• SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

ipredator.se and OpenVPN client connects, but no internet

D

dyce1980

Occasional Visitor
I feel like a straight up noob after running around in circles for the past few hours trying to get this to work. I think I have read every single forum post on the topic and yet I'm still not any farther. Here's the issue:

I have an Asus RT-N66U with the latest Merlin build (says 270.25, but I flashed the 25b).

I want to set up a VPN connection as a client connecting to ipredator.se in the router. After some initial issues with the settings, I have figured out what to enter where and the router is connecting. Here's the log:

Mar 4 13:24:11 notify_rc : start_vpnclient1
Mar 4 13:24:11 kernel: tun: Universal TUN/TAP device driver, 1.6
Mar 4 13:24:11 kernel: tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
Mar 4 13:24:11 openvpn[4499]: OpenVPN 2.3.0 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar 3 2013
Mar 4 13:24:11 openvpn[4499]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mar 4 13:24:11 openvpn[4499]: Control Channel Authentication: tls-auth using INLINE static key file
Mar 4 13:24:11 openvpn[4499]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mar 4 13:24:11 openvpn[4499]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mar 4 13:24:11 openvpn[4499]: Socket Buffers: R=[114688->131072] S=[114688->131072]
Mar 4 13:24:11 openvpn[4501]: UDPv4 link local: [undef]
Mar 4 13:24:11 openvpn[4501]: UDPv4 link remote: [AF_INET]93.182.149.2:1194
Mar 4 13:24:11 openvpn[4501]: TLS: Initial packet from [AF_INET]93.182.149.2:1194, sid=e0545b2d 2053a238
Mar 4 13:24:11 openvpn[4501]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mar 4 13:24:11 openvpn[4501]: VERIFY OK: depth=1, C=SE, ST=Bryggland, L=Oeldal, O=Royal Swedish Beer Squadron, OU=Internetz, CN=Royal Swedish Beer Squadron CA, emailAddress=hostmaster@ipredator.se
Mar 4 13:24:11 openvpn[4501]: VERIFY OK: nsCertType=SERVER
Mar 4 13:24:11 openvpn[4501]: VERIFY OK: depth=0, C=SE, ST=Bryggland, L=Oeldal, O=Royal Swedish Beer Squadron, OU=Internetz, CN=pw.openvpn.ipredator.se, emailAddress=hostmaster@ipredator.se
Mar 4 13:24:12 openvpn[4501]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mar 4 13:24:12 openvpn[4501]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mar 4 13:24:12 openvpn[4501]: Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mar 4 13:24:12 openvpn[4501]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mar 4 13:24:12 openvpn[4501]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Mar 4 13:24:12 openvpn[4501]: [pw.openvpn.ipredator.se] Peer Connection Initiated with [AF_INET]93.182.149.2:1194
Mar 4 13:24:14 openvpn[4501]: SENT CONTROL [pw.openvpn.ipredator.se]: 'PUSH_REQUEST' (status=1)
Mar 4 13:24:14 openvpn[4501]: PUSH: Received control message: 'PUSH_REPLY,route 93.182.149.2 255.255.255.255 net_gateway,route-gateway 93.182.149.1,redirect-gateway def1,topology subnet,dhcp-option DOMAIN ipredator.se,dhcp-option DNS 93.182.132.32,dhcp-option DNS 93.182.182.93,ip-win32 dynamic,ping 10,ping-restart 60,ifconfig 93.182.149.105 255.255.255.128'
Mar 4 13:24:14 openvpn[4501]: Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:8: ip-win32 (2.3.0)
Mar 4 13:24:14 openvpn[4501]: OPTIONS IMPORT: timers and/or timeouts modified
Mar 4 13:24:14 openvpn[4501]: OPTIONS IMPORT: --ifconfig/up options modified
Mar 4 13:24:14 openvpn[4501]: OPTIONS IMPORT: route options modified
Mar 4 13:24:14 openvpn[4501]: OPTIONS IMPORT: route-related options modified
Mar 4 13:24:14 openvpn[4501]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mar 4 13:24:14 openvpn[4501]: WARNING: potential conflict between --remote address [93.182.149.2] and --ifconfig address pair [93.182.149.105, 255.255.255.128] -- this is a warning only that is triggered when local/remote addresses exist within the same /24 subnet as --ifconfig endpoints. (silence this warning with --ifconfig-nowarn)
Mar 4 13:24:14 openvpn[4501]: TUN/TAP device tun0 opened
Mar 4 13:24:14 openvpn[4501]: TUN/TAP TX queue length set to 100
Mar 4 13:24:14 openvpn[4501]: /sbin/route add -net 93.182.149.2 netmask 255.255.255.255 gw 62.214.64.181
Mar 4 13:24:14 openvpn[4501]: /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 93.182.149.1
Mar 4 13:24:14 openvpn[4501]: /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 93.182.149.1
Mar 4 13:24:14 openvpn[4501]: /sbin/route add -net 93.182.149.2 netmask 255.255.255.255 gw 62.214.64.181
Mar 4 13:24:14 openvpn[4501]: ERROR: Linux route add command failed: external program exited with error status: 1
Mar 4 13:24:14 openvpn[4501]: Initialization Sequence Completed
Mar 4 13:24:19 openvpn[4501]: event_wait : Interrupted system call (code=4)
Mar 4 13:24:19 openvpn[4501]: OpenVPN STATISTICS
Mar 4 13:24:19 openvpn[4501]: Updated,Mon Mar 4 13:24:19 2013
Mar 4 13:24:19 openvpn[4501]: TUN/TAP read bytes,5058
Mar 4 13:24:19 openvpn[4501]: TUN/TAP write bytes,173
Mar 4 13:24:19 openvpn[4501]: TCP/UDP read bytes,7010
Mar 4 13:24:19 openvpn[4501]: TCP/UDP write bytes,8823
Mar 4 13:24:19 openvpn[4501]: Auth read bytes,173
Mar 4 13:24:19 openvpn[4501]: pre-compress bytes,3906
Mar 4 13:24:19 openvpn[4501]: post-compress bytes,3846
Mar 4 13:24:27 openvpn[4501]: event_wait : Interrupted system call (code=4)
Mar 4 13:24:27 openvpn[4501]: OpenVPN STATISTICS
Mar 4 13:24:27 openvpn[4501]: Updated,Mon Mar 4 13:24:27 2013
Mar 4 13:24:27 openvpn[4501]: TUN/TAP read bytes,7768
Mar 4 13:24:27 openvpn[4501]: TUN/TAP write bytes,1259
Mar 4 13:24:27 openvpn[4501]: TCP/UDP read bytes,8490
Mar 4 13:24:27 openvpn[4501]: TCP/UDP write bytes,11670
Mar 4 13:24:27 openvpn[4501]: Auth read bytes,1259
Mar 4 13:24:27 openvpn[4501]: pre-compress bytes,3906
Mar 4 13:24:27 openvpn[4501]: post-compress bytes,3846
Mar 4 13:24:30 openvpn[4501]: event_wait : Interrupted system call (code=4)
Mar 4 13:24:30 openvpn[4501]: OpenVPN STATISTICS
Mar 4 13:24:30 openvpn[4501]: Updated,Mon Mar 4 13:24:30 2013
Mar 4 13:24:30 openvpn[4501]: TUN/TAP read bytes,17419
Mar 4 13:24:30 openvpn[4501]: TUN/TAP write bytes,1259
Mar 4 13:24:30 openvpn[4501]: TCP/UDP read bytes,8490
Mar 4 13:24:30 openvpn[4501]: TCP/UDP write bytes,21848
Mar 4 13:24:30 openvpn[4501]: Auth read bytes,1259
Mar 4 13:24:30 openvpn[4501]: pre-compress bytes,3906
Mar 4 13:24:30 openvpn[4501]: post-compress bytes,3846
Mar 4 13:24:47 openvpn[4501]: event_wait : Interrupted system call (code=4)
Mar 4 13:24:47 openvpn[4501]: OpenVPN STATISTICS
Mar 4 13:24:47 openvpn[4501]: Updated,Mon Mar 4 13:24:47 2013
Mar 4 13:24:47 openvpn[4501]: TUN/TAP read bytes,21532
Mar 4 13:24:47 openvpn[4501]: TUN/TAP write bytes,1765
Mar 4 13:24:47 openvpn[4501]: TCP/UDP read bytes,9187
Mar 4 13:24:47 openvpn[4501]: TCP/UDP write bytes,26940
Mar 4 13:24:47 openvpn[4501]: Auth read bytes,1765
Mar 4 13:24:47 openvpn[4501]: pre-compress bytes,3906
Mar 4 13:24:47 openvpn[4501]: post-compress bytes,3846
Mar 4 13:24:56 openvpn[4501]: event_wait : Interrupted system call (code=4)
Mar 4 13:24:56 openvpn[4501]: OpenVPN STATISTICS
Mar 4 13:24:56 openvpn[4501]: Updated,Mon Mar 4 13:24:56 2013
Mar 4 13:24:56 openvpn[4501]: TUN/TAP read bytes,21573
Mar 4 13:24:56 openvpn[4501]: TUN/TAP write bytes,1853
Mar 4 13:24:56 openvpn[4501]: TCP/UDP read bytes,9389
Mar 4 13:24:56 openvpn[4501]: TCP/UDP write bytes,27025
Mar 4 13:24:56 openvpn[4501]: Auth read bytes,1853
Mar 4 13:24:56 openvpn[4501]: pre-compress bytes,3906
Mar 4 13:24:56 openvpn[4501]: post-compress bytes,3846

The only problem is that with the VPN connected, I cannot access the internet using any of my devices, neither wired nor wireless. I have tried everything I can think of: firewall on/off, playing with the NAT settings, restarting devices, etc., but nothing seems to work. Is there some setting I'm missing or anything in my log that points to an error? Sorry if the answer is obvious but many many people seem to have this issue but I haven't been able to find a definitive answer anywhere.
 
The tunnel seems to be connecting just fine. Test it out from the router's ssh prompt:

Code: 
traceroute 8.8.8.8

See if it goes through the VPN provider's network, or through your ISP.

If that works, try again from your PC.
 
Hey Merlin, thanks for replying! As an aside just wanted to note that I really like the other added features and the stability your build brings. My connection seems snappier since I've had it flashed, so thanks for that!

Now to the problem at hand...

Did as you said, here's the result from the router:
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 38 byte packets
1 anon-163-168.vpn.ipredator.se (93.182.163.168) 40.442 ms 40.255 ms 40.706 ms
2 anon-139-1.vpn.ipredator.se (93.182.139.1) 40.951 ms 39.971 ms 41.176 ms
3 te-3-4-2000-viae.mal1.se.portlane.net (80.67.1.9) 41.717 ms 40.068 ms 41.213 ms
4 te-2-1.ams1.nl.portlane.net (80.67.4.135) 51.797 ms 51.874 ms 52.345 ms
5 core1.ams.net.google.com (195.69.144.247) 63.373 ms 62.219 ms 59.418 ms
6 209.85.248.118 (209.85.248.118) 51.555 ms 209.85.248.116 (209.85.248.116) 51.446 ms 51.670 ms
7 209.85.255.70 (209.85.255.70) 52.793 ms 52.797 ms 209.85.255.72 (209.85.255.72) 52.195 ms
8 216.239.49.28 (216.239.49.28) 55.434 ms 216.239.49.30 (216.239.49.30) 57.788 ms 216.239.49.38 (216.239.49.38) 55.671 ms
9 * * *
10 google-public-dns-a.google.com (8.8.8.8) 55.534 ms 54.773 ms 55.999 ms

Doing the same from a client PC simply times out. So the router is definitely connected properly and passing data to the VPN, just not internally to my LAN. I am still stumped.
 
dyce1980 said:
Hey Merlin, thanks for replying! As an aside just wanted to note that I really like the other added features and the stability your build brings. My connection seems snappier since I've had it flashed, so thanks for that!

Now to the problem at hand...

Did as you said, here's the result from the router:
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 38 byte packets
1 anon-163-168.vpn.ipredator.se (93.182.163.168) 40.442 ms 40.255 ms 40.706 ms
2 anon-139-1.vpn.ipredator.se (93.182.139.1) 40.951 ms 39.971 ms 41.176 ms
3 te-3-4-2000-viae.mal1.se.portlane.net (80.67.1.9) 41.717 ms 40.068 ms 41.213 ms
4 te-2-1.ams1.nl.portlane.net (80.67.4.135) 51.797 ms 51.874 ms 52.345 ms
5 core1.ams.net.google.com (195.69.144.247) 63.373 ms 62.219 ms 59.418 ms
6 209.85.248.118 (209.85.248.118) 51.555 ms 209.85.248.116 (209.85.248.116) 51.446 ms 51.670 ms
7 209.85.255.70 (209.85.255.70) 52.793 ms 52.797 ms 209.85.255.72 (209.85.255.72) 52.195 ms
8 216.239.49.28 (216.239.49.28) 55.434 ms 216.239.49.30 (216.239.49.30) 57.788 ms 216.239.49.38 (216.239.49.38) 55.671 ms
9 * * *
10 google-public-dns-a.google.com (8.8.8.8) 55.534 ms 54.773 ms 55.999 ms

Doing the same from a client PC simply times out. So the router is definitely connected properly and passing data to the VPN, just not internally to my LAN. I am still stumped.
Click to expand...

Make sure you did flash 25b - the symptoms you report are similar to those that happened in build 25. If you run "uname -a" over SSH, it should give you a March 3rd date.
 
This is what I got:
Linux RT-N66U 2.6.22.19 #1 Sun Mar 3 13:47:06 EST 2013 mips GNU/Linux

Should I try reflashing?

And are there any NAT-related, DHCP-related, or otherwise setting-related aspects I should be considering?
 
dyce1980 said:
This is what I got:
Linux RT-N66U 2.6.22.19 #1 Sun Mar 3 13:47:06 EST 2013 mips GNU/Linux

Should I try reflashing?

And are there any NAT-related, DHCP-related, or otherwise setting-related aspects I should be considering?
Click to expand...

I'm not very familiar with the use of the OpenVPN client to connect to a tunnel provider, sorry. I only did a basic test here using a free account to troubleshoot the routing issue from build 25.

Everything that needs configuring should be on the OpenVPN client page. Just make sure you did keep NAT and Firewall enabled.

Reflashing rarely resolves anything - if it's running without crashing, then it's flashed correctly.

As a troubleshooting aid, you can try this. Run this through SSH:

Code: 
iptables -A FORWARD -j logaccept

Now try again a traceroute from your PC. Afterward, check the system log:

Code: 
tail /tmp/syslog.log

Do you see any ACCEPT log entries? If yes, then it means the firewall is preventing you from routing through your tunnel for some reason. I'll need those log entry to have a better idea.
 
"iptables -A FORWARD -j logaccept" as one command did not do anything - the screen just flashed and there was nothing in the box below...
 
dyce1980 said:
"iptables -A FORWARD -j logaccept" as one command did not do anything - the screen just flashed and there was nothing in the box below...
Click to expand...

That's normal.

What it did is insert a new firewall rule that will log all packets that are usually rejected by the FORWARD chain. The rule will remain in place until you restart the router, or its firewall. We want to see if the FORWARD chain is dropping your traffic, and if so what is the actual traffic that gets dropped.
 
Ok, well I tried running another tracert and it once again went through 30 hops with 1 connection to asusnetwork.net and 29 time outs.

The log looks normal, with OpenVPN STATISTICS, and then this:

[pw.openvpn.ipredator.se] Inactivity timeout (--ping-restart), restarting
Mar 4 19:55:30 openvpn[6373]: SIGUSR1[soft,ping-restart] received, process restarting
Mar 4 19:55:30 openvpn[6373]: Restart pause, 2 second(s)
Mar 4 19:55:32 openvpn[6373]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mar 4 19:55:32 openvpn[6373]: Socket Buffers: R=[114688->131072] S=[114688->131072]
Mar 4 19:55:32 openvpn[6373]: UDPv4 link local: [undef]
Mar 4 19:55:32 openvpn[6373]: UDPv4 link remote: [AF_INET]93.182.163.130:1194

Not sure if that's anything of interest...

But no ACCEPT entries to be seen.
 
dyce1980 said:
Ok, well I tried running another tracert and it once again went through 30 hops with 1 connection to asusnetwork.net and 29 time outs.

The log looks normal, with OpenVPN STATISTICS, and then this:

[pw.openvpn.ipredator.se] Inactivity timeout (--ping-restart), restarting
Mar 4 19:55:30 openvpn[6373]: SIGUSR1[soft,ping-restart] received, process restarting
Mar 4 19:55:30 openvpn[6373]: Restart pause, 2 second(s)
Mar 4 19:55:32 openvpn[6373]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mar 4 19:55:32 openvpn[6373]: Socket Buffers: R=[114688->131072] S=[114688->131072]
Mar 4 19:55:32 openvpn[6373]: UDPv4 link local: [undef]
Mar 4 19:55:32 openvpn[6373]: UDPv4 link remote: [AF_INET]93.182.163.130:1194

Not sure if that's anything of interest...

But no ACCEPT entries to be seen.
Click to expand...

Then it means the issue is elsewhere, and not with the router's firewall.

Try disabling any firewall/security software running on your computer to ensure it's not responsible for preventing access to the VPN. Also, try setting the Accept DNS Configuration to "Exclusive", and restart your tunnel. Make sure your PC is using your router's DNS and not a manually configured DNS.

At this point, I suspect it's more a configuration issue than a firmware bug. Someone else using the same tunnel provider as you might have more suggestions.
 
Hi Merlin,

so I activated logging of all packets using the dropdown menu and got this:
Mar 4 20:44:33 kernel: DROP <4>DROPIN=tun0 OUT= MAC= <1>SRC=77.56.102.137 DST=93.182.148.11 <1>LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=47455 DF PROTO=TCP <1>SPT=50515 DPT=16673 SEQ=1216247967 ACK=0 WINDOW=7300 RES=0x00 SYN URGP=0 OPT (020405480402080AB59AC1C00000000001030300)
Mar 4 20:44:34 kernel: DROP <4>DROPIN=tun0 OUT= MAC= <1>SRC=77.56.102.137 DST=93.182.148.11 <1>LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=47456 DF PROTO=TCP <1>SPT=50515 DPT=16673 SEQ=1216247967 ACK=0 WINDOW=7300 RES=0x00 SYN URGP=0 OPT (020405480402080AB59AC5AA0000000001030300)
Mar 4 20:44:36 kernel: DROP <4>DROPIN=tun0 OUT= MAC= <1>SRC=77.56.102.137 DST=93.182.148.11 <1>LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=47457 DF PROTO=TCP <1>SPT=50515 DPT=16673 SEQ=1216247967 ACK=0 WINDOW=7300 RES=0x00 SYN URGP=0 OPT (020405480402080AB59ACD800000000001030300)
Mar 4 20:44:39 kernel: DROP <4>DROPIN=tun0 OUT= MAC= <1>SRC=78.25.185.58 DST=93.182.148.11 <1>LEN=48 TOS=0x00 PREC=0x00 TTL=118 ID=5510 DF PROTO=TCP <1>SPT=61903 DPT=37472 SEQ=3753030100 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (0204054801010402)
Mar 4 20:44:40 kernel: DROP <4>DROPIN=tun0 OUT= MAC= <1>SRC=77.56.102.137 DST=93.182.148.11 <1>LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=47458 DF PROTO=TCP <1>SPT=50515 DPT=16673 SEQ=1216247967 ACK=0 WINDOW=7300 RES=0x00 SYN URGP=0 OPT (020405480402080AB59ADD280000000001030300)
Mar 4 20:44:40 dnsmasq-dhcp[1332]: DHCPREQUEST(br0) 192.168.1.110 d8:d1:cb:cf:db:74
Mar 4 20:44:40 dnsmasq-dhcp[1332]: DHCPACK(br0) 192.168.1.110 d8:d1:cb:cf:db:74
Mar 4 20:44:42 kernel: DROP <4>DROPIN=tun0 OUT= MAC= <1>SRC=78.25.185.58 DST=93.182.148.11 <1>LEN=48 TOS=0x00 PREC=0x00 TTL=118 ID=5659 DF PROTO=TCP <1>SPT=61903 DPT=37472 SEQ=3753030100 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (0204054801010402)
Mar 4 20:44:48 kernel: DROP <4>DROPIN=tun0 OUT= MAC= <1>SRC=77.56.102.137 DST=93.182.148.11 <1>LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=47459 DF PROTO=TCP <1>SPT=50515 DPT=16673 SEQ=1216247967 ACK=0 WINDOW=7300 RES=0x00 SYN URGP=0 OPT (020405480402080AB59AFC800000000001030300)
Mar 4 20:44:48 kernel: DROP <4>DROPIN=tun0 OUT= MAC= <1>SRC=78.25.185.58 DST=93.182.148.11 <1>LEN=48 TOS=0x00 PREC=0x00 TTL=118 ID=5928 DF PROTO=TCP <1>SPT=61903 DPT=37472 SEQ=3753030100 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (0204054801010402)
Mar 4 20:45:51 kernel: DROP <4>DROPIN=tun0 OUT= MAC= <1>SRC=81.231.74.173 DST=93.182.148.11 <1>LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=61063 DF PROTO=TCP <1>SPT=56972 DPT=40370 SEQ=1826479735 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405480402080A009030F00000000001030309)
Mar 4 20:45:51 kernel: DROP <4>DROPIN=tun0 OUT= MAC= <1>SRC=88.212.37.185 DST=93.182.148.11 <1>LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=10907 DF PROTO=TCP <1>SPT=64102 DPT=10290 SEQ=3001023457 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (020405480103030201010402)
Mar 4 20:45:54 kernel: DROP <4>DROPIN=tun0 OUT= MAC= <1>SRC=81.231.74.173 DST=93.182.148.11 <1>LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=61064 DF PROTO=TCP <1>SPT=56972 DPT=40370 SEQ=1826479735 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405480402080A0090321C0000000001030309)
Mar 4 20:45:54 kernel: DROP <4>DROPIN=tun0 OUT= MAC= <1>SRC=88.212.37.185 DST=93.182.148.11 <1>LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=10977 DF PROTO=TCP <1>SPT=64102 DPT=10290 SEQ=3001023457 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (020405480103030201010402)
Mar 4 20:46:00 kernel: DROP <4>DROPIN=tun0 OUT= MAC= <1>SRC=81.231.74.173 DST=93.182.148.11 <1>LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=61065 DF PROTO=TCP <1>SPT=63200 DPT=40370 SEQ=1826479735 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405480402080A009034740000000001030309)
Mar 4 20:46:00 kernel: DROP <4>DROPIN=tun0 OUT= MAC= <1>SRC=88.212.37.185 DST=93.182.148.11 <1>LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=11140 DF PROTO=TCP <1>SPT=64102 DPT=10290 SEQ=3001023457 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (0204054801010402)
Mar 4 20:46:12 kernel: DROP <4>DROPIN=tun0 OUT= MAC= <1>SRC=81.231.74.173 DST=93.182.148.11 <1>LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=15781 DF PROTO=TCP <1>SPT=55650 DPT=40370 SEQ=2162689153 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405480402080A009039240000000001030309)
Mar 4 20:46:15 kernel: DROP <4>DROPIN=tun0 OUT= MAC= <1>SRC=81.231.74.173 DST=93.182.148.11 <1>LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=15782 DF PROTO=TCP <1>SPT=55650 DPT=40370 SEQ=2162689153 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405480402080A00903A500000000001030309)

It's all Greek to me so not sure if DROPIN means anything important.

I have tried disabling both router-side and client-side firewalls and AV software to no avail. Also tried changing the DNS Config setting, also no change. So I'm stumped. I'm going to try using the client software and see if I can at least connect that way. But if you have any other good ideas, I'm all ears.

P.S. In the meantime I'm going to find another VPN service that I can use as Client 2 for testing purposes.
 
Last edited:
I see your tunnel is set on tun0, which is wrong. The firmware should use tun11 for a client VPN.

If you entered any custom config entry for your OpenVPN client then remove anything that sets the tunnel interface name, and let the firmware manage that bit automatically. That way it will use the tun11 interface name that it's supposed to.
 
EUREKA! That was it! After removing "dev tun0" from the custom config, all clients are now connecting over the VPN! Thank you Merlin for saving the day and for this incredible CFW!
 
dyce1980 said:
EUREKA! That was it! After removing "dev tun0" from the custom config, all clients are now connecting over the VPN! Thank you Merlin for saving the day and for this incredible CFW!
Click to expand...

Any chance you could post all the options, custom config & certs you used? I can't even get mine to connect AT ALL
 
You must log in or register to reply here.

Similar threads

D
RT-AX88U losing WIFI
2 3
Replies
41
Views
4K
ciprian.trofin
C
gallahermike
GT-BE98 Pro and OpenVPN problem
Replies
7
Views
1K
gallahermike
gallahermike
K
Dropouts on ASUS RT-AX86U
Replies
5
Views
542
kram66
K
A
Devices connect to my openvpn server correctly but no traffic from server to client
Replies
6
Views
2K
ragtap
R
W
RT-AX86U wifi capping out 300mb below max speed
2
Replies
31
Views
5K
dlandiss
dlandiss
Similar threads
Thread starter Title Forum Replies Date
Harry Azcrac ASUS Merlin on RT-AC86U OpenVPN Server not blocking IP when a client connects Asuswrt-Merlin 2
outlaw78 OpenVPN Setting Merlin AXE-16000 Asuswrt-Merlin 1
F OpenVPN Server - Client speeds seem capped at 20mbps?? Asuswrt-Merlin 3
Viktor Jaep OpenVPN Client Connection through existing OpenVPN Router Connection causes DISCONNECT Asuswrt-Merlin 29
M 2 separate clients on OpenVPN server Asuswrt-Merlin 4
D Solved Openvpn client dns Asuswrt-Merlin 2
D WireGuard removing OpenVPN on ASUS Routers ? Asuswrt-Merlin 2
T [Help] Problems setting up OpenVPN Asuswrt-Merlin 7
N dedicated router for OpenVPN Asuswrt-Merlin 4
N Solved OpenVPN Server split tunnell config Asuswrt-Merlin 5

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 427 (members: 21, guests: 406)
Top