What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

OpenVPN Client Connection through existing OpenVPN Router Connection causes DISCONNECT

Viktor Jaep

Viktor Jaep

Part of the Furniture
Wanted to please get your feedback to understand why I encounter this particular behavior:

Setup:
- Router is connected to OpenVPN provider, routing inbound/outbound internet traffic for entire household on the "Home LAN".
- Laptop (on the "Home LAN") is attempting to make another OpenVPN connection to a different OpenVPN provider, while from within the household network

Diagram:
Internet <--> VPN Provider <--> VPN tunnel/Internet <--> Router (OpenVPN) <--> Home LAN (all traffic routed through VPN) <--> Laptop w/ Separate OpenVPN Client

Problem:
If I initiate a separate OpenVPN connection (to a completely different VPN provider) from my laptop while on the Home LAN, which is already being tunneled through an existing OpenVPN connection established by the router, then the VPN connection on the router will frequently break and disconnect. I'd say it does this about 75% of the time. The other 25% of the time, the VPN tunnel established by the router will hold, while my laptop creates another OpenVPN tunnel through it, to a different VPN provider.

Question:
I'd love to understand (or get your opinion) as to why the VPN tunnel that was established by the router breaks when introducing another OpenVPN tunnel through it. Is there some sort of event or handshake that occurs that might be bleeding over to the main OpenVPN connection that causes it to think the connection was interrupted? If that's the case, then why is it that it can maintain a connection (at times), and am successfully running an OpenVPN tunnel through an existing OpenVPN tunnel that is being maintained by the router itself?

This is one of those things that has been nagging me for years... and would love to get some closure before 2025 starts. ;)
 
Last edited:
Okay, something is not right. I feel bad for you, Mr. Jaep. I understand people not responding to my posts, but they should respond to your posts! ;)
 
Justinh said:
Okay, something is not right. I feel bad for you, Mr. Jaep. I understand people not responding to my posts, but they should respond to your posts! ;)
Click to expand...
I don't think (or hope) it has anything to do with who is asking the question. I would guess simply no one has any more information.

I read through the post when it got posted, thougerly, yet I come up with nothing. It, somehow, seems unlikely to have anything to do with the router... yet still...
 
Yeah, I figured I'm just an outlier when it came to this problem. Perhaps someone in a few years will stumble upon this thread themselves, and at least validate that they are seeing the same issue. ;)

***BUT*** if this does turn out to be an actual Asus/Merlin bug, I want me a friggen MERLIN bug bounty shirt(tm)! :)
 
Last edited:
Sensing CatnipVPN...

200w.gif


🤣
 
Viktor Jaep said:
I'd love to understand (or get your opinion) as to why the VPN tunnel that was established by the router breaks when introducing another OpenVPN tunnel through it. Is there some sort of event or handshake that occurs that might be bleeding over to the main OpenVPN connection that causes it to think the connection was interrupted?
Click to expand...
Well, here is atleast some followup questions that may or may not lead somewhere

1. You say it's a different vpn provider but are you sure they don't share servers?
2. Have you tried different openvpn client software on your computer?
3. Have you tried disabling UPnP IGD & PCP/NAT-PMP on router? Longshot maybe but only thing I could think of that may affect router from lan.
 
ZebMcKayhan said:
Well, here is atleast some followup questions that may or may not lead somewhere

1. You say it's a different vpn provider but are you sure they don't share servers?
Click to expand...
Pretty sure they don't. One is NordVPN (router), the other is AirVPN (laptop).
ZebMcKayhan said:
2. Have you tried different openvpn client software on your computer?
Click to expand...
I've only been using the official Windows client for AirVPN that I got off their site... I guess I could try to see if it would work with the standard OpenVPN Windows client. Good call - I'll give this a try next. The only downside is that I'd need to download configs for specific servers to connect to, instead of picking one from the list within the AirVPN client... but it's worth a try.
ZebMcKayhan said:
3. Have you tried disabling UPnP IGD & PCP/NAT-PMP on router? Longshot maybe but only thing I could think of that may affect router from lan.
Click to expand...
These settings have been disabled forever ago.

rung said:
Is it possible that your VPN provider doesn't like you using the competition? Maybe you need to think of them as a country censor and look into attemping to obfuscate your inner vpn channel?

https://techrobot.com/vpn-obfuscated-servers/
Click to expand...
This thought had crossed my mind too... what if they detected it hitting a competitor's VPN server, and issue a kill on the connection. But you'd think they'd get it right every time, not just 75% of the time.

Thanks for the suggestions, @ZebMcKayhan & @rung
 
Or it's the NSA shutting it down for bouncing through too many VPNs at once.
[Removing tinfoil hat]
 
Viktor Jaep said:
Wanted to please get your feedback to understand why I encounter this particular behavior:

Setup:
- Router is connected to OpenVPN provider, routing inbound/outbound internet traffic for entire household on the "Home LAN".
- Laptop (on the "Home LAN") is attempting to make another OpenVPN connection to a different OpenVPN provider, while from within the household network

Diagram:
Internet <--> VPN Provider <--> VPN tunnel/Internet <--> Router (OpenVPN) <--> Home LAN (all traffic routed through VPN) <--> Laptop w/ Separate OpenVPN Client

Problem:
If I initiate a separate OpenVPN connection (to a completely different VPN provider) from my laptop while on the Home LAN, which is already being tunneled through an existing OpenVPN connection established by the router, then the VPN connection on the router will frequently break and disconnect. I'd say it does this about 75% of the time. The other 25% of the time, the VPN tunnel established by the router will hold, while my laptop creates another OpenVPN tunnel through it, to a different VPN provider.

Question:
I'd love to understand (or get your opinion) as to why the VPN tunnel that was established by the router breaks when introducing another OpenVPN tunnel through it. Is there some sort of event or handshake that occurs that might be bleeding over to the main OpenVPN connection that causes it to think the connection was interrupted? If that's the case, then why is it that it can maintain a connection (at times), and am successfully running an OpenVPN tunnel through an existing OpenVPN tunnel that is being maintained by the router itself?

This is one of those things that has been nagging me for years... and would love to get some closure before 2025 starts. ;)
Click to expand...
I have noticed the same issue. In my case I would reverse the percentages and say that 75% of the time it works but not always. Unfortunately haven't done a lot testing to isolate why it doesn't always work.
 
CaptainSTX said:
I have noticed the same issue. In my case I would reverse the percentages and say that 75% of the time it works but not always. Unfortunately haven't done a lot testing to isolate why it doesn't always work.
Click to expand...
Thanks for helping put a second set of eyes on this and confirming my hypothesis/problem statement! Perhaps an official MERLIN Bug Bounty Shirt(tm) will be coming your way as well! :p
 
You have 4 days and few hours to solve the problem. ⏰
 
Tech9 said:
You have 4 days and few hours to solve the problem. ⏰
Click to expand...
Didn't realize this turned into an episode of "Mission Impossible". Lol
 
Viktor Jaep said:
Thanks for helping put a second set of eyes on this and confirming my hypothesis/problem statement! Perhaps an official MERLIN Bug Bounty Shirt(tm) will be coming your way as well! :p
Click to expand...
My unscientific opinion is that some VPN providers block a double VPN on their service. Currently I'm using Strong and I don't seem to have issues though I do try to avoid a double VPN connection.
 
Keep in mind that when encapsulating a packet within a packet, the max packet size of the inner one will have to be smaller. So, the inner tunnel might need to have a smaller MTU configured for it.
 
RMerlin said:
Keep in mind that when encapsulating a packet within a packet, the max packet size of the inner one will have to be smaller. So, the inner tunnel might need to have a smaller MTU configured for it.
Click to expand...
Checked into this... the VPN running on the router going to Nord is 1500. The AirVPN MTU is set to 1320 by default. So that seems to check out.
 
Viktor Jaep said:
Checked into this... the VPN running on the router going to Nord is 1500. The AirVPN MTU is set to 1320 by default. So that seems to check out.
Click to expand...
The Nord tunnel might be fragmented since your WAN MTU is also 1500. Try reducing that tunnel to 1420.
 
Viktor Jaep said:
Checked into this... the VPN running on the router going to Nord is 1500. The AirVPN MTU is set to 1320 by default. So that seems to check out.
Click to expand...
Regardless of what's happening with the laptop's AirVPN connection as far as the router is concerned it's just regular (UDP?) network traffic. It makes no difference that your laptop is using it for VPN, it could be being used for anything. So I can't see why (only) that would cause your router's VPN to break. The first step would be to examine the router's syslog to determine the reason why the VPN terminated.

P.S. Yes, MTU is the most obvious thing to look at (e.g. tun-mtu 1420). You could also try switching the VPN's to TCP instead of UDP. That should be more resilient albeit at the cost of performance.
 
Last edited:
You must log in or register to reply here.

Similar threads

Z
Nord VPN and DNS Configuration options
Replies
2
Views
399
zillah
Z
S
No internet for router clients (OpenVPN + stunnel)
Replies
6
Views
461
santer_av
S
TheLyppardMan
Problem getting WireGuard to work on my Windows laptop
Replies
5
Views
279
TheLyppardMan
TheLyppardMan
N
dedicated router for OpenVPN
Replies
4
Views
572
eibgrad
eibgrad
G
Using VPN Director to route only torrent traffic through VPN
Replies
9
Views
1K
goldnet
G
Similar threads
Thread starter Title Forum Replies Date
R OpenVPN client can't connect to local resources over port 80/443, but can ping them by IP Asuswrt-Merlin 6
Harry Azcrac ASUS Merlin on RT-AC86U OpenVPN Server not blocking IP when a client connects Asuswrt-Merlin 2
F OpenVPN Server - Client speeds seem capped at 20mbps?? Asuswrt-Merlin 2
D Solved Openvpn client dns Asuswrt-Merlin 2
H Extremely low speed on ac86u with openvpn client Asuswrt-Merlin 7
eibgrad OpenVPN Client: mishandled route directives Asuswrt-Merlin 7
C Failover with OpenVPN Asuswrt-Merlin 5
R AC68U - can't set up OpenVPN Asuswrt-Merlin 3
J RT-AC88U drops the OpenVPN inbound ACCEPT iptables rule after a time Asuswrt-Merlin 14
S No internet for router clients (OpenVPN + stunnel) Asuswrt-Merlin 6

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 502 (members: 18, guests: 484)
Back
Top