What's new

AX86U PRO -- VPN Reboot

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Engineer530

New Around Here
I just bought the AX86U PRO for my business previously had been using the AC68U with no issues except for slow as molasses VPN. I am using OpenVPN with TAP adapter and the router is using latest ASUS Firmware.

Besides VPN everything seems to be rock solid but every time I connect with OpenVPN TAP mode, the entire router reboots within seconds of connecting, after restarting once or twice it usually will log back in and start working after a few minutes but will reboot at random points during the VPN Connection could be 20 minutes could be 4 hours, I have tried all kinds of setting changes to the Client and Sever, re-generated certs etc. to no Avail, this is extremely frustrating as it takes down the whole router disconnecting clients , active connections etc. when looking at the log file most of the time it crashes right after the "Assoc" part of a connection , whether part of the problem or not I have no idea , but the router can run for days , and the minute I connect via OpenVPN, the log file shows something like below ( MAC address redacted) I understand the association below is a wireless client but for some reason the log looks like this most of the time... with reboot coming right after an association. but only when I connect using OpenVPN - I have a couple other logs saved where I can get to reboot events if anyone is interested.

Someone posted in 2023 with the EXACT same issue but there was never a resolution that I could see.

Any input would be greatly appreciated, this is frustrating having laid down a little cash soley for better VPN performance and it's the only thing that doesn't work right.

Basically the time stamp below is the minute I walked into the office and opened my laptop which i had accidentally left OpenVPN connected from last night at home so once it re-connected it tried to establish VPN then , BOOM --restart

Jun 18 09:14:32 wlceventd: wlceventd_proc_event(722): eth6: Assoc A4:FC:77:xx:xx:xx , status: Successful (0), rssi:-42
Dec 31 16:00:19 kernel: klogd started: BusyBox v1.24.1 (2024-05-23 11:26:19 CST)
Dec 31 16:00:19 kernel: Linux version 4.19.183 (root@asus) (gcc version 9.2.0 (Buildroot 2019.11.1)) #1 SMP PREEMPT Thu May 23 11:27:38 CST 2024
Dec 31 16:00:19 kernel: random: get_random_bytes called from start_kernel+0x9c/0x454 with crng_init=0

Thanks in advance!
 
Do you have compression enabled on the server (router OpenVPN setup)? If so, disable it as it has been depreciated in current clients. Not sure if it does cause issues but it could.
Another option is to use Wireguard. Set it up on the router for a just in case. InstantGuard also works well and you can have all three running at the same time.
Also, use a different port from the OVPN default.
 
Do you have compression enabled on the server (router OpenVPN setup)? If so, disable it as it has been depreciated in current clients. Not sure if it does cause issues but it could.
Another option is to use Wireguard. Set it up on the router for a just in case. InstantGuard also works well and you can have all three running at the same time.
Also, use a different port from the OVPN default.
Yes I disabled compression as I saw security related posts about it some time ago, I am using a non-standard port and have even tried both TCP and UDP, I will try wireguard if I get a chance, if it has the same capability of OpenVPN that would be great, as I primarily use it for getting onto the network from remote locations and working with files over shares etc. the one thing I have not done is a factory reset after all the firmware updates the router did then trying to reconfigure everything to see if it still has the issue. I'd love to know why OpenVPN is broken though as it worked so perfectly with the AC68U that I had.
 
Am currently 30 miles from home. Set up OpenVPN over a Wireguard connection then connected successfully over OpenVPN. Used custom port and disabled compression. Am using a Samsung tablet but am sure a laptop would have worked.
Use, a reset and configure may be in order. I have done that after the major firmware upgrade.
 
I don't know specifically what would cause the rebooting, but let's be clear here. WG only supports routed tunnels! But you've configured OpenVPN for *bridged* tunneling (TAP), which is very different from a routed tunnel (TUN). 99% of the time you want a routed, NOT bridged, tunnel. So if indeed you want/need a bridged tunnel, WG is NOT the answer. OTOH, if you really only need a routed tunnel, then convert the OpenVPN tunnel to routed (TUN) and see if that helps. A bridged OpenVPN tunnel assumes both sides of the connection are using the *same* IP network, and allows layer 2 (ethernet) traffic across the tunnel. That *might* lead to unexpected problems (e.g., DHCP requests accessing the wrong DHCP server), whereas a routed tunnel expects the two sides to be using *different* IP networks, w/ far fewer side-effects.
 
I don't know specifically what would cause the rebooting, but let's be clear here. WG only supports routed tunnels! But you've configured OpenVPN for *bridged* tunneling (TAP), which is very different from a routed tunnel (TUN). 99% of the time you want a routed, NOT bridged, tunnel. So if indeed you want/need a bridged tunnel, WG is NOT the answer. OTOH, if you really only need a routed tunnel, then convert the OpenVPN tunnel to routed (TUN) and see if that helps. A bridged OpenVPN tunnel assumes both sides of the connection are using the *same* IP network, and allows layer 2 (ethernet) traffic across the tunnel. That *might* lead to unexpected problems (e.g., DHCP requests accessing the wrong DHCP server), whereas a routed tunnel expects the two sides to be using *different* IP networks, w/ far fewer side-effects.
Do windows shares and network browsing work OK over a tunnel? for some reason that's why I thought I had done TAP to begin with. We have a network share that is mapped as a drive along with a networked printer , I also use RDP to connect to various machines within the network once connected over VPN. being able to go out on the web through the router is also handy when our main router is whitelisted for certain things. if this is possible over tunnel I will figure out how to make it happen.... I think that TAP might be the issue because the OpenVPN GUI doesn't even support TAP anymore, I have to use the other client that runs in the tray.
 
One of the things that won't work over a routed tunnel, but will work over a bridged tunnel, is network discovery. But that doesn't mean you can't still connect to those resources. Network discovery is usually just a convenience. You just have to reference the resources explicitly, either by DNS name or IP (e.g., \\192.168.1.100\someshare).
 
Last edited:
Hi @Engineer530 I'm the one that posted the previous thread from a year ago with the same exact issue. This is the link to the thread
Is that the one that you're referring to? I meant to follow up on the post, but I never did find a solution. I ended up having that client stop using the VPN because I couldn't leave the 2.4GHz radio disabled.

However, I just tried to use that same model router (RT-AX86U Pro) at another client's office last month, and it's doing the EXACT SAME THING! I had forgotten about this issue from a year ago, so when the router started rebooting randomly, I bought another brand new RT-AX86U Pro router from a different vendor. After setting it all up, it started doing the same thing. After hours of troubleshooting, I narrowed it down to when VPN clients were connecting. After searching online, I found my post from a year ago. I disabled the 2.4GHz radio and the problem went away. I've left it this way for over a month and no more router reboots. The problem now is that I have to turn on the 2.4GHz radio for some older IoT devices. But if I do, the VPN users will make the router randomly reboot when they connect.

There has to be some link between the 2.4GHz radio (or settings) and the VPN settings, but I don't know enough about the hardware or software to have any guesses. I also don't know if this is just a TAP VPN issue or if it affects TUN VPNs too because I have to use TAP VPNs for my users to access servers & devices on the remote network.

Extra Note: These RT-AX86U Pro routers that I was working with over the last month were to replace the RT-AX86U that was working perfectly for the last 2 years. The 2.4GHz radio was enabled the whole time, and I had 5+ VPN users connecting all day every day with no router reboots. So this only affects the RT-AX86U Pro, not the non-Pro version. Does that imply it's a hardware issue? I have tried multiple different firmware versions going back from a year ago all the way up to the newest firmware. I also did a physical button factory reset every time I upgraded the firmware, and then fully setup the WAN, LAN, WiFi and VPN again. Each time, the router starts having reboot issues when the 2.4GHz radio is enabled, but only when VPN users start connecting. If no one connects to the VPN, and the 2.4GHz radio is enabled, it stays up for days with no issues.

@RMerlin , any ideas? This issue can clearly be duplicated if I had the exact same issue on 3 different RT-AX86U Pro routers, all purchased at different times and places, and all with different firmware versions. But the RT-AX86U (non-pro version) does not have this issue.
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top