What's new

OpenVPN server no longer working since 380.65

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Schmo

New Around Here
As the title says my OpenVPN server has stopped working since the upgrade to my RC68u. I have made the jump to 380.65_2, created a new server and performed numerous reboots but nothing works. I constantly see "Initialinzing the settings of OpenVPN server now, please wait a few minutes to let the server to setup completed before VPN clients establish the connection." along with the spinning wheel.

Does anyone have any ideas or has anyone else experienced this issue?

Thanks!
 
I had similar problems when I first setup OpenVPN on my RT-AC56R. I had some the settings wrong. Just recheck EVERY setting, don't just assume that you got it correct the first time like I did. Ask your VPN provider, they may have made some changes on their side.
 
I had similar problems when I first setup OpenVPN on my RT-AC56R. I had some the settings wrong. Just recheck EVERY setting, don't just assume that you got it correct the first time like I did. Ask your VPN provider, they may have made some changes on their side.

I don't have a VPN provider. I am running the server from my own router so that I can be secure when out and about. The issue is the server in the router isn't initializing.


Sent from my iPhone using Tapatalk
 
How long have you waited? Depending on your settings it might be taking awhile longer to generate the certs. Also might want to set it back to defaults.
 
Try setting the OpenVPN settings back to default. What firmware version did you upgrade from previously and did you do a factory default reset and manual settings update / or John's NVRAM tool?
 
Try setting the OpenVPN settings back to default. What firmware version did you upgrade from previously and did you do a factory default reset and manual settings update / or John's NVRAM tool?

I figured it out but to answer your questions, I upgrade pretty religiously so whatever the previous non beta release was. I did not do a factory default or the NVRAM tool.

I set the server back to default and it initialized. I started changing one setting at a time until it broke. I had a push route command that was causing the issue. I don't recall now why it was there but everything is working as it should now so life is good.

Thanks for the help.


Sent from my iPhone using Tapatalk
 
Glad you got it figured out. There were major changes to the OpenVPN stuff so I had done a factory default reset and imported my settings again via John's tool so didn't run into issues with the server side.
 
The change I found with OpenVPN Server 2.4 is I must specify compression. I selected LZ4. Previously, I had it set to None.
 
The change I found with OpenVPN Server 2.4 is I must specify compression. I selected LZ4. Previously, I had it set to None.

Could you share your experience after enabling LZ4? I mean performance. I am using OpenVPN Server 2.3 on my RT-N66U with LZO compression disabled in order to decrease the CPU load and increase the tunnel speed. But I have heard that LZ4 is much more effective, so maybe the things are better now. I am not planning migration to 2.4 so far as I prefer to wait until a stable version for Merlin FW appears. So any information about your experience will be much appreciated.
 
Could you share your experience after enabling LZ4? I mean performance. I am using OpenVPN Server 2.3 on my RT-N66U with LZO compression disabled in order to decrease the CPU load and increase the tunnel speed. But I have heard that LZ4 is much more effective, so maybe the things are better now. I am not planning migration to 2.4 so far as I prefer to wait until a stable version for Merlin FW appears. So any information about your experience will be much appreciated.
I have only made the change for one day now. I configured it on a router that is installed at a school that I need to be able to remote into for support purposes. No problems so far. I did see one article that says LZ4 had slight worse compression ratio compared to LZO. https://en.m.wikipedia.org/wiki/LZ4_(compression_algorithm). I may change it back if I have problems but okay so far.

Not sure why, but Compression setting set to NONE appears not to work any longer on the vpn server and vpn client config on the router with OpenVPN 2.4 from my testing. I could connect over the tunnel. But not able to access any LAN resources, including the routers web GUI.
 
Last edited:
I have only made the change for one day now. I configured it on a router that is installed at a school that I need to be able to remote into for support purposes. No problems so far. I did see one article that says LZ4 had slight worse compression ratio compared to LZO. https://en.m.wikipedia.org/wiki/LZ4_(compression_algorithm). I may change it back if I have problems but okay so far.

Not sure why, but Compression setting set to NONE appears not to work any longer on the vpn server and vpn client config on the router with OpenVPN 2.4 from my testing. I could connect over the tunnel. But not able to access any LAN resources, including the routers web GUI.

Thanks for the information provided. When I spoke that LZ4 is maybe much more effective I mean that it is faster and creates less CPU load. So I will appreciate to know your observation regarding the tunnel speed. I am not interested to know if the compression ratio is better or not.

Regarding your observation that "compression setting set to NONE appears not to work any longer" - this would be very disappointing. Please confirm. Maybe you should try to set it to "disable" instead of "none". I don't know what are the options in 2.4, but in Merlin's implementation of 2.3 there are 4 options: "enable", "adaptive", "none" and "disable". I don't know what is the difference between "none" and "disable", but in my current 2.3 config it is "disable". I remember that someone reported here in the forum that "none" seems to be not working well. So my advice is to check how it will work with "disable", if the 2.4 has such option available.

Sorry if I am bothering you, but my 2.3 server is heavily used, I have no test router available, so I am unable to test 2.4 on my router. I will stay with Merlin's 380.64 (OpenVPN 2.3) until 2.4 is confirmed to be stable.
 
Thanks for the information provided. When I spoke that LZ4 is maybe much more effective I mean that it is faster and creates less CPU load. So I will appreciate to know your observation regarding the tunnel speed. I am not interested to know if the compression ratio is better or not.

Regarding your observation that "compression setting set to NONE appears not to work any longer" - this would be very disappointing. Please confirm. Maybe you should try to set it to "disable" instead of "none". I don't know what are the options in 2.4, but in Merlin's implementation of 2.3 there are 4 options: "enable", "adaptive", "none" and "disable". I don't know what is the difference between "none" and "disable", but in my current 2.3 config it is "disable". I remember that someone reported here in the forum that "none" seems to be not working well. So my advice is to check how it will work with "disable", if the 2.4 has such option available.

Sorry if I am bothering you, but my 2.3 server is heavily used, I have no test router available, so I am unable to test 2.4 on my router. I will stay with Merlin's 380.64 (OpenVPN 2.3) until 2.4 is confirmed to be stable.

I did a test and found the setting Disabled works for the Compression setting with OpenVPN 2.4. I saw no issues with CPU. I was the only client connected though as the users are out of town for the next two days. It was a little slow for me though. The reason is I am connecting through another router with a VPN connection back to USA. So it is a VPN tunnel from Thailand to USA back to a VPN tunnel from USA to Thailand.

So the None setting for Compression appears to be deprecated with OpenVPN 2.4. With Compression set to None, I could connect and verify I was connected through another client connected to the web gui. But, I was unable to connect to the Web gui through the vpn tunnel, sftp or ssh into the router or access other LAN resources. I found this behavior on two two sites. I had to change my settings to use compression and export new *.opvn config file for the client. I would like someone else to confirm. We can then post our findings in yorgi's VPN server setup guide to help others.

Please note I had to export a new certificate for this to work. The only difference is there is no longer a line labeled "compress" when compared to the certificate I use for LZ4.
 
Last edited:
Here is a screen shot of OpenVPN 2.4 Server setup I use. From my testing, the Compression field can be any value other than "None", which used to work fine in prior OpenVPN versions.

upload_2017-3-17_13-35-29.png
 
Thanks! I am happy to hear that compression "disable" option is working.
 
You're welcome. Here is the link to the OpenVPN 2.4 installer software for the client side:

https://openvpn.net/index.php/open-source/downloads.html
I am using already the 2.4 client on my office PC to connect to my home router running 2.3. Fortunately it is backward compatible with 2.3. All my questions were about server side, as I have no spare router to test it on. So I knew that "disable" option is working on client side, but after reading some of your previous posts I had an impression that on server side it is not working.

BTW I am still wondering what is the difference between "none" and "disable" :)
 
Last edited:
"no" means "tell the remote end I don't use compression, but this can be overridden later on". "disable" means "Do not use compression at all".
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top