What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Problem with OpenVPN and WPA2 Enterprise

H

Hellman

New Around Here
We have a problem with Asuswrt-Merlin, the same problem that we also had with our older routers running Tomato.
When the router and the modem is powered up, the router is finished starting first and starts sending wifi, and also tries to establish the OpenVPN-tunnel. The computers now tries to connect to the wifi, but since the router cant connect to our Radius through the tunnel yet, the connections will fail. Now the modem is finished starting and the OpenVPN-tunnel will establish. But the computers will still not be able to connect, and when we sniff the traffic in the tunnel we can se that there is no Radius-traffic.
If we do:

killall nas
nas /etc/nas.conf /var/run/nas.pid lan

it will start working and the authentications goes through the VPN-tunnel.
On Tomato we had these commands scheduled every three minutes so that it would be no more than three minutes delay after startup until it would work. In Asuswrt-Merlin there is no sheduler, can that be added?
Or even better ofcourse, can the problem be fixed?
If we start the modem first and wait till it is finished, and then start the router, we have never had the problem.
 
Hellman said:
......
If we start the modem first and wait till it is finished, and then start the router, we have never had the problem.
Click to expand...

Is that not a practical solution? I thought that was the recommended sequence in general anyway.
 
martinr said:
Is that not a practical solution? I thought that was the recommended sequence in general anyway.
Click to expand...
Yes, when we install it we do that. But we have many offices running this solution, and sometimes there is power failures or someone accidently turns the power off, then the router and modem starts at the same time and the router are often finished starting first. The problem could also occur if the OpenVPN-tunnel for some reason goes down an up.
 
Hellman said:
Yes, when we install it we do that. But we have many offices running this solution, and sometimes there is power failures or someone accidently turns the power off, then the router and modem starts at the same time and the router are often finished starting first. The problem could also occur if the OpenVPN-tunnel for some reason goes down an up.
Click to expand...

Understood. By the way, did you see this?

http://www.snbforums.com/threads/rm...g-for-wan-connection-at-boot.9981/#post-60998

There might possibly be some food for thought in there.

Good luck. If you post back with the outcome it may well help others in future.
 
Shouldn't be using remote RADIUS for auth - what happens to the local net if the ISP loses connectivity on the remote end (happens...)

I would suggest two RADIUS servers - one on each end, and sync them up over the tunnel and limit each server's scope to the local IP subnets on each end.
 
sfx2000 said:
Shouldn't be using remote RADIUS for auth - what happens to the local net if the ISP loses connectivity on the remote end (happens...)

I would suggest two RADIUS servers - one on each end, and sync them up over the tunnel and limit each server's scope to the local IP subnets on each end.
Click to expand...
We have many small offices with few computers, we cant have servers at each office. The servers are actually Microsoft NPS servers that authenticate the computers and users through Active Directory so the servers must have connection to our core, so placing servers att each small office will not help if the tunnel goes down. OpenVPN is very stable and we do not have much connection loss, the problem that we have is if there is a power loss and the modem and router restarts, then will the radius authentication stop from the router.
 
We created a init-start script that created a cron job that every third minute run a script that run:

killall nas
nas /etc/nas.conf /var/run/nas.pid lan

Now radius authentications is working as it should. Thanks for your help!

Btw, I found that this problem has existed a long time: http://wl500g.info/archive/index.php/t-2055.html
Sad that there has not been a solution for it.
 
You must log in or register to reply here.

Similar threads

Harry Azcrac
ASUS Merlin on RT-AC86U OpenVPN Server not blocking IP when a client connects
Replies
2
Views
188
Harry Azcrac
Harry Azcrac
D
Issue with openVPN port forward in ASUS ac88u
Replies
4
Views
469
deeph203
D
P
Getting started with RT-AX88U and RT-AX57
Replies
7
Views
437
portnoy58
P
bengalih
Bug with corrupted passwords in OpenVPN Server
Replies
14
Views
1K
gk802
G
M
OpenVPN clients cannot connect to LAN computers.
Replies
0
Views
684
MNBob
M
Similar threads
Thread starter Title Forum Replies Date
P Problem connecting to OpenVPN server on AX86U Asuswrt-Merlin 4
E OpenVPN TAP internet access problem Asuswrt-Merlin 0
E AImesh Problem? Asuswrt-Merlin 1
i0ntempest IPv6 traffic forwarding problem: connection hangs Asuswrt-Merlin 9
W New Asus AXE-11000 VPN Director Problem Asuswrt-Merlin 1
Ropuh RT-BE88U ethernet problem Asuswrt-Merlin 2
el_pedr0 Please help me diagnose knotty routing problem Asuswrt-Merlin 4
H Astrill router applet problem. Asuswrt-Merlin 2
C OVPN server setup problem Asuswrt-Merlin 7
KrautHolg RT-AX88U Pro - Merlin Firmware:3004.388.8_2 - WiFi connection problem Asuswrt-Merlin 11

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 404 (members: 17, guests: 387)
Back
Top