Jump to content
Not connected, Your IP: 3.144.3.235
chbni

Unstable connection with router RT-AC68U

Recommended Posts

Hello all,

 

just registered here and bought a full year VPN-package. Unfortunately I ran into severe problems using AirVPN with my router, an ASUS RT-AC68 U (with the latest firmware :3.0.0.4.378_4585):

I can (usually) connect without any problem using one of the generated files for a router. I write "usually" because every fourth time or so, I get an error message indicating an routing/IP error. But even if I do not and connection works flawlessly, some time between an hour or two days later, I can no longer connect to the Internet.

Just some minuted ago, the connection dropped and I plugged the following off the router's logfiles:

 

Jun 10 19:11:02 openvpn[1880]: Socket Buffers: R=[122880->131072] S=[122880->131072]
Jun 10 19:11:02 openvpn[1880]: UDPv4 link local: [undef]
Jun 10 19:11:02 openvpn[1880]: UDPv4 link remote: [AF_INET]104.254.90.250:443
Jun 10 19:12:02 openvpn[1880]: [uNDEF] Inactivity timeout (--ping-restart), restarting
Jun 10 19:12:02 openvpn[1880]: SIGUSR1[soft,ping-restart] received, process restarting
Jun 10 19:12:02 openvpn[1880]: Restart pause, 2 second(s)
Jun 10 19:12:04 openvpn[1880]: Socket Buffers: R=[122880->131072] S=[122880->131072]
Jun 10 19:12:04 openvpn[1880]: UDPv4 link local: [undef]
Jun 10 19:12:04 openvpn[1880]: UDPv4 link remote: [AF_INET]104.254.90.250:443
Jun 10 19:13:04 openvpn[1880]: [uNDEF] Inactivity timeout (--ping-restart), restarting
Jun 10 19:13:04 openvpn[1880]: SIGUSR1[soft,ping-restart] received, process restarting
Jun 10 19:13:04 openvpn[1880]: Restart pause, 2 second(s)
Jun 10 19:13:06 openvpn[1880]: Socket Buffers: R=[122880->131072] S=[122880->131072]
Jun 10 19:13:06 openvpn[1880]: UDPv4 link local: [undef]
Jun 10 19:13:06 openvpn[1880]: UDPv4 link remote: [AF_INET]104.254.90.250:443

 

This goes on and on forever, until I manually kill the connection and reset it. Then everything works fine ... for a couple of hours or up to two days. Here is another one, from a connection established yesterday:

 

Jun 10 17:49:21 openvpn[3670]: TLS: tls_process: killed expiring key
Jun 10 17:49:28 openvpn[3670]: TLS: soft reset sec=0 bytes=48147/0 pkts=701/0
Jun 10 17:49:29 openvpn[3670]: VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
Jun 10 17:49:29 openvpn[3670]: Validating certificate key usage
Jun 10 17:49:29 openvpn[3670]: ++ Certificate has key usage  00a0, expects 00a0
Jun 10 17:49:29 openvpn[3670]: VERIFY KU OK
Jun 10 17:49:29 openvpn[3670]: Validating certificate extended key usage
Jun 10 17:49:29 openvpn[3670]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Jun 10 17:49:29 openvpn[3670]: VERIFY EKU OK
Jun 10 17:49:29 openvpn[3670]: VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org
Jun 10 17:49:34 openvpn[3670]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Jun 10 17:49:34 openvpn[3670]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jun 10 17:49:34 openvpn[3670]: Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Jun 10 17:49:34 openvpn[3670]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jun 10 17:49:34 openvpn[3670]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 4096 bit RSA
Jun 10 17:59:59 ntp: start NTP update
Jun 10 18:46:13 openvpn[3670]: [server] Inactivity timeout (--ping-restart), restarting
Jun 10 18:46:13 openvpn[3670]: SIGUSR1[soft,ping-restart] received, process restarting
Jun 10 18:46:13 openvpn[3670]: Restart pause, 2 second(s)
Jun 10 18:46:15 openvpn[3670]: Socket Buffers: R=[122880->131072] S=[122880->131072]
Jun 10 18:46:15 openvpn[3670]: UDPv4 link local: [undef]
Jun 10 18:46:15 openvpn[3670]: UDPv4 link remote: [AF_INET]104.254.90.194:443
Jun 10 18:47:15 openvpn[3670]: [uNDEF] Inactivity timeout (--ping-restart), restarting
Jun 10 18:47:15 openvpn[3670]: SIGUSR1[soft,ping-restart] received, process restarting
Jun 10 18:47:15 openvpn[3670]: Restart pause, 2 second(s)
Jun 10 18:47:17 openvpn[3670]: Socket Buffers: R=[122880->131072] S=[122880->131072]
Jun 10 18:47:17 openvpn[3670]: UDPv4 link local: [undef]
Jun 10 18:47:17 openvpn[3670]: UDPv4 link remote: [AF_INET]104.254.90.194:443

 

I have no clue what is going on here and appreciate any help.

 

Thank you very much.

Share this post


Link to post

looks like your internet connection is dying at those times.  do you really mean "I can no longer connect to the internet" or do you mean you can no longer connect to AirVPN?  when you're getting the problems with openvpn does internet work fine outside the VPN?

Share this post


Link to post

Hello and thank you for your replies.

 

looks like your internet connection is dying at those times.  do you really mean "I can no longer connect to the internet" or do you mean you can no longer connect to AirVPN?  when you're getting the problems with openvpn does internet work fine outside the VPN?

 

Sorry, silly me. Or course I can still connect, only not via the VPN connection my router shows me as still active. What I meant was that I can no longer connect through the VPN connection. As soon as I manually close the connection to AirVPN, I can access the Internet immediately. I do not get why the connection is not reset or restarted after it has died due to inactivity. Instead it just sits there and blocks all connections.

 

 

is your asus open-wrt, tomato, ore merlin?

 

It is neither. I am still using the ASUS router "OS". All I did was install the latest ASUS updates shortly after they became available.

Share this post


Link to post

May I ask you why Merlin and not open-wrt or tomato? I only had a brief look at open-wrt one and it seemed to have quite advanced features. As you know, I did not install it, so I am absolutely open to any firmware. Just curious on why you would chose Merlin over the other alternatives.

 

Thank you again.

Share this post


Link to post

I use ddwrt on my ac68u no Problem and stable

 

 

Gesendet von iPhone mit Tapatalk

Share this post


Link to post

Merlin firmware modifies the stock asus firmware.  So, benefit to that is that you're getting a firmware that's made specifically for your hardware.  I'm not sure but I think the NAT acceleration capability is only available with asus or merlin asus firmware.  You'll also get other asus firmware things like the trendmicro protections.  The late versions of merlin firmware have policy routing mode for the openvpn client so you can control which LAN clients go through the VPN tunnel.

Share this post


Link to post

Hello all,

 

Installed Merlin after doing a factory reset and till now it runs smoothly. Obviously I now have a lot more options to tweak the VPN connection. I like that. It's like the candy store of router options...

 

Anything special I should turn on to increase security?

 

I also tried to use policy routing for VPN but that did not work. I wanted to route everything through VPN except a couple of connections to some websites. So I first added

192.168.0.0/24     0.0.0.0/0     VPN

to redirect everything through VPN but after that airvpn shows me as not connected and my WAN IP, as well as whatismyipaddress.com/

 

Tried it the other way round and only added 192.168.0.0/24 or my computer's LAN IP and the IP of airvpn but for the same effect: Not connected. Weird.

Share this post


Link to post

Hello all,

 

Installed Merlin after doing a factory reset and till now it runs smoothly. Obviously I now have a lot more options to tweak the VPN connection. I like that. It's like the candy store of router options...

 

Anything special I should turn on to increase security?

 

I also tried to use policy routing for VPN but that did not work. I wanted to route everything through VPN except a couple of connections to some websites. So I first added

192.168.0.0/24     0.0.0.0/0     VPN

to redirect everything through VPN but after that airvpn shows me as not connected and my WAN IP, as well as whatismyipaddress.com/

 

Tried it the other way round and only added 192.168.0.0/24 or my computer's LAN IP and the IP of airvpn but for the same effect: Not connected. Weird.

 

 

sorry for the late reply.  my internet was out yesterday after a storm.

 

1) you say you installed merlin after a factory reset.  The factory reset needs to happen *after* you do the firmware upgrade.

 

2) if you added your computer's LAN IP for all destinations through VPN then I would say your VPN isn't connecting.  please check out the system log.

 

first things first - do a factory reset *after* firmware upgrade. 

Share this post


Link to post

Hello,

 

no need to apologize, the moderator approved my post just yesterday, so you could not have answered earlier anyway. ;-)

 

I did a factory reset before and another one after flashing the router, to be on the safe side. So everything should be fine.

 

 

VPN is connecting according to the log files. If I change VPN from policy routing to "redirect all" whatsmyipaddress shows the VPN address, so it is not an issue with the VPN.

There must be something wrong with the routing policy. But I cannot figure out what that might be. My local network is 192.168.25.xx so that's fine. And you cannot argue with 0.0.0.0, I'd say. It seems as if there is no "catchall" redirecting everything through the VPN. But that certainly cannot be true, can it?

 

 

 

BUT...

Just minutes ago the error from my first post had returned.

 

I booted my PC, could browse the Internet for some minutes and then all of a sudden I get timeouts from all websites I visited. Pings are not returning as well. Approximately ten minutes later, connection is back. Logfiles confirm what I had already expected. For approximately ten minutes I get the familiar block of

 

Jun 16 18:48:34 openvpn[14583]: [uNDEF] Inactivity timeout (--ping-restart), restarting
Jun 16 18:48:34 openvpn[14583]: SIGUSR1[soft,ping-restart] received, process restarting
Jun 16 18:48:34 openvpn[14583]: Restart pause, 2 second(s)
Jun 16 18:48:36 openvpn[14583]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jun 16 18:48:36 openvpn[14583]: Socket Buffers: R=[122880->131072] S=[122880->131072]
Jun 16 18:48:36 openvpn[14583]: UDPv4 link local: [undef]
Jun 16 18:48:36 openvpn[14583]: UDPv4 link remote: [AF_INET]199.21.149.44:443
Jun 16 18:49:36 openvpn[14583]: [uNDEF] Inactivity timeout (--ping-restart), restarting
Jun 16 18:49:36 openvpn[14583]: SIGUSR1[soft,ping-restart] received, process restarting
Jun 16 18:49:36 openvpn[14583]: Restart pause, 2 second(s)

 

...until finally...

 

Jun 16 18:51:42 openvpn[14583]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jun 16 18:51:42 openvpn[14583]: Socket Buffers: R=[122880->131072] S=[122880->131072]
Jun 16 18:51:42 openvpn[14583]: UDPv4 link local: [undef]
Jun 16 18:51:42 openvpn[14583]: UDPv4 link remote: [AF_INET]199.19.94.61:443
Jun 16 18:51:50 openvpn[14583]: TLS: Initial packet from [AF_INET]199.19.94.61:443, sid=090dbda7 e45958e7
Jun 16 18:51:50 openvpn[14583]: VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
Jun 16 18:51:50 openvpn[14583]: Validating certificate key usage
Jun 16 18:51:50 openvpn[14583]: ++ Certificate has key usage  00a0, expects 00a0
Jun 16 18:51:50 openvpn[14583]: VERIFY KU OK
Jun 16 18:51:50 openvpn[14583]: Validating certificate extended key usage
Jun 16 18:51:50 openvpn[14583]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Jun 16 18:51:50 openvpn[14583]: VERIFY EKU OK

 

... and so on: VPN reconnects.

 

Why is it taking so long for an inactive VPN connection to reset and reconnect?

 

Any ideas?

 

Thank you, as always.

Share this post


Link to post

for the stability of the connection perhaps try other ports/protocols.

 

regarding the policy routing, I see the problem.  if your subnet is 192.168.25.xx, then to catch all LAN clients you need to use 192.168.25.0/24 as a policy routing rule.

Share this post


Link to post

VPN routing is working now. I did not change anything, so maybe I was too impatient last time.

 

As for the connection, no problems occured since Tuesday. I chose the recommended protocol and port, so I guess it should work best with the current selection. If it pops up again, I might try another configuration though.

 

 

Thank you very much for your help, could not have done it without your precious suggestions.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...