AX86U PRO -- VPN Reboot

[Engineer530]

I just bought the AX86U PRO for my business previously had been using the AC68U with no issues except for slow as molasses VPN. I am using OpenVPN with TAP adapter and the router is using latest ASUS Firmware.

Besides VPN everything seems to be rock solid but every time I connect with OpenVPN TAP mode, the entire router reboots within seconds of connecting, after restarting once or twice it usually will log back in and start working after a few minutes but will reboot at random points during the VPN Connection could be 20 minutes could be 4 hours, I have tried all kinds of setting changes to the Client and Sever, re-generated certs etc. to no Avail, this is extremely frustrating as it takes down the whole router disconnecting clients , active connections etc. when looking at the log file most of the time it crashes right after the "Assoc" part of a connection , whether part of the problem or not I have no idea , but the router can run for days , and the minute I connect via OpenVPN, the log file shows something like below ( MAC address redacted) I understand the association below is a wireless client but for some reason the log looks like this most of the time... with reboot coming right after an association. but only when I connect using OpenVPN - I have a couple other logs saved where I can get to reboot events if anyone is interested.

Someone posted in 2023 with the EXACT same issue but there was never a resolution that I could see.

Any input would be greatly appreciated, this is frustrating having laid down a little cash soley for better VPN performance and it's the only thing that doesn't work right.

Basically the time stamp below is the minute I walked into the office and opened my laptop which i had accidentally left OpenVPN connected from last night at home so once it re-connected it tried to establish VPN then , BOOM --restart

Jun 18 09:14:32 wlceventd: wlceventd_proc_event(722): eth6: Assoc A4:FC:77:xx:xx:xx , status: Successful (0), rssi:-42
Dec 31 16:00:19 kernel: klogd started: BusyBox v1.24.1 (2024-05-23 11:26:19 CST)
Dec 31 16:00:19 kernel: Linux version 4.19.183 (root@asus) (gcc version 9.2.0 (Buildroot 2019.11.1)) #1 SMP PREEMPT Thu May 23 11:27:38 CST 2024
Dec 31 16:00:19 kernel: random: get_random_bytes called from start_kernel+0x9c/0x454 with crng_init=0

Thanks in advance!

 

[bbunge]

Do you have compression enabled on the server (router OpenVPN setup)? If so, disable it as it has been depreciated in current clients. Not sure if it does cause issues but it could.
Another option is to use Wireguard. Set it up on the router for a just in case. InstantGuard also works well and you can have all three running at the same time.
Also, use a different port from the OVPN default.

 

[Engineer530]

Do you have compression enabled on the server (router OpenVPN setup)? If so, disable it as it has been depreciated in current clients. Not sure if it does cause issues but it could.
Another option is to use Wireguard. Set it up on the router for a just in case. InstantGuard also works well and you can have all three running at the same time.
Also, use a different port from the OVPN default.

Yes I disabled compression as I saw security related posts about it some time ago, I am using a non-standard port and have even tried both TCP and UDP, I will try wireguard if I get a chance, if it has the same capability of OpenVPN that would be great, as I primarily use it for getting onto the network from remote locations and working with files over shares etc. the one thing I have not done is a factory reset after all the firmware updates the router did then trying to reconfigure everything to see if it still has the issue. I'd love to know why OpenVPN is broken though as it worked so perfectly with the AC68U that I had.

 

[bbunge]

Am currently 30 miles from home. Set up OpenVPN over a Wireguard connection then connected successfully over OpenVPN. Used custom port and disabled compression. Am using a Samsung tablet but am sure a laptop would have worked.
Use, a reset and configure may be in order. I have done that after the major firmware upgrade.

 

[eibgrad]

I don't know specifically what would cause the rebooting, but let's be clear here. WG only supports routed tunnels! But you've configured OpenVPN for *bridged* tunneling (TAP), which is very different from a routed tunnel (TUN). 99% of the time you want a routed, NOT bridged, tunnel. So if indeed you want/need a bridged tunnel, WG is NOT the answer. OTOH, if you really only need a routed tunnel, then convert the OpenVPN tunnel to routed (TUN) and see if that helps. A bridged OpenVPN tunnel assumes both sides of the connection are using the *same* IP network, and allows layer 2 (ethernet) traffic across the tunnel. That *might* lead to unexpected problems (e.g., DHCP requests accessing the wrong DHCP server), whereas a routed tunnel expects the two sides to be using *different* IP networks, w/ far fewer side-effects.

 

[Engineer530]

I don't know specifically what would cause the rebooting, but let's be clear here. WG only supports routed tunnels! But you've configured OpenVPN for *bridged* tunneling (TAP), which is very different from a routed tunnel (TUN). 99% of the time you want a routed, NOT bridged, tunnel. So if indeed you want/need a bridged tunnel, WG is NOT the answer. OTOH, if you really only need a routed tunnel, then convert the OpenVPN tunnel to routed (TUN) and see if that helps. A bridged OpenVPN tunnel assumes both sides of the connection are using the *same* IP network, and allows layer 2 (ethernet) traffic across the tunnel. That *might* lead to unexpected problems (e.g., DHCP requests accessing the wrong DHCP server), whereas a routed tunnel expects the two sides to be using *different* IP networks, w/ far fewer side-effects.

Do windows shares and network browsing work OK over a tunnel? for some reason that's why I thought I had done TAP to begin with. We have a network share that is mapped as a drive along with a networked printer , I also use RDP to connect to various machines within the network once connected over VPN. being able to go out on the web through the router is also handy when our main router is whitelisted for certain things. if this is possible over tunnel I will figure out how to make it happen.... I think that TAP might be the issue because the OpenVPN GUI doesn't even support TAP anymore, I have to use the other client that runs in the tray.

 

[eibgrad]

One of the things that won't work over a routed tunnel, but will work over a bridged tunnel, is network discovery. But that doesn't mean you can't still connect to those resources. Network discovery is usually just a convenience. You just have to reference the resources explicitly, either by DNS name or IP (e.g., \\192.168.1.100\someshare).