ASUS RT-AX86 Open VPN No LAN Access

[ronmis]

I setup OpenVPN on ASUS RT-AX86 with a fresh install of Merlin. I am able to connect to the VPN but unable to access LAN devices. Should I setup port forwarding?

I've done this in the past and it has worked like a charm, completely stumped this time.

I can access external websites when connected to the VPN, but they are extreemly slow to load. I'm on a 1gb internet connection.

There are several posts regarding this issue, but none seem to work for me.

I've tried setting LAN - Route - Enable Static Routes - didn't work

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE - messed up my settings and I had to factory reset the router

I renewed the VPN Certificate to no avail.

Any help will be greatly appreciated.

Thank you!

 

[ColinTaylor]

Do not setup port forwarding, static routes or iptables rules.

Check that you have "Client will use VPN to access" set to "Both" in the General settings.

 

[ronmis]

Do not setup port forwarding, static routes or iptables rules.

Check that you have "Client will use VPN to access" set to "Both" in the General settings.

I have that enabled

 

[ColinTaylor]

I have that enabled

View attachment 59135

Then that's all that's needed. So your problem must lie elsewhere.

Post the contents of the router's System Log showing your client connecting to the VPN server. That might provide a clue.

 

[ronmis]

Jun  1 16:17:00 ovpn-server1[26948]: 172.59.194.35:8120 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=ASUS, OU=Home/Office, CN=RT-AX86U, emailAddress=me@asusrouter.lan
Jun  1 16:17:00 ovpn-server1[26948]: 172.59.194.35:8120 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=ASUS, OU=Home/Office, CN=client, emailAddress=me@asusrouter.lan
Jun  1 16:17:00 ovpn-server1[26948]: 172.59.194.35:8120 peer info: IV_VER=3.8.5connectQA3
Jun  1 16:17:00 ovpn-server1[26948]: 172.59.194.35:8120 peer info: IV_PLAT=ios
Jun  1 16:17:00 ovpn-server1[26948]: 172.59.194.35:8120 peer info: IV_NCP=2
Jun  1 16:17:00 ovpn-server1[26948]: 172.59.194.35:8120 peer info: IV_TCPNL=1
Jun  1 16:17:00 ovpn-server1[26948]: 172.59.194.35:8120 peer info: IV_PROTO=990
Jun  1 16:17:00 ovpn-server1[26948]: 172.59.194.35:8120 peer info: IV_MTU=1600
Jun  1 16:17:00 ovpn-server1[26948]: 172.59.194.35:8120 peer info: IV_CIPHERS=AES-128-CBC:AES-192-CBC:AES-256-CBC:AES-128-GCM:AES-192-GCM:AES-256-GCM:CHACHA20-POLY1305
Jun  1 16:17:00 ovpn-server1[26948]: 172.59.194.35:8120 peer info: IV_GUI_VER=net.openvpn.connect.ios_3.4.2-5723
Jun  1 16:17:00 ovpn-server1[26948]: 172.59.194.35:8120 peer info: IV_SSO=webauth,openurl,crtext
Jun  1 16:17:00 ovpn-server1[26948]: 172.59.194.35:8120 peer info: IV_BS64DL=1
Jun  1 16:17:00 ovpn-server1[26948]: 172.59.194.35:8120 PLUGIN_CALL: POST /usr/lib/openvpn-plugin-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
Jun  1 16:17:00 ovpn-server1[26948]: 172.59.194.35:8120 TLS: Username/Password authentication succeeded for username 'admin'
Jun  1 16:17:00 ovpn-server1[26948]: 172.59.194.35:8120 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
Jun  1 16:17:00 ovpn-server1[26948]: 172.59.194.35:8120 TLS: tls_multi_process: initial untrusted session promoted to trusted
Jun  1 16:17:00 ovpn-server1[26948]: 172.59.194.35:8120 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 1024 bits RSA, signature: RSA-SHA256, peer temporary key: 253 bits X25519
Jun  1 16:17:00 ovpn-server1[26948]: 172.59.194.35:8120 [client] Peer Connection Initiated with [AF_INET]172.59.194.35:8120 (via [AF_INET]47.185.201.208%eth0)
Jun  1 16:17:00 ovpn-server1[26948]: client/172.59.194.35:8120 MULTI_sva: pool returned IPv4=10.8.0.3, IPv6=(Not enabled)
Jun  1 16:17:00 ovpn-server1[26948]: client/172.59.194.35:8120 MULTI: Learn: 10.8.0.3 -> client/172.59.194.35:8120
Jun  1 16:17:00 ovpn-server1[26948]: client/172.59.194.35:8120 MULTI: primary virtual IP for client/172.59.194.35:8120: 10.8.0.3
Jun  1 16:17:00 ovpn-server1[26948]: client/172.59.194.35:8120 SENT CONTROL [client]: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0 vpn_gateway 500,redirect-gateway def1,route-gateway 10.8.0.1,topology subnet,ping 15,ping-restart 60,ifconfig 10.8.0.3 255.255.255.0,peer-id 1,cipher AES-256-GCM,protocol-flags cc-exit tls-ekm dyn-tls-crypt,tun-mtu 1500' (status=1)
Jun  1 16:17:00 ovpn-server1[26948]: client/172.59.194.35:8120 PUSH: Received control message: 'PUSH_REQUEST'
Jun  1 16:17:01 ovpn-server1[26948]: client/172.59.194.35:8120 Data Channel: cipher 'AES-256-GCM', peer-id: 0
Jun  1 16:17:01 ovpn-server1[26948]: client/172.59.194.35:8120 Timers: ping 15, ping-restart 120
Jun  1 16:17:01 ovpn-server1[26948]: client/172.59.194.35:8120 Protocol options: protocol-flags cc-exit tls-ekm dyn-tls-crypt
Jun  1 16:17:44 ovpn-server1[26948]: client/192.168.1.3:61251 [client] Inactivity timeout (--ping-restart), restarting
Jun  1 16:17:44 ovpn-server1[26948]: client/192.168.1.3:61251 SIGUSR1[soft,ping-restart] received, client-instance restarting

This is the System Log. Thanks Colin for working with me on this issue.

 

[ColinTaylor]

That looks essentially the same as on my router so I don't know why you can't access devices on your LAN. The only difference is that I'm using an Android client and you're using iOS. How are you testing this?

 

[ronmis]

I'm testing it through my iPhone connected to 5G. I'll try using another device to test it out. Maybe it is my company software on the iPhone that is blocking this. I use ProtonVPN too and it works just fine.

 

[ColinTaylor]

If you're also running a VPN client on the router at the same time that could be the problem. Try turning off the VPN client and testing again.

EDIT: When I asked how you're testing this I meant what services are you trying to connect to on the LAN?

 

[ronmis]

No VPN client on the router. I use ProtonVPN on my phone at times and it works fine (so my company's software on my phone is probably not the problem)

 

[Tech9]

After setting up the VPN server reboot the router and try again.

This exact setup works fine on iOS with OpenVPN Connect app.

 

[ronmis]

If you're also running a VPN client on the router at the same time that could be the problem. Try turning off the VPN client and testing again.

EDIT: When I asked how you're testing this I meant what services are you trying to connect to on the LAN?

The Asus router page - 192.168.1.1/Main_Login.asp
and Homebridge Server - 192.168.1.175:8581/login

I'm trying to access those through Safari

Funny thing is I have the PiHelper app which connects to my raspberry pi's and shows stats about them - cpu, mem, disk etc. This app works fine when i'm vpn'd in. It's just that i'm unable to access the above listed links through a web browser

 

[elorimer]

compression mismatch?

 

[ronmis]

I’ve tried both compression disabled and none in the ASUS router vpn advanced section, same issue :-/

 

[ColinTaylor]

The Asus router page - 192.168.1.1/Main_Login.asp
and Homebridge Server - 192.168.1.175:8581/login

I'm trying to access those through Safari

Funny thing is I have the PiHelper app which connects to my raspberry pi's and shows stats about them - cpu, mem, disk etc. This app works fine when i'm vpn'd in. It's just that i'm unable to access the above listed links through a web browser

I can't think why this wouldn't work. As I said, I have an almost identical setup to you and it works without issue. One thing I would note is that any incoming connections will have a non-local source address (10.8.0.x) so you may have to adjust your Homebridge server's firewall or ACL rules to allow this.

Are your servers listening for HTTPS? Some browsers nowadays will automatically change HTTP requests to HTTPS. So maybe try a different browser.

 

[ronmis]

I can't think why this wouldn't work. As I said, I have an almost identical setup to you and it works without issue. One thing I would note is that any incoming connections will have a non-local source address (10.8.0.x) so you may have to adjust your Homebridge server's firewall or ACL rules to allow this.

Are your servers listening for HTTPS? Some browsers nowadays will automatically change HTTP requests to HTTPS. So maybe try a different browser.

I tried the OpenVPN client on my wife's phone and it connected to our LAN devices perfectly well. It just doens't work on mine. I installed my company's software on my phone recently and I'm guessing that's the cause.

I tried the WireGuard VPN Server and it worked like a charm

Thank you all for your help and guidance.

 

[elorimer]

I’ve tried both compression disabled and none in the ASUS router vpn advanced section, same issue :-/

So what is the client? If the client has compression set to on, and the router is either disabled or none, you can connect but no traffic will flow. You need both sides to have compression disabled, or both sides to have compression as none, or both sides to have compression on. Any other combos make a connection but nothing happens.

 

[Celo]

Hello!

I'm having problems with my openvpn server aswell.

This is my configuration:

It goes up fine as log below:

Jun 6 18:04:39 GT-AXE11000 ovpn-server1[19906]: OpenVPN 2.6.10 arm-buildroot-linux-gnueabi [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Jun 6 18:04:39 GT-AXE11000 ovpn-server1[19906]: library versions: OpenSSL 1.1.1w 11 Sep 2023, LZO 2.08
Jun 6 18:04:39 GT-AXE11000 ovpn-server1[19907]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jun 6 18:04:39 GT-AXE11000 ovpn-server1[19907]: PLUGIN AUTH-PAM: initialization succeeded (fg)
Jun 6 18:04:39 GT-AXE11000 ovpn-server1[19907]: PLUGIN_INIT: POST /usr/lib/openvpn-plugin-auth-pam.so '[/usr/lib/openvpn-plugin-auth-pam.so] [openvpn]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY
Jun 6 18:04:39 GT-AXE11000 ovpn-server1[19907]: Diffie-Hellman initialized with 2048 bit key
Jun 6 18:04:39 GT-AXE11000 ovpn-server1[19907]: TUN/TAP device tun21 opened
Jun 6 18:04:39 GT-AXE11000 ovpn-server1[19907]: TUN/TAP TX queue length set to 1000
Jun 6 18:04:39 GT-AXE11000 ovpn-server1[19907]: /usr/sbin/ip link set dev tun21 up mtu 1500
Jun 6 18:04:39 GT-AXE11000 vpnserver1[19909]: PLUGIN AUTH-PAM: BACKGROUND: initialization succeeded
Jun 6 18:04:39 GT-AXE11000 ovpn-server1[19907]: /usr/sbin/ip link set dev tun21 up
Jun 6 18:04:39 GT-AXE11000 ovpn-server1[19907]: /usr/sbin/ip addr add dev tun21 10.175.50.1/24
Jun 6 18:04:39 GT-AXE11000 ovpn-server1[19907]: ovpn-up 1 server tun21 1500 0 10.175.50.1 255.255.255.0 init
Jun 6 18:04:39 GT-AXE11000 ovpn-server1[19907]: Socket Buffers: R=[524288->524288] S=[524288->524288]
Jun 6 18:04:39 GT-AXE11000 ovpn-server1[19907]: UDPv4 link local (bound): [AF_INET][undef]:1286
Jun 6 18:04:39 GT-AXE11000 ovpn-server1[19907]: UDPv4 link remote: [AF_UNSPEC]
Jun 6 18:04:39 GT-AXE11000 ovpn-server1[19907]: MULTI: multi_init called, r=256 v=256
Jun 6 18:04:39 GT-AXE11000 ovpn-server1[19907]: IFCONFIG POOL IPv4: base=10.175.50.2 size=253
Jun 6 18:04:39 GT-AXE11000 ovpn-server1[19907]: Initialization Sequence Completed


Export the config file and only add the line "tls-cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" to it.

Connection from 5G on my phone goes fine too, as log below:

Jun 6 17:57:27 GT-AXE11000 ovpn-server1[8497]: [MY_IP]:16640 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=ASUS, OU=Home/Office, CN=GT-AXE11000, emailAddress=me@asusrouter.lan
Jun 6 17:57:27 GT-AXE11000 ovpn-server1[8497]: [MY_IP]:16640 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=ASUS, OU=Home/Office, CN=client, emailAddress=me@asusrouter.lan
Jun 6 17:57:27 GT-AXE11000 ovpn-server1[8497]: [MY_IP]:16640 peer info: IV_VER=3.8.5connectQA3
Jun 6 17:57:27 GT-AXE11000 ovpn-server1[8497]: [MY_IP]:16640 peer info: IV_PLAT=android
Jun 6 17:57:27 GT-AXE11000 ovpn-server1[8497]: [MY_IP]:16640 peer info: IV_NCP=2
Jun 6 17:57:27 GT-AXE11000 ovpn-server1[8497]: [MY_IP]:16640 peer info: IV_TCPNL=1
Jun 6 17:57:27 GT-AXE11000 ovpn-server1[8497]: [MY_IP]:16640 peer info: IV_PROTO=990
Jun 6 17:57:27 GT-AXE11000 ovpn-server1[8497]: [MY_IP]:16640 peer info: IV_MTU=1600
Jun 6 17:57:27 GT-AXE11000 ovpn-server1[8497]: [MY_IP]:16640 peer info: IV_CIPHERS=AES-128-CBC:AES-192-CBC:AES-256-CBC:AES-128-GCM:AES-192-GCM:AES-256-GCM:CHACHA20-POLY1305
Jun 6 17:57:27 GT-AXE11000 ovpn-server1[8497]: [MY_IP]:16640 peer info: IV_GUI_VER=net.openvpn.connect.android_3.4.2-9909
Jun 6 17:57:27 GT-AXE11000 ovpn-server1[8497]: [MY_IP]:16640 peer info: IV_SSO=webauth,openurl,crtext
Jun 6 17:57:27 GT-AXE11000 ovpn-server1[8497]: [MY_IP]:16640 peer info: IV_BS64DL=1
Jun 6 17:57:27 GT-AXE11000 ovpn-server1[8497]: [MY_IP]:16640 PLUGIN_CALL: POST /usr/lib/openvpn-plugin-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
Jun 6 17:57:27 GT-AXE11000 ovpn-server1[8497]: [MY_IP]:16640 TLS: Username/Password authentication succeeded for username 'cel'
Jun 6 17:57:27 GT-AXE11000 ovpn-server1[8497]: [MY_IP]:16640 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
Jun 6 17:57:27 GT-AXE11000 ovpn-server1[8497]: [MY_IP]:16640 TLS: tls_multi_process: initial untrusted session promoted to trusted
Jun 6 17:57:27 GT-AXE11000 ovpn-server1[8497]: [MY_IP]:16640 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bits RSA, signature: RSA-SHA256, peer temporary key: 253 bits X25519
Jun 6 17:57:27 GT-AXE11000 ovpn-server1[8497]: [MY_IP]:16640 [client] Peer Connection Initiated with [AF_INET][MY_IP]:16640 (via [AF_INET][MY_HOME_IP]%eth0)
Jun 6 17:57:27 GT-AXE11000 ovpn-server1[8497]: client/[MY_IP]:16640 MULTI_sva: pool returned IPv4=10.175.50.2, IPv6=(Not enabled)
Jun 6 17:57:27 GT-AXE11000 ovpn-server1[8497]: client/[MY_IP]:16640 MULTI: Learn: 10.175.50.2 -> client/[MY_IP]:16640
Jun 6 17:57:27 GT-AXE11000 ovpn-server1[8497]: client/[MY_IP]:16640 MULTI: primary virtual IP for client/[MY_IP]:16640: 10.175.50.2
Jun 6 17:57:27 GT-AXE11000 ovpn-server1[8497]: client/[MY_IP]:16640 SENT CONTROL [client]: 'PUSH_REPLY,route 10.145.55.0 255.255.255.0 vpn_gateway 500,dhcp-option DNS 10.145.55.1,redirect-gateway def1,route-gateway 10.175.50.1,topology subnet,ping 5,ping-restart 180,ifconfig 10.175.50.2 255.255.255.0,peer-id 0,cipher AES-256-GCM,protocol-flags cc-exit tls-ekm dyn-tls-crypt,tun-mtu 1500' (status=1)
Jun 6 17:57:27 GT-AXE11000 ovpn-server1[8497]: client/[MY_IP]:16640 PUSH: Received control message: 'PUSH_REQUEST'
Jun 6 17:57:28 GT-AXE11000 ovpn-server1[8497]: client/[MY_IP]:16640 Data Channel: cipher 'AES-256-GCM', peer-id: 0
Jun 6 17:57:28 GT-AXE11000 ovpn-server1[8497]: client/[MY_IP]:16640 Timers: ping 5, ping-restart 360
Jun 6 17:57:28 GT-AXE11000 ovpn-server1[8497]: client/[MY_IP]:16640 Protocol options: protocol-flags cc-exit tls-ekm dyn-tls-crypt


The problem is that internet doesn't work and i can't access the router. The weirdest thing that i have noticed is that when i was trying to access the router WebUI from the phone and was with it logged in on my pc, the page was "laggin", like unresponsive. I close the tab on the phone and the page on the pc loads and goes back to normal. Same happens in a macbook with internet from phone 5G hotspot.

More info:
-IPv6 disabled on modem (bridge mode) and router.
-WebUI access only in https on port 8443.
-I have added no firewall rules myself.
-Tried everything from restarting the ovpn server, reseting to default, rebooting the router, restarting "dnsmasq" and "httpd" services in scMerlin addon page, and all sorts of mixes in between these.
-Only recently i've installed Skynet. Tried temporarily disabling it and done the above with same results.
-No errors or anything in system log or skynet log.
-If i'm on the router wifi and connect to the vpn, everything works fine, the WebUI opens normally and doens't "freezes" the page on the pc.

Tried configuring the second ovpn server and noticed that this error popped when going up "kernel: [ERROR pktrunner] runnerUcast_inetaddr_event,181: Could not rdpa_system_ipv4_host_address_table_add ret=-3" BUT the server goes up fine and i connect to it aswell, but with the same problems.
When disabling it, this error popps "kernel: [ERROR pktrunner] runnerUcast_inetaddr_event,190: Could not rdpa_system_ipv4_host_address_table_find ret=-5".
Don't know what this means but there aren't any other problems or error messages of any type.

Everything was working fine until last week when i did a complete reset of the router, but to be precise i was only connecting to the vpn from wifi connections from both phone and macbook (not using hotspot) as far as i remember. I'm going to a friends house tomorrow and will try from his wifi and then will update this post.

Finally, set up the Wireguard server and it works perfectly on my phone 5G and macbook using phone 5G hotspot.

 

[ronmis]

So what is the client? If the client has compression set to on, and the router is either disabled or none, you can connect but no traffic will flow. You need both sides to have compression disabled, or both sides to have compression as none, or both sides to have compression on. Any other combos make a connection but nothing happens.

There was no option to set compression on the client.

 

[Celo]

Hello!

I'm having problems with my openvpn server aswell.

This is my configuration:
View attachment 59251

View attachment 59250

It goes up fine as log below:

Jun 6 18:04:39 GT-AXE11000 ovpn-server1[19906]: OpenVPN 2.6.10 arm-buildroot-linux-gnueabi [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Jun 6 18:04:39 GT-AXE11000 ovpn-server1[19906]: library versions: OpenSSL 1.1.1w 11 Sep 2023, LZO 2.08
Jun 6 18:04:39 GT-AXE11000 ovpn-server1[19907]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jun 6 18:04:39 GT-AXE11000 ovpn-server1[19907]: PLUGIN AUTH-PAM: initialization succeeded (fg)
Jun 6 18:04:39 GT-AXE11000 ovpn-server1[19907]: PLUGIN_INIT: POST /usr/lib/openvpn-plugin-auth-pam.so '[/usr/lib/openvpn-plugin-auth-pam.so] [openvpn]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY
Jun 6 18:04:39 GT-AXE11000 ovpn-server1[19907]: Diffie-Hellman initialized with 2048 bit key
Jun 6 18:04:39 GT-AXE11000 ovpn-server1[19907]: TUN/TAP device tun21 opened
Jun 6 18:04:39 GT-AXE11000 ovpn-server1[19907]: TUN/TAP TX queue length set to 1000
Jun 6 18:04:39 GT-AXE11000 ovpn-server1[19907]: /usr/sbin/ip link set dev tun21 up mtu 1500
Jun 6 18:04:39 GT-AXE11000 vpnserver1[19909]: PLUGIN AUTH-PAM: BACKGROUND: initialization succeeded
Jun 6 18:04:39 GT-AXE11000 ovpn-server1[19907]: /usr/sbin/ip link set dev tun21 up
Jun 6 18:04:39 GT-AXE11000 ovpn-server1[19907]: /usr/sbin/ip addr add dev tun21 10.175.50.1/24
Jun 6 18:04:39 GT-AXE11000 ovpn-server1[19907]: ovpn-up 1 server tun21 1500 0 10.175.50.1 255.255.255.0 init
Jun 6 18:04:39 GT-AXE11000 ovpn-server1[19907]: Socket Buffers: R=[524288->524288] S=[524288->524288]
Jun 6 18:04:39 GT-AXE11000 ovpn-server1[19907]: UDPv4 link local (bound): [AF_INET][undef]:1286
Jun 6 18:04:39 GT-AXE11000 ovpn-server1[19907]: UDPv4 link remote: [AF_UNSPEC]
Jun 6 18:04:39 GT-AXE11000 ovpn-server1[19907]: MULTI: multi_init called, r=256 v=256
Jun 6 18:04:39 GT-AXE11000 ovpn-server1[19907]: IFCONFIG POOL IPv4: base=10.175.50.2 size=253
Jun 6 18:04:39 GT-AXE11000 ovpn-server1[19907]: Initialization Sequence Completed


Export the config file and only add the line "tls-cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" to it.

Connection from 5G on my phone goes fine too, as log below:

Jun 6 17:57:27 GT-AXE11000 ovpn-server1[8497]: [MY_IP]:16640 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=ASUS, OU=Home/Office, CN=GT-AXE11000, emailAddress=me@asusrouter.lan
Jun 6 17:57:27 GT-AXE11000 ovpn-server1[8497]: [MY_IP]:16640 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=ASUS, OU=Home/Office, CN=client, emailAddress=me@asusrouter.lan
Jun 6 17:57:27 GT-AXE11000 ovpn-server1[8497]: [MY_IP]:16640 peer info: IV_VER=3.8.5connectQA3
Jun 6 17:57:27 GT-AXE11000 ovpn-server1[8497]: [MY_IP]:16640 peer info: IV_PLAT=android
Jun 6 17:57:27 GT-AXE11000 ovpn-server1[8497]: [MY_IP]:16640 peer info: IV_NCP=2
Jun 6 17:57:27 GT-AXE11000 ovpn-server1[8497]: [MY_IP]:16640 peer info: IV_TCPNL=1
Jun 6 17:57:27 GT-AXE11000 ovpn-server1[8497]: [MY_IP]:16640 peer info: IV_PROTO=990
Jun 6 17:57:27 GT-AXE11000 ovpn-server1[8497]: [MY_IP]:16640 peer info: IV_MTU=1600
Jun 6 17:57:27 GT-AXE11000 ovpn-server1[8497]: [MY_IP]:16640 peer info: IV_CIPHERS=AES-128-CBC:AES-192-CBC:AES-256-CBC:AES-128-GCM:AES-192-GCM:AES-256-GCM:CHACHA20-POLY1305
Jun 6 17:57:27 GT-AXE11000 ovpn-server1[8497]: [MY_IP]:16640 peer info: IV_GUI_VER=net.openvpn.connect.android_3.4.2-9909
Jun 6 17:57:27 GT-AXE11000 ovpn-server1[8497]: [MY_IP]:16640 peer info: IV_SSO=webauth,openurl,crtext
Jun 6 17:57:27 GT-AXE11000 ovpn-server1[8497]: [MY_IP]:16640 peer info: IV_BS64DL=1
Jun 6 17:57:27 GT-AXE11000 ovpn-server1[8497]: [MY_IP]:16640 PLUGIN_CALL: POST /usr/lib/openvpn-plugin-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
Jun 6 17:57:27 GT-AXE11000 ovpn-server1[8497]: [MY_IP]:16640 TLS: Username/Password authentication succeeded for username 'cel'
Jun 6 17:57:27 GT-AXE11000 ovpn-server1[8497]: [MY_IP]:16640 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
Jun 6 17:57:27 GT-AXE11000 ovpn-server1[8497]: [MY_IP]:16640 TLS: tls_multi_process: initial untrusted session promoted to trusted
Jun 6 17:57:27 GT-AXE11000 ovpn-server1[8497]: [MY_IP]:16640 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bits RSA, signature: RSA-SHA256, peer temporary key: 253 bits X25519
Jun 6 17:57:27 GT-AXE11000 ovpn-server1[8497]: [MY_IP]:16640 [client] Peer Connection Initiated with [AF_INET][MY_IP]:16640 (via [AF_INET][MY_HOME_IP]%eth0)
Jun 6 17:57:27 GT-AXE11000 ovpn-server1[8497]: client/[MY_IP]:16640 MULTI_sva: pool returned IPv4=10.175.50.2, IPv6=(Not enabled)
Jun 6 17:57:27 GT-AXE11000 ovpn-server1[8497]: client/[MY_IP]:16640 MULTI: Learn: 10.175.50.2 -> client/[MY_IP]:16640
Jun 6 17:57:27 GT-AXE11000 ovpn-server1[8497]: client/[MY_IP]:16640 MULTI: primary virtual IP for client/[MY_IP]:16640: 10.175.50.2
Jun 6 17:57:27 GT-AXE11000 ovpn-server1[8497]: client/[MY_IP]:16640 SENT CONTROL [client]: 'PUSH_REPLY,route 10.145.55.0 255.255.255.0 vpn_gateway 500,dhcp-option DNS 10.145.55.1,redirect-gateway def1,route-gateway 10.175.50.1,topology subnet,ping 5,ping-restart 180,ifconfig 10.175.50.2 255.255.255.0,peer-id 0,cipher AES-256-GCM,protocol-flags cc-exit tls-ekm dyn-tls-crypt,tun-mtu 1500' (status=1)
Jun 6 17:57:27 GT-AXE11000 ovpn-server1[8497]: client/[MY_IP]:16640 PUSH: Received control message: 'PUSH_REQUEST'
Jun 6 17:57:28 GT-AXE11000 ovpn-server1[8497]: client/[MY_IP]:16640 Data Channel: cipher 'AES-256-GCM', peer-id: 0
Jun 6 17:57:28 GT-AXE11000 ovpn-server1[8497]: client/[MY_IP]:16640 Timers: ping 5, ping-restart 360
Jun 6 17:57:28 GT-AXE11000 ovpn-server1[8497]: client/[MY_IP]:16640 Protocol options: protocol-flags cc-exit tls-ekm dyn-tls-crypt


The problem is that internet doesn't work and i can't access the router. The weirdest thing that i have noticed is that when i was trying to access the router WebUI from the phone and was with it logged in on my pc, the page was "laggin", like unresponsive. I close the tab on the phone and the page on the pc loads and goes back to normal. Same happens in a macbook with internet from phone 5G hotspot.

More info:
-IPv6 disabled on modem (bridge mode) and router.
-WebUI access only in https on port 8443.
-I have added no firewall rules myself.
-Tried everything from restarting the ovpn server, reseting to default, rebooting the router, restarting "dnsmasq" and "httpd" services in scMerlin addon page, and all sorts of mixes in between these.
-Only recently i've installed Skynet. Tried temporarily disabling it and done the above with same results.
-No errors or anything in system log or skynet log.
-If i'm on the router wifi and connect to the vpn, everything works fine, the WebUI opens normally and doens't "freezes" the page on the pc.

Tried configuring the second ovpn server and noticed that this error popped when going up "kernel: [ERROR pktrunner] runnerUcast_inetaddr_event,181: Could not rdpa_system_ipv4_host_address_table_add ret=-3" BUT the server goes up fine and i connect to it aswell, but with the same problems.
When disabling it, this error popps "kernel: [ERROR pktrunner] runnerUcast_inetaddr_event,190: Could not rdpa_system_ipv4_host_address_table_find ret=-5".
Don't know what this means but there aren't any other problems or error messages of any type.

Everything was working fine until last week when i did a complete reset of the router, but to be precise i was only connecting to the vpn from wifi connections from both phone and macbook (not using hotspot) as far as i remember. I'm going to a friends house tomorrow and will try from his wifi and then will update this post.

Finally, set up the Wireguard server and it works perfectly on my phone 5G and macbook using phone 5G hotspot.

I'm leaving this to the experts, there's probably some trickery going on.

Went to my frieds house and from my phone on his wifi everything worked fine, accessed the router WebUI no problem and my internet was going through the tunnel, so, yeah, it was probably like this since i don't know when, i just got "lucky" i only needed the vpn on a wifi connection.

The only information i don't have (forgot to test) is if he has IPv6 enabled in any way.

Since 5G connection certainly uses IPv6, my guess is that there's something going on in this area. Maybe it's simple and the ISP is blocking something somehow, i really don't know what i'm talking about.

I did my best to provide the most amount of info i could.

Thank you.