Constant Internet drops on OpenVPN (Nord)

I recently purchased a GL-MT3000 that I use as wireless travel router, and another GL-MT1300 that I use as a wireless repeater when I am in a larger home abroad. Both are on the latest stable firmware. The MT3000 is connected via the WAN port to the local router/modem via an open LAN port.

When I enable an OpenVPN client via Nord, within an hour +/- I lose internet connectivity and must select a new configuration file to reconnect. This is true for both UDP and TCP configurations, and has happened in multiple locations with various local hardware. Obviously this does not play well with remote work.

EDIT: Installed Surfshark wireguard configs and activated. Same problem

Before I scrap my investment in Gli gear and look elsewhere, I’m hoping these an easy solve. I’ve tried reviewing the logs but nothing stands out except one entry at the last occurence:
Reloading firewall due to ifup of wan (eth0)

Thanks for any community input to resolve.

Scrap your investment in Nord instead. It‘s an terrible VPN provider and causes much trouble.

In your experience, what VPN providers have proven most reliable as a router based solution for Gl.i devices?

I would prefer Mullvad.net using Wireguard.
It’s stable, good pricing and reliable.

Thank you,

I’ve just had the problem recur, and this seems to be a common sequence in the log before a drop. I’ve not sufficiently techincal to know if it is hardware or software induced:

Tue Jan 9 13:42:21 2024 user.notice mwan3[24588]: Execute ifup event on interface wan (eth0)
Tue Jan 9 13:42:21 2024 user.notice mwan3[24588]: Starting tracker on interface wan (eth0)
Tue Jan 9 13:42:21 2024 user.notice mwan3track[27109]: Stopping mwan3track for interface “wan”
Tue Jan 9 13:42:22 2024 daemon.info avahi-daemon[3787]: Joining mDNS multicast group on interface eth0.IPv6 with address fe80::9683:c4ff:fe3d:f25b.
Tue Jan 9 13:42:22 2024 daemon.info avahi-daemon[3787]: New relevant interface eth0.IPv6 for mDNS.
Tue Jan 9 13:42:22 2024 daemon.info avahi-daemon[3787]: Registering new address record for fe80::9683:c4ff:fe3d:f25b on eth0.*.
Tue Jan 9 13:42:23 2024 user.info mwan3rtmon[7422]: Detect rtchange event.
Tue Jan 9 13:42:24 2024 user.notice firewall: Reloading firewall due to ifup of wan (eth0)

Try to disable the connection state tracker for WAN

Thanks - I thought you had it! But it dropped again,

Hm, that’s sad. I would give Mullvad a try (it’s just $5 per month, so better than being angry about Nord for more than a few minutes)

Or if Nord offers Wireguard, you could try this as well.
OVPN is so 2010 :wink:

Thanks so much. The only challenge with Mullvad is streaming services - my GF won’t last long without her shows. But I’ll look at some wireguard options that play well with Gli - looks like a few do.

Ain’t much, but at least here are my VPN policies for excluding Disney+ and RTL+

Thanks again. Unfortunately the mystery deepens. I set up an account at Surfshark and added ad activated their wireguard configurations to the MT-3000. Same problem within an hour. :\

Log for what it’s worth:

Tue Jan 9 16:00:40 2024 kern.info kernel: [24809.513623] mtk_soc_eth 15100000.ethernet eth0: Link is Down
Tue Jan 9 16:00:40 2024 daemon.notice netifd: Network device ‘eth0’ link is down
Tue Jan 9 16:00:40 2024 daemon.notice netifd: Interface ‘wan’ has link connectivity loss
Tue Jan 9 16:00:40 2024 daemon.notice netifd: wan (29759): udhcpc: received SIGTERM
Tue Jan 9 16:00:40 2024 daemon.notice netifd: wan (29759): udhcpc: unicasting a release of 192.168.1.148 to 192.168.1.254
Tue Jan 9 16:00:40 2024 daemon.notice netifd: wan (29759): udhcpc: sending release
Tue Jan 9 16:00:40 2024 daemon.notice netifd: wan (29759): udhcpc: entering released state
Tue Jan 9 16:00:40 2024 daemon.notice netifd: wan (29759): Command failed: Permission denied
Tue Jan 9 16:00:40 2024 daemon.notice netifd: Interface ‘wan’ is now down
Tue Jan 9 16:00:40 2024 daemon.info avahi-daemon[3787]: Withdrawing address record for 192.168.1.148 on eth0.
Tue Jan 9 16:00:40 2024 daemon.info avahi-daemon[3787]: Leaving mDNS multicast group on interface eth0.IPv4 with address 192.168.1.148.
Tue Jan 9 16:00:40 2024 daemon.info avahi-daemon[3787]: Interface eth0.IPv4 no longer relevant for mDNS.
Tue Jan 9 16:00:40 2024 daemon.info avahi-daemon[3787]: Interface eth0.IPv6 no longer relevant for mDNS.
Tue Jan 9 16:00:40 2024 daemon.info avahi-daemon[3787]: Leaving mDNS multicast group on interface eth0.IPv6 with address fe80::9683:c4ff:fe3d:f25b.
Tue Jan 9 16:00:40 2024 daemon.info avahi-daemon[3787]: Withdrawing address record for fe80::9683:c4ff:fe3d:f25b on eth0.
Tue Jan 9 16:00:40 2024 daemon.notice netifd: Interface ‘wan’ is disabled
Tue Jan 9 16:00:40 2024 kern.info kernel: [24809.577058] mtk_soc_eth 15100000.ethernet eth0: configuring for fixed/2500base-x link mode
Tue Jan 9 16:00:40 2024 daemon.notice netifd: Interface ‘wan’ is enabled
Tue Jan 9 16:00:40 2024 daemon.warn dnsmasq[4774]: no servers found in /tmp/resolv.conf.d/resolv.conf.auto, will retry
Tue Jan 9 16:00:41 2024 user.notice mwan3[6266]: Execute ifdown event on interface wan (unknown)
Tue Jan 9 16:00:41 2024 user.info mwan3track[31843]: Detect ifdown event on interface wan (eth0)
Tue Jan 9 16:00:41 2024 user.notice mwan3track[31843]: Interface wan (eth0) is offline
Tue Jan 9 16:00:42 2024 user.notice firewall: Reloading firewall due to ifdown of wan ()
Tue Jan 9 16:00:44 2024 kern.info kernel: [24812.648876] mtk_soc_eth 15100000.ethernet eth0: Link is Up - 1Gbps/Full - flow control rx/tx
Tue Jan 9 16:00:44 2024 kern.info kernel: [24812.657410] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
Tue Jan 9 16:00:44 2024 daemon.notice netifd: Network device ‘eth0’ link is up
Tue Jan 9 16:00:44 2024 daemon.notice netifd: Interface ‘wan’ has link connectivity
Tue Jan 9 16:00:44 2024 daemon.notice netifd: Interface ‘wan’ is setting up now
Tue Jan 9 16:00:44 2024 daemon.notice netifd: wan (6920): udhcpc: started, v1.33.2
Tue Jan 9 16:00:44 2024 daemon.notice netifd: wan (6920): udhcpc: sending discover
Tue Jan 9 16:00:44 2024 daemon.notice netifd: wan (6920): udhcpc: sending select for 192.168.1.148
Tue Jan 9 16:00:44 2024 daemon.notice netifd: wan (6920): udhcpc: lease of 192.168.1.148 obtained, lease time 604800
Tue Jan 9 16:00:44 2024 daemon.info avahi-daemon[3787]: Joining mDNS multicast group on interface eth0.IPv4 with address 192.168.1.148.
Tue Jan 9 16:00:44 2024 daemon.info avahi-daemon[3787]: New relevant interface eth0.IPv4 for mDNS.
Tue Jan 9 16:00:44 2024 daemon.info avahi-daemon[3787]: Registering new address record for 192.168.1.148 on eth0.IPv4.
Tue Jan 9 16:00:44 2024 daemon.notice netifd: Interface ‘wan’ is now up
Tue Jan 9 16:00:44 2024 daemon.info dnsmasq[4774]: reading /tmp/resolv.conf.d/resolv.conf.auto
Tue Jan 9 16:00:44 2024 daemon.info dnsmasq[4774]: using only locally-known addresses for domain test
Tue Jan 9 16:00:44 2024 daemon.info dnsmasq[4774]: using only locally-known addresses for domain onion
Tue Jan 9 16:00:44 2024 daemon.info dnsmasq[4774]: using only locally-known addresses for domain localhost
Tue Jan 9 16:00:44 2024 daemon.info dnsmasq[4774]: using only locally-known addresses for domain local
Tue Jan 9 16:00:44 2024 daemon.info dnsmasq[4774]: using only locally-known addresses for domain invalid
Tue Jan 9 16:00:44 2024 daemon.info dnsmasq[4774]: using only locally-known addresses for domain bind
Tue Jan 9 16:00:44 2024 daemon.info dnsmasq[4774]: using only locally-known addresses for domain lan
Tue Jan 9 16:00:44 2024 daemon.info dnsmasq[4774]: using nameserver 190.248.0.7#53
Tue Jan 9 16:00:44 2024 daemon.info dnsmasq[4774]: using nameserver 190.240.115.146#53
Tue Jan 9 16:00:44 2024 daemon.info dnsmasq[4774]: using nameserver 190.240.115.146#53
Tue Jan 9 16:00:44 2024 user.notice mwan3[6934]: Execute ifup event on interface wan (eth0)
Tue Jan 9 16:00:45 2024 user.notice mwan3[6934]: Starting tracker on interface wan (eth0)
Tue Jan 9 16:00:45 2024 user.notice mwan3track[31843]: Stopping mwan3track for interface “wan”
Tue Jan 9 16:00:45 2024 daemon.info avahi-daemon[3787]: Joining mDNS multicast group on interface eth0.IPv6 with address fe80::9683:c4ff:fe3d:f25b.
Tue Jan 9 16:00:45 2024 daemon.info avahi-daemon[3787]: New relevant interface eth0.IPv6 for mDNS.
Tue Jan 9 16:00:45 2024 daemon.info avahi-daemon[3787]: Registering new address record for fe80::9683:c4ff:fe3d:f25b on eth0.*.
Tue Jan 9 16:00:47 2024 kern.err kernel: [24816.230184] 7981@C08L1,ap_peer_auth_req_at_idle_action() 692: wcid2 exist in Band1 but Recv Band0, CH7 => SKIP
Tue Jan 9 16:00:47 2024 kern.warn kernel: [24816.240348] 7981@C01L2,wifi_sys_disconn_act() 1002: wdev_idx=2
Tue Jan 9 16:00:47 2024 kern.notice kernel: [24816.248608] 7981@C08L3,hw_ctrl_flow_v2_disconnt_act() 172: wdev_idx=2
Tue Jan 9 16:00:47 2024 kern.warn kernel: [24816.268074] 7981@C13L2,MacTableDeleteEntry() 1793: Del Sta:d2:a6:86:2d:fa:8f
Tue Jan 9 16:00:47 2024 kern.notice kernel: [24816.275351] 7981@C08L3,ap_peer_auth_req_at_idle_action() 717: AUTH - MBSS(0), Rcv AUTH seq#1, Alg=0, Status=0 from [wcid=2]d2:a6:86:2d:fa:8f
Tue Jan 9 16:00:47 2024 kern.debug kernel: [24816.288041] entrytb_aid_aquire(): found non-occupied aid:5, allocated from:4
Tue Jan 9 16:00:47 2024 kern.warn kernel: [24816.295140] 7981@C13L2,MacTableInsertEntry() 1537: New Sta:d2:a6:86:2d:fa:8f
Tue Jan 9 16:00:47 2024 kern.notice kernel: [24816.348007] 7981@C08L3,ap_cmm_peer_assoc_req_action() 1647: Recv Assoc from STA - d2:a6:86:2d:fa:8f
Tue Jan 9 16:00:47 2024 kern.notice kernel: [24816.357304] 7981@C08L3,ap_cmm_peer_assoc_req_action() 2170: ReASSOC Send ReASSOC response (Status=0)…
Tue Jan 9 16:00:47 2024 kern.notice kernel: [24816.366864] 7981@C01L3,wifi_sys_conn_act() 1115: wdev idx = 0
Tue Jan 9 16:00:47 2024 kern.notice kernel: [24816.373385] 7981@C08L3,hw_ctrl_flow_v2_connt_act() 215: wdev_idx=0
Tue Jan 9 16:00:47 2024 kern.notice kernel: [24816.516637] 7981@C15L3,WPABuildPairMsg1() 5280: <=== send Msg1 of 4-way
Tue Jan 9 16:00:47 2024 kern.notice kernel: [24816.523378] 7981@C15L3,PeerPairMsg2Action() 6202: ===>Receive msg 2
Tue Jan 9 16:00:47 2024 kern.notice kernel: [24816.540454] 7981@C15L3,WPABuildPairMsg3() 5557: <=== send Msg3 of 4-way
Tue Jan 9 16:00:47 2024 kern.notice kernel: [24816.547279] 7981@C15L3,PeerPairMsg4Action() 6632: ===>Receive msg 4
Tue Jan 9 16:00:47 2024 kern.warn kernel: [24816.576648] 7981@C15L2,PeerPairMsg4Action() 6994: AP SETKEYS DONE(ra0) - AKMMap=WPA2PSK, PairwiseCipher=AES, GroupCipher=AES, wcid=2 from d2:a6:86:2d:fa:8f
Tue Jan 9 16:00:47 2024 kern.warn kernel: [24816.576648]
Tue Jan 9 16:00:48 2024 user.info mwan3rtmon[32035]: Detect rtchange event.
Tue Jan 9 16:00:49 2024 user.notice firewall: Reloading firewall due to ifup of wan (eth0)
Copyright © 2023 GL.iNet. All Rights Reserved

Do you use IPv6 on the router?

No, it’s not enabled.

The log actually show that the wan is disconnected and reconnected.

Not sure why wan disconnect. But can you try using repeater to connect to wifi for Internet?