Menu
What's new
By:
Filters Better Search

RT-AC68U VPN client successfully connect but no internet access

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

M

Micu

New Around Here
Hi,

I have an AC68U router which I'm using, whenever I'm not home, to connect all devices to a secure network.

I've installed the latest Merlin firmware.

I've configured 1 OpenVPN client and 1 L2TP client. When I enable either one of them is showing connection successful but all devices connected to the router are loosing the internet connection. When I disable the VPN client, the internet connection is working again.

The DNS server is set to manual, and I've selected the OpenDNS servers.

Some logs:

nslookup www.cnn.com
;; connection timed out; no servers could be reached

L2TP client connection logs:
Jul 8 07:35:11 pppd[1384]: Overriding mtu 1500 to 1400
Jul 8 07:35:11 pppd[1384]: Overriding mru 1500 to mtu value 1400
Jul 8 07:35:13 pppd[1384]: Overriding mru 1500 to mtu value 1400
Jul 8 07:35:13 pppd[1384]: CHAP authentication succeeded
Jul 8 07:35:13 pppd[1384]: local IP address 10.0.10.1
Jul 8 07:35:13 pppd[1384]: remote IP address 10.255.255.0
Jul 8 07:35:13 pppd[1384]: primary DNS address 192.168.1.1
Jul 8 07:35:13 pppd[1384]: secondary DNS address 192.168.1.1
Jul 8 07:35:13 dnsmasq[1111]: ignoring nameserver 192.168.1.1 - local interface
Jul 8 07:35:13 dnsmasq[1111]: ignoring nameserver 192.168.1.1 - local interface



Open VPN client connection logs:
Jul 8 07:24:03 ovpn-client1[3451]: OPTIONS IMPORT: adjusting link_mtu to 1626
Jul 8 07:24:03 ovpn-client1[3451]: OPTIONS IMPORT: data channel crypto options modified
Jul 8 07:24:03 ovpn-client1[3451]: Data Channel: using negotiated cipher 'AES-256-GCM'
Jul 8 07:24:03 ovpn-client1[3451]: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jul 8 07:24:03 ovpn-client1[3451]: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jul 8 07:24:03 ovpn-client1[3451]: TUN/TAP device tun11 opened
Jul 8 07:24:03 ovpn-client1[3451]: TUN/TAP TX queue length set to 1000
Jul 8 07:24:03 ovpn-client1[3451]: /usr/sbin/ip link set dev tun11 up mtu 1500
Jul 8 07:24:04 ovpn-client1[3451]: /usr/sbin/ip link set dev tun11 up
Jul 8 07:24:04 ovpn-client1[3451]: /usr/sbin/ip addr add dev tun11 10.8.0.3/24
Jul 8 07:24:04 ovpn-client1[3451]: ovpn-up 1 client tun11 1500 1554 10.8.0.3 255.255.255.0 init
Jul 8 07:24:06 ovpn-client1[3451]: /usr/sbin/ip route add "my actual IP"/32 via 192.168.8.1
Jul 8 07:24:06 ovpn-client1[3451]: /usr/sbin/ip route add 0.0.0.0/1 via 10.8.0.1
Jul 8 07:24:06 ovpn-client1[3451]: /usr/sbin/ip route add 128.0.0.0/1 via 10.8.0.1
Jul 8 07:24:06 openvpn-routing: Configuring policy rules for client 1
Jul 8 07:24:07 openvpn-routing: Tunnel re-established, restoring WAN access to clients
Jul 8 07:24:07 acsd: selected channel spec: 0xe29b (157/80)
Jul 8 07:24:07 acsd: Adjusted channel spec: 0xe29b (157/80)
Jul 8 07:24:07 acsd: selected channel spec: 0xe29b (157/80)
Jul 8 07:24:07 acsd: acs_set_chspec: 0xe29b (157/80) for reason APCS_CSTIMER
Jul 8 07:24:07 ovpn-client1[3451]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Jul 8 07:24:07 ovpn-client1[3451]: Initialization Sequence Completed

Do you know what might be wrong in the settings?

Thanks
 
Sigh, what is the 'latest' RMerlin firmware that you are using?
 
My first guess would be that the LAN subnet address range of your client router is the same as (or overlapping) that of the destination router.
 
Thanks Colin, I've changed the LAN IP from 192.168.1.1 to 192.168.2.1 and now the L2TP VPN connection is working.

OpenVPN client connection still the same, no internet after connection.
 
I'd have to see the complete openvpn connection log rather than just the part you showed to know any more.

When you says there's no internet can you ping a destination by IP? e.g. ping 8.8.8.8
 
ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2




OpenVPN connection logs:
Jul 10 08:22:59 rc_service: httpd 740:notify_rc start_vpnclient1
Jul 10 08:23:01 ovpn-client1[1282]: OpenVPN 2.5.2 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jun 6 2021
Jul 10 08:23:01 ovpn-client1[1282]: library versions: OpenSSL 1.1.1k 25 Mar 2021, LZO 2.08
Jul 10 08:23:01 ovpn-client1[1283]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jul 10 08:23:01 ovpn-client1[1283]: Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Jul 10 08:23:01 ovpn-client1[1283]: Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Jul 10 08:23:01 ovpn-client1[1283]: Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Jul 10 08:23:01 ovpn-client1[1283]: Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Jul 10 08:23:01 ovpn-client1[1283]: TCP/UDP: Preserving recently used remote address: [AF_INET]"my real ip":8080
Jul 10 08:23:01 ovpn-client1[1283]: Socket Buffers: R=[87380->87380] S=[16384->16384]
Jul 10 08:23:01 ovpn-client1[1283]: Attempting to establish TCP connection with [AF_INET]"my real ip":8080 [nonblock]
Jul 10 08:23:02 ovpn-client1[1283]: TCP connection established with [AF_INET]"my real ip":8080
Jul 10 08:23:02 ovpn-client1[1283]: TCP_CLIENT link local: (not bound)
Jul 10 08:23:02 ovpn-client1[1283]: TCP_CLIENT link remote: [AF_INET]"my real ip":8080
Jul 10 08:23:02 ovpn-client1[1283]: TLS: Initial packet from [AF_INET]"my real ip":8080, sid=b1276dbc 317d564e
Jul 10 08:23:02 ovpn-client1[1283]: VERIFY OK: depth=1, CN=ChangeMe
Jul 10 08:23:02 ovpn-client1[1283]: VERIFY KU OK
Jul 10 08:23:02 ovpn-client1[1283]: Validating certificate extended key usage
Jul 10 08:23:02 ovpn-client1[1283]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Jul 10 08:23:02 ovpn-client1[1283]: VERIFY EKU OK
Jul 10 08:23:02 ovpn-client1[1283]: VERIFY X509NAME OK: CN=server_PYRpqFgThGzwcxWE
Jul 10 08:23:02 ovpn-client1[1283]: VERIFY OK: depth=0, CN=server_PYRpqFgThGzwcxWE
Jul 10 08:23:03 ovpn-client1[1283]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1571', remote='link-mtu 1572'
Jul 10 08:23:03 ovpn-client1[1283]: WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
Jul 10 08:23:03 ovpn-client1[1283]: Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
Jul 10 08:23:03 ovpn-client1[1283]: [server_PYRpqFgThGzwcxWE] Peer Connection Initiated with [AF_INET]"my real ip":8080
Jul 10 08:23:04 ovpn-client1[1283]: SENT CONTROL [server_PYRpqFgThGzwcxWE]: 'PUSH_REQUEST' (status=1)
Jul 10 08:23:04 ovpn-client1[1283]: PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,block-outside-dns,redirect-gateway def1,route-gateway 10.8.0.1,topology subnet,ping 1800,ping-restart 3600,ifconfig 10.8.0.3 255.255.255.0,peer-id 0,cipher AES-256-GCM'
Jul 10 08:23:04 ovpn-client1[1283]: Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:3: block-outside-dns (2.5.2)
Jul 10 08:23:04 ovpn-client1[1283]: WARNING: You have specified redirect-gateway and redirect-private at the same time (or the same option multiple times). This is not well supported and may lead to unexpected results
Jul 10 08:23:04 ovpn-client1[1283]: OPTIONS IMPORT: timers and/or timeouts modified
Jul 10 08:23:04 ovpn-client1[1283]: OPTIONS IMPORT: --ifconfig/up options modified
Jul 10 08:23:04 ovpn-client1[1283]: OPTIONS IMPORT: route options modified
Jul 10 08:23:04 ovpn-client1[1283]: OPTIONS IMPORT: route-related options modified
Jul 10 08:23:04 ovpn-client1[1283]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Jul 10 08:23:04 ovpn-client1[1283]: OPTIONS IMPORT: peer-id set
Jul 10 08:23:04 ovpn-client1[1283]: OPTIONS IMPORT: adjusting link_mtu to 1626
Jul 10 08:23:04 ovpn-client1[1283]: OPTIONS IMPORT: data channel crypto options modified
Jul 10 08:23:04 ovpn-client1[1283]: Data Channel: using negotiated cipher 'AES-256-GCM'
Jul 10 08:23:04 ovpn-client1[1283]: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jul 10 08:23:04 ovpn-client1[1283]: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jul 10 08:23:04 ovpn-client1[1283]: TUN/TAP device tun11 opened
Jul 10 08:23:04 ovpn-client1[1283]: TUN/TAP TX queue length set to 1000
Jul 10 08:23:04 ovpn-client1[1283]: /usr/sbin/ip link set dev tun11 up mtu 1500
Jul 10 08:23:04 ovpn-client1[1283]: /usr/sbin/ip link set dev tun11 up
Jul 10 08:23:04 ovpn-client1[1283]: /usr/sbin/ip addr add dev tun11 10.8.0.3/24
Jul 10 08:23:04 ovpn-client1[1283]: ovpn-up 1 client tun11 1500 1554 10.8.0.3 255.255.255.0 init
Jul 10 08:23:06 ovpn-client1[1283]: /usr/sbin/ip route add "my real ip"/32 via 192.168.8.1
Jul 10 08:23:06 ovpn-client1[1283]: /usr/sbin/ip route add 0.0.0.0/1 via 10.8.0.1
Jul 10 08:23:06 ovpn-client1[1283]: /usr/sbin/ip route add 128.0.0.0/1 via 10.8.0.1
Jul 10 08:23:06 ovpn-client1[1283]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Jul 10 08:23:06 ovpn-client1[1283]: Initialization Sequence Completed
 
You must log in or register to reply here.

Similar threads

Sergyk
VPN client
Replies
6
Views
659
eibgrad
eibgrad
T
[Help] Problems setting up OpenVPN
Replies
7
Views
278
Thookie
T
P
OVPN Problem. Asus rt ax56u (latest merlin firmware
Replies
9
Views
2K
pattox
P
L
Openvpn internal error add route
Replies
0
Views
578
lucian
L
eibgrad
OpenVPN Client: mishandled route directives
Replies
7
Views
759
eibgrad
eibgrad
Similar threads
Thread starter Title Forum Replies Date
N Recommendation For Next Router. Currently have RT-AC88U and RT-AC68U (as a node). ASUS AC Routers & Adapters (Wi-Fi 5) 8
Fabius ASUS DSL-AC68U Dual WAN ethernet ASUS AC Routers & Adapters (Wi-Fi 5) 7
P ASUS RT-AC68U CPU heats up near 100C ASUS AC Routers & Adapters (Wi-Fi 5) 8
B RT-AC68U behaving strange. Fixable or shall I replace it? ASUS AC Routers & Adapters (Wi-Fi 5) 4
Tattz The Bear Manually set 2.4Ghz wifi channel on Asus RT-AC68U in mesh node ASUS AC Routers & Adapters (Wi-Fi 5) 5
J Questions before installing FT on my Asus RT-AC68U (A1) ASUS AC Routers & Adapters (Wi-Fi 5) 8
D QoS bandwith limiter doesnt work on DSL-AC68U ASUS AC Routers & Adapters (Wi-Fi 5) 4
O RT-AC68U Parental Controls Time Block set, but Kid can still use Wi-Fi ASUS AC Routers & Adapters (Wi-Fi 5) 4
L 4G-AC68u Update modem firmware ASUS AC Routers & Adapters (Wi-Fi 5) 4
pathe915 RT-AC68U - Issues and problem with upgrading firmware ASUS AC Routers & Adapters (Wi-Fi 5) 8

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Members online

Total: 857 (members: 29, guests: 828)
Top