openvpn seems flakey

[Martineau]

if i'm understanding correctly that is for someone looking to connect to the transmission client on the router itself. i'm running openelec on a pc and have transmission running on it. so i need to bypass the vpn connection and come in through my non-vpn isp connection and then connect to port 9091 at 192.168.1.2. i really hope this is possible.

Apologies, I assumed you were exploiting the option of running Transmission directly on the router and needed to implement rules that are not available in the GUI.

So entering the port forward(s) on the Virtual Server/Port Fowarding tab doesn't work?

Regards,

 

[Noremacyug]

Apologies, I assumed you were exploiting the option of running Transmission directly on the router and needed to implement rules that are not available in the GUI.

So entering the port forward(s) on the Virtual Server/Port Fowarding tab doesn't work?

Regards,

unless i'm doing something completely wrong..... nope.

 

[RMerlin]

I configured a pppoe server on my LAN along with a router set to connect over PPPoE, and with a VPN client configured to start at lan, and so far I'm unable to reproduce the problem. Also, looking at the firmware code the VPN client is definitely connected only at the very end of the function that actually establish the WAN connection. The only theory I can have at this point is that even when the PPPoE session is established, some ISP might take a few seconds to be fully routing traffic.

One thing you could try is to connect to your VPN server using its IP rather than its hostname (since the first report mentioned an issue with resolving the server name).

I'll probably try inserting a delay just before starting the VPN clients in case that would be the case.

This issue sound oddly similar to what some users reported a year or two ago where their NTP client wouldn't always be able to update itself. After a while people stopped reporting this issue, and it just "faded away". I note that the ntp client gets restarted just before the VPN clients try to connect.

EDIT: there's already a delay of up to 10 secs in the code, where the router waits for the clock to get set (which means it waits for ntp to be able to resolve the ntp server name - which would confirm a working Internet connection). Therefore it's not a delay issue - something is just odd with your setup. I will need some log samples of the router completing its boot, establishing the PPPoE connection and then trying to connect the VPN clients, cause I can't see anything wrong with the current firmware code.

 

[RMerlin]

Does your DDNS also has trouble updating itself? That's another thing that gets updated right before ntp (and vpnclient connections).

 

[Noremacyug]

No trouble with the ddns that I've seen. I've actually wiped it out, reflashed but haven't yet set the vpn back up as I was just running the client software on my computers. I'll try to set it back up and see if it still behaves this way after the reflash. If so, I'll grab the logs for you.


Sent from my iPhone

 

[Noremacyug]

well, i just set the openvpn back up and rebooted the router to see what happened. the vpn connected just fine. something i did do different this time however was omitted a couple of entries that were in the setup for tomatoes openvpn guide for PIA. this is the link to the guide i used https://www.privateinternetaccess.com/pages/client-support/#tomato_openvpn

i omitted the

echo username >> /tmp/password.txt
echo password >> /tmp/password.txt

i saw no need for that since there is a entry field for this in the firmware. i also omitted the

persist-key
persist-tun
tls-client
auth-user-pass /tmp/password.txt
comp-lzo
verb 1
reneg-sec 0

the last part, I'm not sure of what all that does and would like your input merlin as to whether or not any of it is needed. everything looks good, but i will further test and see how it goes.

also merlin, can you tell me if there is a way to bypass my vpn on a per port basis? i would really like to bypass the vpn for a few ports for screen share, and perhaps the torrent webui, etc. i appreciate your help and responses in looking into this.

 

[RMerlin]

well, i just set the openvpn back up and rebooted the router to see what happened. the vpn connected just fine. something i did do different this time however was omitted a couple of entries that were in the setup for tomatoes openvpn guide for PIA. this is the link to the guide i used https://www.privateinternetaccess.com/pages/client-support/#tomato_openvpn

i omitted the

echo username >> /tmp/password.txt
echo password >> /tmp/password.txt

i saw no need for that since there is a entry field for this in the firmware. i also omitted the

persist-key
persist-tun
tls-client
auth-user-pass /tmp/password.txt
comp-lzo
verb 1
reneg-sec 0

the last part, I'm not sure of what all that does and would like your input merlin as to whether or not any of it is needed. everything looks good, but i will further test and see how it goes.

also merlin, can you tell me if there is a way to bypass my vpn on a per port basis? i would really like to bypass the vpn for a few ports for screen share, and perhaps the torrent webui, etc. i appreciate your help and responses in looking into this.

persist-key and persist-tun are already added by the firmware. auth-user-pass shouldn't be used since the router has its own user/pass management.

comp-lzo is handled by the webui.
verb is the logging verbosity - Asuswrt-Merlin defaults to "3". "1" would just make it generate fewer log entries.

reneg-sec is handled by the "TLS Renegotiation Time" webui setting.


For selective routing, check the numerous posts on this forum discussing how to do it. I never took a look at how it worked, so I don't know.

 

[Noremacyug]

Thanks Merlin. So far it seems to be doing ok.


Sent from my iPhone

 

[janosek]

OpenVPN client, PPPoE, AC56U, 374.41, selective routing

Hello,

Just had a very frustrating night. My dad has an AC56U that I got him. He has DSL. I updated his router to 374.41 this evening, but I could not get selective routing to work reliably like I can with my cable internet on my AC66U. I tried sleeps, using the wan-start script, starting the openvpn client at the end, nothing would work reliably to selectively route his PS3 and tablet. I do the exact thing on my cable setup. I was able to get it to work once or twice, but if I rebooted, every device would be routed through the VPN. Anyone else have issues with selectively routing with a DSL connection?