12:41:27 openvpn-routing: Added 192.168.1.1 to 0.0.0.0 through WAN to routing policy
Mar 20 12:41:27 openvpn-routing: Added 192.168.1.2 to 0.0.0.0 through WAN to routing policy
Mar 20 12:41:27 openvpn-routing: Added 192.168.1.204 to 0.0.0.0 through WAN to routing policy
Mar 20 12:41:27 openvpn-routing: Added 192.168.1.56 to 0.0.0.0 through WAN to routing policy
Mar 20 12:41:27 openvpn-routing: Added 192.168.1.73 to 0.0.0.0 through WAN to routing policy
Mar 20 12:41:27 openvpn-routing: Added 192.168.1.133 to 0.0.0.0 through WAN to routing policy
Mar 20 12:41:27 openvpn-routing: Added 192.168.1.191 to 0.0.0.0 through WAN to routing policy
Mar 20 12:41:27 openvpn-routing: Added 192.168.1.205 to 0.0.0.0 through WAN to routing policy
Mar 20 12:41:27 openvpn-routing: Added 192.168.1.211 to 0.0.0.0 through WAN to routing policy
Mar 20 12:41:27 openvpn-routing: Added 192.168.1.250 to 0.0.0.0 through WAN to routing policy
Mar 20 12:41:27 openvpn-routing: Added 192.168.1.12 to 0.0.0.0 through WAN to routing policy
Mar 20 12:41:28 openvpn-routing: Added 192.168.1.121 to 0.0.0.0 through VPN to routing policy
Mar 20 12:41:28 openvpn-routing: Added 192.168.1.122 to 0.0.0.0 through VPN to routing policy
Mar 20 12:41:28 openvpn-routing: Added 192.168.1.123 to 0.0.0.0 through VPN to routing policy
Mar 20 12:41:28 openvpn-routing: Added 192.168.1.124 to 0.0.0.0 through VPN to routing policy
Mar 20 12:41:28 openvpn-routing: Added 192.168.1.218 to 0.0.0.0 through VPN to routing policy
Mar 20 12:41:28 openvpn-routing: Completed routing policy configuration
Mar 20 12:41:28 openvpn[1711]: Initialization Sequence Completed
 
Hitman said:
Thanks, I further recall I did have 2 clients setup at the time to get the ~50 speeds, 1 client on 1 core is plenty for my needs today.

Yes I have checked and I need to use lzo compression, I've added the line - comp-lzo, to the custom config, do I leave the router VPN client setting /compression - adaptive or something else?
Click to expand...

You can in GUI set Compression=> None/Enable/Adaptive. comp-lzo yes = ENABLED

This im unsure about but try set (rcvbuf 0) in custom config.
 
You must log in or register to reply here.

Similar threads

S
No internet for router clients (OpenVPN + stunnel)
Replies
6
Views
380
santer_av
S
C
Routing my VPN Server through VPN Client 1 Having issues with Facetime
2 3
Replies
50
Views
2K
eibgrad
eibgrad
K
Troubles config wireguard for network devices on rt-be88 using merlin 3006.102
Replies
18
Views
414
ZebMcKayhan
Z
eibgrad
OpenVPN Client: mishandled route directives
Replies
7
Views
1K
eibgrad
eibgrad
G
Wireguard VPN Client: killswitch activation -> LAN administration lock-out
Replies
6
Views
1K
ZebMcKayhan
Z
Similar threads
Thread starter Title Forum Replies Date
L Problems logging into ASUS Merlin Chrome 133? Asuswrt-Merlin 5
L ASUS Merlin + Nextcloud + DDNS Asuswrt-Merlin 1
G Setting up new ASUS RT-BE86U. Found worrying items in System Log. Can you reassure me? Asuswrt-Merlin 9
J Asus Zen XD4S suddenly not connecting via WiFi backhaul Asuswrt-Merlin 4
Muscless ASUS router VPN to NAS only? Asuswrt-Merlin 2
C Asus RT-BE86U - VPN server speed issues Asuswrt-Merlin 6
A Is running an old ASUS Merlin Router as and AP a security risk? Asuswrt-Merlin 4
D Release Gnuton - Asus Merlin 3004.388.8_4-gnuton1 Asuswrt-Merlin 6
A Asus 86U with 386.14_2 NO export certificate. Any workaround ? Asuswrt-Merlin 2
copperhead Issue with Inter-VLAN Communication on ASUS RT-AX88U Pro Asuswrt-Merlin 3

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 433 (members: 18, guests: 415)
Back
Top