RT-N66U OpenVPN problem

[olapola]

I have a problem with my RT-N66U. After a random amount of time I cant access the internet without rebooting the router or restarting the OpenVPN client in the webgui. Anyone else have this problem?

This is what System log says:

openvpn[596]: RESOLVE: Cannot resolve host address: pw.openvpn.ipredator.es: Name or service not known

 

[bachastain]

I have a problem with my RT-N66U. After a random amount of time I cant access the internet without rebooting the router or restarting the OpenVPN client in the webgui. Anyone else have this problem?

This is what System log says:

openvpn[596]: RESOLVE: Cannot resolve host address: pw.openvpn.ipredator.es: Name or service not known

I'm not sure if this is similar but I had my RT-N16 do something similar a few days ago. It was like the DNS connection to the internet died. I could still ping everything by IP, including on the internet My DNS configuration uses the primary of OpenDNS and the primary of Google. 208.67.222.222 and 8.8.8.8. I could ping those servers just fine but I had somehow lost the DNS connection to them. I tried "nslookup google,com 8.8.8.8" and it worked just fine, yet I couldn't ping google by name, only by IP.

On my local network I could ping my own boxes by name, "ping mylaptop", which worked fine. No names in the internet side of the router would resolve. "ipconfig /displaydns" at the client showed no entries.

After figuring this out I made a small change to the router settings to force a mini-restart and bingo, the dns resolution started working again.

This was on the latest 43 branch code. I have since loaded 45 and haven't seen it again so far.

Bruce.

 

[olapola]

Got some more information

Aug 31 03:53:16 openvpn[969]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 3251 bit RSA
Aug 31 04:53:15 openvpn[969]: TLS: tls_process: killed expiring key
Aug 31 04:53:17 openvpn[969]: VERIFY OK: depth=1, C=SE, ST=Bryggland, L=Oeldal, O=Royal Swedish Beer Squadron, OU=Internetz, CN=Royal Swedish Beer Squadron CA, emailAddress=hostmaster@ipredator.se
Aug 31 04:53:17 openvpn[969]: VERIFY OK: nsCertType=SERVER
Aug 31 04:53:17 openvpn[969]: VERIFY OK: depth=0, C=SE, ST=Bryggland, L=Oeldal, O=Royal Swedish Beer Squadron, CN=peghaitimoot.openvpn.ipredator.se, emailAddress=hostmaster@ipredator.se
Aug 31 04:53:18 openvpn[969]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Aug 31 04:53:18 openvpn[969]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Aug 31 04:53:18 openvpn[969]: Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Aug 31 04:53:18 openvpn[969]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Aug 31 04:53:18 openvpn[969]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 3251 bit RSA
Aug 31 05:24:09 openvpn[969]: [peghaitimoot.openvpn.ipredator.se] Inactivity timeout (--ping-restart), restarting
Aug 31 05:24:09 openvpn[969]: SIGUSR1[soft,ping-restart] received, process restarting
Aug 31 05:24:09 openvpn[969]: Restart pause, 2 second(s)
Aug 31 05:24:11 openvpn[969]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Aug 31 05:24:11 openvpn[969]: Socket Buffers: R=[118784->131072] S=[118784->131072]
Aug 31 05:25:11 openvpn[969]: RESOLVE: Cannot resolve host address: pw.openvpn.ipredator.es: Name or service not known
Aug 31 05:26:11 openvpn[969]: RESOLVE: Cannot resolve host address: pw.openvpn.ipredator.es: Name or service not known
Aug 31 05:26:11 openvpn[969]: SIGUSR1[soft,init_instance] received, process restarting

 

[john9527]

I've had the same symptom a couple of time on an AC68R with a different provider. It looks like what is happening is that your service provider node goes away (either due to an inactivity timeout or problem) and dnsmasq is still trying to use the vpn DNS. Of course it can't get there anymore.

Two things to check in your VPN client setup.....I'd set Poll interval to 0 to disable it, and make sure Accept DNS Configuration is not set to Exclusive.

 

[olapola]

I've had the same symptom a couple of time on an AC68R with a different provider. It looks like what is happening is that your service provider node goes away (either due to an inactivity timeout or problem) and dnsmasq is still trying to use the vpn DNS. Of course it can't get there anymore.

Two things to check in your VPN client setup.....I'd set Poll interval to 0 to disable it, and make sure Accept DNS Configuration is not set to Exclusive.

Hello

I´ve checked my settings and Poll interval is 0 and DNS Config are set to strict.

 

[olapola]

Here is some more info if that helps anyone

Sep 16 06:01:44 openvpn[9671]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 3673 bit RSA
Sep 16 06:09:48 nmbd[402]: [2014/09/16 06:09:48, 0] nmbd/nmbd_browsesync.c:find_domain_master_name_query_fail(351)
Sep 16 06:09:48 nmbd[402]:   find_domain_master_name_query_fail:
Sep 16 06:09:48 nmbd[402]:   Unable to find the Domain Master Browser name WORKGROUP<1b> for the workgroup WORKGROUP.
Sep 16 06:09:48 nmbd[402]:   Unable to sync browse lists in this workgroup.
Sep 16 06:24:44 nmbd[402]: [2014/09/16 06:24:44, 0] nmbd/nmbd_browsesync.c:find_domain_master_name_query_fail(351)
Sep 16 06:24:44 nmbd[402]:   find_domain_master_name_query_fail:
Sep 16 06:24:44 nmbd[402]:   Unable to find the Domain Master Browser name WORKGROUP<1b> for the workgroup WORKGROUP.
Sep 16 06:24:44 nmbd[402]:   Unable to sync browse lists in this workgroup.
Sep 16 06:24:49 kernel: eth2: received packet with  own address as source address
Sep 16 06:37:00 kernel: eth1: received packet with  own address as source address
Sep 16 06:39:56 nmbd[402]: [2014/09/16 06:39:56, 0] nmbd/nmbd_browsesync.c:find_domain_master_name_query_fail(351)
Sep 16 06:39:56 nmbd[402]:   find_domain_master_name_query_fail:
Sep 16 06:39:56 nmbd[402]:   Unable to find the Domain Master Browser name WORKGROUP<1b> for the workgroup WORKGROUP.
Sep 16 06:39:56 nmbd[402]:   Unable to sync browse lists in this workgroup.
Sep 16 06:55:02 nmbd[402]: [2014/09/16 06:55:02, 0] nmbd/nmbd_browsesync.c:find_domain_master_name_query_fail(351)
Sep 16 06:55:02 nmbd[402]:   find_domain_master_name_query_fail:
Sep 16 06:55:02 nmbd[402]:   Unable to find the Domain Master Browser name WORKGROUP<1b> for the workgroup WORKGROUP.
Sep 16 06:55:02 nmbd[402]:   Unable to sync browse lists in this workgroup.
Sep 16 07:01:43 openvpn[9671]: TLS: tls_process: killed expiring key
Sep 16 07:01:45 openvpn[9671]: VERIFY OK: depth=1, C=SE, ST=Bryggland, L=Oeldal, O=Royal Swedish Beer Squadron, OU=Internetz, CN=Royal Swedish Beer Squadron CA, emailAddress=hostmaster@ipredator.se
Sep 16 07:01:45 openvpn[9671]: VERIFY OK: nsCertType=SERVER
Sep 16 07:01:45 openvpn[9671]: VERIFY OK: depth=0, C=SE, ST=Bryggland, L=Oeldal, O=Royal Swedish Beer Squadron, CN=aingaunahnga.openvpn.ipredator.se, emailAddress=hostmaster@ipredator.se
Sep 16 07:01:46 openvpn[9671]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sep 16 07:01:46 openvpn[9671]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sep 16 07:01:46 openvpn[9671]: Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sep 16 07:01:46 openvpn[9671]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sep 16 07:01:46 openvpn[9671]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 3673 bit RSA
Sep 16 07:03:14 openvpn[9671]: [aingaunahnga.openvpn.ipredator.se] Inactivity timeout (--ping-restart), restarting
Sep 16 07:03:14 openvpn[9671]: SIGUSR1[soft,ping-restart] received, process restarting
Sep 16 07:03:14 openvpn[9671]: Restart pause, 2 second(s)
Sep 16 07:03:16 openvpn[9671]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sep 16 07:03:16 openvpn[9671]: Socket Buffers: R=[118784->131072] S=[118784->131072]
Sep 16 07:04:26 openvpn[9671]: RESOLVE: Cannot resolve host address: pw.openvpn.ipredator.se: Name or service not known
Sep 16 07:05:56 openvpn[9671]: RESOLVE: Cannot resolve host address: pw.openvpn.ipredator.se: Name or service not known
Sep 16 07:05:56 openvpn[9671]: SIGUSR1[soft,init_instance] received, process restarting
Sep 16 07:05:56 openvpn[9671]: Restart pause, 2 second(s)

 

[viriol]

I have the exact same problem on a RT-N56U with this firmware:
https://code.google.com/p/rt-n56u/

The OpenVPN client sometimes works for days, but suddenly everything dies and when I check the log it says:

openvpn[****]: RESOLVE: Cannot resolve host address: ****: Name or service not known
openvpn[****]: RESOLVE: Cannot resolve host address: ****: Name or service not known
openvpn[****]: RESOLVE: Cannot resolve host address: ****: Name or service not known
openvpn[****]: RESOLVE: Cannot resolve host address: ****: Name or service not known
openvpn[****]: RESOLVE: Cannot resolve host address: ****: Name or service not known
openvpn[****]: RESOLVE: Cannot resolve host address: ****: Name or service not known

The only solution is to reboot the router or stop/start the OpenVPN client, then all is fine again.

In my settings I've told OpenVPN to not use the DNS servers assigned from the VPN server at all, but only to use the open and free OpenDNS servers which I manually set in the router.

I'm not sure if that is what john9527 means with this: "make sure Accept DNS Configuration is not set to Exclusive".

I can't find any "Poll interval" setting in my firmware, should I enter it manually in the "OpenVPN Extended Configuration" text box?

Any other suggestions?