GL-AR750 - No internet after connecting to OpenVPN server

Technical Support for Routers
1

I’ve configured the GL-AR750 (f/w 3.212) as a router with the WAN connected to a wifi network and the lan broadcasting a network. Everything works fine, I can access the internet from the LAN side until I connect to a working VPN via OpenVPN. Once the OpenVPN is connected, I lose access to the internet.

I’ve tested the ovpn on a homemade raspberry pi travel router and it works perfectly.

Below are my config files. I have not manually modified these except to remove the keys/passwords after pasting into this message. They are all built/updated from the GUI menus.

root@GL-AR750:~# cat /etc/config/network

config interface ‘loopback’
option ifname ‘lo’
option proto ‘static’
option ipaddr ‘127.0.0.1’
option netmask ‘255.0.0.0’

config globals ‘globals’
option ula_prefix ‘fdbf:5c20:0043::/48’

config interface ‘lan’
option type ‘bridge’
option ifname ‘eth1.1’
option proto ‘static’
option netmask ‘255.255.255.0’
option ip6assign ‘60’
option hostname ‘GL-AR750-f3b’
option ipaddr ‘192.168.8.1’

config interface ‘wan’
option ifname ‘eth0’
option proto ‘dhcp’
option hostname ‘GL-AR750-f3b’
option ipv6 ‘0’
option metric ‘10’

config interface ‘wan6’
option ifname ‘eth0’
option proto ‘dhcpv6’
option disabled ‘1’

config switch
option name ‘switch0’
option reset ‘1’
option enable_vlan ‘1’

config switch_vlan
option device ‘switch0’
option vlan ‘1’
option ports ‘1 2 0t’

config interface ‘guest’
option ifname ‘guest’
option type ‘bridge’
option proto ‘static’
option ipaddr ‘192.168.9.1’
option netmask ‘255.255.255.0’
option ip6assign ‘60’

config interface ‘wwan’
option proto ‘dhcp’
option metric ‘20’

config interface ‘tun0’
option ifname ‘tun0’
option proto ‘none’
option auto ‘0’

root@GL-AR750:~# cat /etc/config/wireless

config wifi-device ‘radio0’
option type ‘mac80211’
option hwmode ‘11a’
option path ‘pci0000:00/0000:00:00.0’
option htmode ‘VHT80’
option txpower ‘20’
option txpower_max ‘20’
option band ‘5G’
option disabled ‘0’
option noscan ‘0’
option channel ‘157’
option org_htmode ‘VHT80’

config wifi-iface ‘default_radio0’
option device ‘radio0’
option network ‘lan’
option mode ‘ap’
option encryption ‘psk2’
option disassoc_low_ack ‘0’
option ifname ‘wlan0’
option wds ‘1’
option ssid ‘TheHomeTravel_5g’
option key ‘***’
option disabled ‘0’

config wifi-device ‘radio1’
option type ‘mac80211’
option hwmode ‘11g’
option path ‘platform/ahb/18100000.wmac’
option htmode ‘HT40’
option noscan ‘0’
option txpower ‘20’
option txpower_max ‘20’
option band ‘2G’
option disabled ‘0’
option channel ‘1’

config wifi-iface ‘default_radio1’
option device ‘radio1’
option network ‘lan’
option mode ‘ap’
option encryption ‘psk2’
option wds ‘1’
option disassoc_low_ack ‘0’
option ifname ‘wlan1’
option ssid ‘TheHomeTravel’
option key ‘****’
option disabled ‘0’

config wifi-iface ‘guest5g’
option device ‘radio0’
option network ‘guest’
option mode ‘ap’
option wds ‘1’
option ssid ‘GL-AR750-f3b-Guest-5G’
option encryption ‘psk2’
option key ‘goodlife’
option ifname ‘wlan2’
option disabled ‘1’
option guest ‘1’
option disassoc_low_ack ‘0’

config wifi-iface ‘guest2g’
option device ‘radio1’
option network ‘guest’
option mode ‘ap’
option wds ‘1’
option ssid ‘GL-AR750-f3b-Guest’
option encryption ‘psk2’
option key ‘goodlife’
option ifname ‘wlan3’
option disabled ‘1’
option guest ‘1’
option disassoc_low_ack ‘0’

config wifi-iface ‘sta’
option device ‘radio0’
option network ‘wwan’
option mode ‘sta’
option ifname ‘wlan-sta’
option ssid ‘Nonnies’
option bssid ‘70:03:7E:44:0C:4F’
option channel ‘157’
option encryption ‘psk2’
option key ‘***’
option disabled ‘0’

root@GL-AR750:~# cat /etc/config/firewall

config defaults
option input ‘ACCEPT’
option output ‘ACCEPT’
option forward ‘REJECT’
option synflood_protect ‘1’

config zone
option name ‘lan’
list network ‘lan’
option input ‘ACCEPT’
option output ‘ACCEPT’
option forward ‘ACCEPT’

config zone
option name ‘wan’
option output ‘ACCEPT’
option forward ‘REJECT’
option masq ‘1’
option mtu_fix ‘1’
option input ‘DROP’
list network ‘wan’
list network ‘wan6’
list network ‘wwan’
list network ‘tun0’

config forwarding
option src ‘lan’
option dest ‘wan’
option enabled ‘1’

config rule
option name ‘Allow-DHCP-Renew’
option src ‘wan’
option proto ‘udp’
option dest_port ‘68’
option target ‘ACCEPT’
option family ‘ipv4’

config rule
option name ‘Allow-Ping’
option src ‘wan’
option proto ‘icmp’
option icmp_type ‘echo-request’
option family ‘ipv4’
option target ‘ACCEPT’

config rule
option name ‘Allow-IGMP’
option src ‘wan’
option proto ‘igmp’
option family ‘ipv4’
option target ‘ACCEPT’

config rule
option name ‘Allow-DHCPv6’
option src ‘wan’
option proto ‘udp’
option src_ip ‘fc00::/6’
option dest_ip ‘fc00::/6’
option dest_port ‘546’
option family ‘ipv6’
option target ‘ACCEPT’

config rule
option name ‘Allow-MLD’
option src ‘wan’
option proto ‘icmp’
option src_ip ‘fe80::/10’
list icmp_type ‘130/0’
list icmp_type ‘131/0’
list icmp_type ‘132/0’
list icmp_type ‘143/0’
option family ‘ipv6’
option target ‘ACCEPT’

config rule
option name ‘Allow-ICMPv6-Input’
option src ‘wan’
option proto ‘icmp’
list icmp_type ‘echo-request’
list icmp_type ‘echo-reply’
list icmp_type ‘destination-unreachable’
list icmp_type ‘packet-too-big’
list icmp_type ‘time-exceeded’
list icmp_type ‘bad-header’
list icmp_type ‘unknown-header-type’
list icmp_type ‘router-solicitation’
list icmp_type ‘neighbour-solicitation’
list icmp_type ‘router-advertisement’
list icmp_type ‘neighbour-advertisement’
option limit ‘1000/sec’
option family ‘ipv6’
option target ‘ACCEPT’

config rule
option name ‘Allow-ICMPv6-Forward’
option src ‘wan’
option dest ‘*’
option proto ‘icmp’
list icmp_type ‘echo-request’
list icmp_type ‘echo-reply’
list icmp_type ‘destination-unreachable’
list icmp_type ‘packet-too-big’
list icmp_type ‘time-exceeded’
list icmp_type ‘bad-header’
list icmp_type ‘unknown-header-type’
option limit ‘1000/sec’
option family ‘ipv6’
option target ‘ACCEPT’

config rule
option name ‘Allow-IPSec-ESP’
option src ‘wan’
option dest ‘lan’
option proto ‘esp’
option target ‘ACCEPT’

config rule
option name ‘Allow-ISAKMP’
option src ‘wan’
option dest ‘lan’
option dest_port ‘500’
option proto ‘udp’
option target ‘ACCEPT’

config include
option path ‘/etc/firewall.user’
option reload ‘1’

config include ‘gls2s’
option type ‘script’
option path ‘/var/etc/gls2s.include’
option reload ‘1’

config include ‘glfw’
option type ‘script’
option path ‘/usr/bin/glfw.sh’
option reload ‘1’

config include ‘glqos’
option type ‘script’
option path ‘/usr/sbin/glqos.sh’
option reload ‘1’

config zone ‘guestzone’
option name ‘guestzone’
option network ‘guest’
option forward ‘REJECT’
option output ‘ACCEPT’
option input ‘REJECT’

config forwarding ‘guestzone_fwd’
option src ‘guestzone’
option dest ‘wan’
option enabled ‘1’

config rule ‘guestzone_dhcp’
option name ‘guestzone_DHCP’
option src ‘guestzone’
option target ‘ACCEPT’
option proto ‘udp’
option dest_port ‘67-68’

config rule ‘guestzone_dns’
option name ‘guestzone_DNS’
option src ‘guestzone’
option target ‘ACCEPT’
option proto ‘tcp udp’
option dest_port ‘53’

config rule ‘sambasharewan’
option src ‘wan’
option dest_port ‘137 138 139 445’
option dest_proto ‘tcpudp’
option target ‘DROP’

config rule ‘sambasharelan’
option src ‘lan’
option dest_port ‘137 138 139 445’
option dest_proto ‘tcpudp’
option target ‘ACCEPT’

root@GL-AR750:~# cat /etc/config/openvpn

config openvpn ‘custom_config’
option config ‘/etc/openvpn/my-vpn.conf’

config openvpn ‘sample_server’
option port ‘1194’
option proto ‘udp’
option dev ‘tun’
option ca ‘/etc/openvpn/ca.crt’
option cert ‘/etc/openvpn/server.crt’
option key ‘/etc/openvpn/server.key’
option dh ‘/etc/openvpn/dh2048.pem’
option server ‘10.8.0.0 255.255.255.0’
option ifconfig_pool_persist ‘/tmp/ipp.txt’
option keepalive ‘10 120’
option persist_key ‘1’
option persist_tun ‘1’
option user ‘nobody’
option status ‘/tmp/openvpn-status.log’
option verb ‘3’

config openvpn ‘sample_client’
option client ‘1’
option dev ‘tun’
option proto ‘udp’
list remote ‘my_server_1 1194’
option resolv_retry ‘infinite’
option nobind ‘1’
option persist_key ‘1’
option persist_tun ‘1’
option user ‘nobody’
option ca ‘/etc/openvpn/ca.crt’
option cert ‘/etc/openvpn/client.crt’
option key ‘/etc/openvpn/client.key’
option verb ‘3’

config openvpn ‘client1’
option config ‘/etc/openvpn/client1.ovpn’
option enabled ‘1’

ovpn (this ovpn works fine on other devices cell phone/raspberry pi openwrt router)

**Config generated by Asuswrt-Merlin 386.3, requires OpenVPN 2.4.0 or newer.

client
dev tun
proto udp
remote *** 1194
resolv-retry infinite
nobind
float
ncp-ciphers AES-128-GCM:AES-256-GCM:AES-128-CBC:AES-256-CBC
comp-lzo adaptive
keepalive 15 60
auth-user-pass
remote-cert-tls server

3

Can you also post the System Log (logread) from the router from before OpenVPN initiation to after no more Internet?

I do not work for and I do not have formal association with GL.iNet

4

wcs2228, thank you for assisting

below in log read from just before connecting and after connecting. I removed the openvpn server ip address.

VPN Disconnected - Internet working
Wed May 11 09:38:40 2022 user.info mwan3rtmon[2636]: Detect rtchange event.
Wed May 11 09:38:41 2022 user.notice firewall: Reloading firewall due to ifup of wwan (wlan-sta)
Wed May 11 10:07:50 2022 daemon.err gl_monitor[3056]: sh: 30000: unknown operand
Wed May 11 10:10:04 2022 daemon.notice wpa_supplicant[13568]: wlan-sta: CTRL-EVENT-BEACON-LOSS
Wed May 11 10:10:06 2022 daemon.notice wpa_supplicant[13568]: wlan-sta: CTRL-EVENT-BEACON-LOSS
Wed May 11 10:10:10 2022 daemon.notice wpa_supplicant[13568]: wlan-sta: CTRL-EVENT-BEACON-LOSS
Wed May 11 10:16:36 2022 daemon.notice wpa_supplicant[13568]: wlan-sta: CTRL-EVENT-BEACON-LOSS
Wed May 11 10:25:23 2022 daemon.info dnsmasq-dhcp[11378]: DHCPINFORM(br-lan) 192.168.8.163 5c:26:0a:41:d5:fb
Wed May 11 10:25:23 2022 daemon.info dnsmasq-dhcp[11378]: DHCPACK(br-lan) 192.168.8.163 5c:26:0a:41:d5:fb Win10Laptop
Wed May 11 10:25:26 2022 daemon.info dnsmasq-dhcp[11378]: DHCPINFORM(br-lan) 192.168.8.163 5c:26:0a:41:d5:fb
Wed May 11 10:25:26 2022 daemon.info dnsmasq-dhcp[11378]: DHCPACK(br-lan) 192.168.8.163 5c:26:0a:41:d5:fb Win10Laptop
Wed May 11 10:25:27 2022 daemon.info dnsmasq-dhcp[11378]: DHCPINFORM(br-lan) 192.168.8.163 5c:26:0a:41:d5:fb
Wed May 11 10:25:27 2022 daemon.info dnsmasq-dhcp[11378]: DHCPACK(br-lan) 192.168.8.163 5c:26:0a:41:d5:fb Win10Laptop
Wed May 11 10:25:28 2022 daemon.warn dnsmasq[11378]: Ignoring query from non-local network
Wed May 11 10:25:34 2022 daemon.info dnsmasq-dhcp[11378]: DHCPDISCOVER(br-lan) 192.168.8.163 5c:26:0a:41:d5:fb
Wed May 11 10:25:34 2022 daemon.info dnsmasq-dhcp[11378]: DHCPOFFER(br-lan) 192.168.8.163 5c:26:0a:41:d5:fb
Wed May 11 10:25:34 2022 daemon.info dnsmasq-dhcp[11378]: DHCPREQUEST(br-lan) 192.168.8.163 5c:26:0a:41:d5:fb
Wed May 11 10:25:34 2022 daemon.info dnsmasq-dhcp[11378]: DHCPACK(br-lan) 192.168.8.163 5c:26:0a:41:d5:fb Win10Laptop
Wed May 11 10:26:04 2022 authpriv.info dropbear[2933]: Child connection from 192.168.8.163:54077
Wed May 11 10:26:10 2022 authpriv.notice dropbear[2933]: Password auth succeeded for ‘root’ from 192.168.8.163:54077

VPN CONNECTED - Internet not working
root@GL-AR750:~# logread

Wed May 11 09:38:34 2022 daemon.info dnsmasq[11378]: using nameserver 75.75.75.75#53
Wed May 11 09:38:34 2022 daemon.info dnsmasq[11378]: using nameserver 75.75.76.76#53
Wed May 11 09:38:40 2022 user.info mwan3rtmon[2636]: Detect rtchange event.
Wed May 11 09:38:41 2022 user.notice firewall: Reloading firewall due to ifup of wwan (wlan-sta)
Wed May 11 10:07:50 2022 daemon.err gl_monitor[3056]: sh: 30000: unknown operand
Wed May 11 10:10:04 2022 daemon.notice wpa_supplicant[13568]: wlan-sta: CTRL-EVENT-BEACON-LOSS
Wed May 11 10:10:06 2022 daemon.notice wpa_supplicant[13568]: wlan-sta: CTRL-EVENT-BEACON-LOSS
Wed May 11 10:10:10 2022 daemon.notice wpa_supplicant[13568]: wlan-sta: CTRL-EVENT-BEACON-LOSS
Wed May 11 10:16:36 2022 daemon.notice wpa_supplicant[13568]: wlan-sta: CTRL-EVENT-BEACON-LOSS
Wed May 11 10:25:23 2022 daemon.info dnsmasq-dhcp[11378]: DHCPINFORM(br-lan) 192.168.8.163 5c:26:0a:41:d5:fb
Wed May 11 10:25:23 2022 daemon.info dnsmasq-dhcp[11378]: DHCPACK(br-lan) 192.168.8.163 5c:26:0a:41:d5:fb Win10Laptop
Wed May 11 10:25:26 2022 daemon.info dnsmasq-dhcp[11378]: DHCPINFORM(br-lan) 192.168.8.163 5c:26:0a:41:d5:fb
Wed May 11 10:25:26 2022 daemon.info dnsmasq-dhcp[11378]: DHCPACK(br-lan) 192.168.8.163 5c:26:0a:41:d5:fb Win10Laptop
Wed May 11 10:25:27 2022 daemon.info dnsmasq-dhcp[11378]: DHCPINFORM(br-lan) 192.168.8.163 5c:26:0a:41:d5:fb
Wed May 11 10:25:27 2022 daemon.info dnsmasq-dhcp[11378]: DHCPACK(br-lan) 192.168.8.163 5c:26:0a:41:d5:fb Win10Laptop
Wed May 11 10:25:28 2022 daemon.warn dnsmasq[11378]: Ignoring query from non-local network
Wed May 11 10:25:34 2022 daemon.info dnsmasq-dhcp[11378]: DHCPDISCOVER(br-lan) 192.168.8.163 5c:26:0a:41:d5:fb
Wed May 11 10:25:34 2022 daemon.info dnsmasq-dhcp[11378]: DHCPOFFER(br-lan) 192.168.8.163 5c:26:0a:41:d5:fb
Wed May 11 10:25:34 2022 daemon.info dnsmasq-dhcp[11378]: DHCPREQUEST(br-lan) 192.168.8.163 5c:26:0a:41:d5:fb
Wed May 11 10:25:34 2022 daemon.info dnsmasq-dhcp[11378]: DHCPACK(br-lan) 192.168.8.163 5c:26:0a:41:d5:fb Win10Laptop
Wed May 11 10:26:04 2022 authpriv.info dropbear[2933]: Child connection from 192.168.8.163:54077
Wed May 11 10:26:10 2022 authpriv.notice dropbear[2933]: Password auth succeeded for ‘root’ from 192.168.8.163:54077
Wed May 11 10:28:05 2022 user.info : 1247: gl-vpn-client>> Start, vpnpath=/etc/openvpn/ovpn0, serverfile=client1.ovpn
Wed May 11 10:28:05 2022 user.debug : ------ss-redir is not running!------
Wed May 11 10:28:05 2022 user.info : 1324: gl-vpn-client>> glconfig.openvpn.ovpn=/etc/openvpn/ovpn0/client1.ovpn, glconfig.openvpn.clientid=ovpn0
Wed May 11 10:28:07 2022 daemon.info dnsmasq[11378]: exiting on receipt of SIGTERM
Wed May 11 10:28:07 2022 user.notice dnsmasq: DNS rebinding protection is active, will discard upstream RFC1918 responses!
Wed May 11 10:28:07 2022 user.notice dnsmasq: Allowing 127.0.0.0/8 responses
Wed May 11 10:28:08 2022 daemon.info dnsmasq[5731]: started, version 2.80 cachesize 150
Wed May 11 10:28:08 2022 daemon.info dnsmasq[5731]: DNS service limited to local subnets
Wed May 11 10:28:08 2022 daemon.info dnsmasq[5731]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth nettlehash DNSSEC no-ID loop-detect inotify dumpfile
Wed May 11 10:28:08 2022 daemon.info dnsmasq-dhcp[5731]: DHCP, IP range 192.168.8.100 – 192.168.8.249, lease time 12h
Wed May 11 10:28:08 2022 daemon.info dnsmasq[5731]: using local addresses only for domain test
Wed May 11 10:28:08 2022 daemon.info dnsmasq[5731]: using local addresses only for domain onion
Wed May 11 10:28:08 2022 daemon.info dnsmasq[5731]: using local addresses only for domain localhost
Wed May 11 10:28:08 2022 daemon.info dnsmasq[5731]: using local addresses only for domain local
Wed May 11 10:28:08 2022 daemon.info dnsmasq[5731]: using local addresses only for domain invalid
Wed May 11 10:28:08 2022 daemon.info dnsmasq[5731]: using local addresses only for domain bind
Wed May 11 10:28:08 2022 daemon.info dnsmasq[5731]: using local addresses only for domain lan
Wed May 11 10:28:08 2022 daemon.info dnsmasq[5731]: reading /tmp/resolv.conf.auto
Wed May 11 10:28:08 2022 daemon.info dnsmasq[5731]: using local addresses only for domain test
Wed May 11 10:28:08 2022 daemon.info dnsmasq[5731]: using local addresses only for domain onion
Wed May 11 10:28:08 2022 daemon.info dnsmasq[5731]: using local addresses only for domain localhost
Wed May 11 10:28:08 2022 daemon.info dnsmasq[5731]: using local addresses only for domain local
Wed May 11 10:28:08 2022 daemon.info dnsmasq[5731]: using local addresses only for domain invalid
Wed May 11 10:28:08 2022 daemon.info dnsmasq[5731]: using local addresses only for domain bind
Wed May 11 10:28:08 2022 daemon.info dnsmasq[5731]: using local addresses only for domain lan
Wed May 11 10:28:08 2022 daemon.info dnsmasq[5731]: using nameserver 75.75.75.75#53
Wed May 11 10:28:08 2022 daemon.info dnsmasq[5731]: using nameserver 75.75.76.76#53
Wed May 11 10:28:08 2022 daemon.info dnsmasq[5731]: read /etc/hosts - 4 addresses
Wed May 11 10:28:08 2022 daemon.info dnsmasq[5731]: read /tmp/hosts/dhcp.cfg01411c - 2 addresses
Wed May 11 10:28:08 2022 daemon.info dnsmasq-dhcp[5731]: read /etc/ethers - 0 addresses
Wed May 11 10:28:12 2022 daemon.warn openvpn[6034]: --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add ‘–data-ciphers-fallback BF-CBC’ to your configuration and/or add BF-CBC to --data-ciphers.
Wed May 11 10:28:13 2022 daemon.notice openvpn[6034]: OpenVPN 2.5.2 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Wed May 11 10:28:13 2022 daemon.notice openvpn[6034]: library versions: OpenSSL 1.1.1k 25 Mar 2021
Wed May 11 10:28:13 2022 daemon.warn openvpn[6052]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Wed May 11 10:28:13 2022 daemon.notice openvpn[6052]: TCP/UDP: Preserving recently used remote address: [AF_INET]<removed ip address from log>:1194
Wed May 11 10:28:13 2022 daemon.notice openvpn[6052]: UDP link local: (not bound)
Wed May 11 10:28:13 2022 daemon.notice openvpn[6052]: UDP link remote: [AF_INET]<removed ip address from log>:1194
Wed May 11 10:28:13 2022 daemon.warn openvpn[6052]: WARNING: ‘link-mtu’ is used inconsistently, local=‘link-mtu 1542’, remote=‘link-mtu 1541’
Wed May 11 10:28:13 2022 daemon.warn openvpn[6052]: WARNING: ‘comp-lzo’ is present in local config but missing in remote config, local=‘comp-lzo’
Wed May 11 10:28:13 2022 daemon.notice openvpn[6052]: [RT-AC68U] Peer Connection Initiated with [AF_INET]<removed ip address from log>:1194
Wed May 11 10:28:13 2022 daemon.notice openvpn[6052]: TUN/TAP device tun0 opened
Wed May 11 10:28:13 2022 daemon.notice openvpn[6052]: /sbin/ip link set dev tun0 up mtu 1500
Wed May 11 10:28:13 2022 daemon.notice netifd: Network device ‘tun0’ link is up
Wed May 11 10:28:13 2022 daemon.notice netifd: Interface ‘tun0’ has link connectivity
Wed May 11 10:28:13 2022 daemon.notice openvpn[6052]: /sbin/ip link set dev tun0 up
Wed May 11 10:28:13 2022 daemon.notice openvpn[6052]: /sbin/ip addr add dev tun0 10.8.0.2/24
Wed May 11 10:28:13 2022 daemon.notice openvpn[6052]: /etc/openvpn/update-resolv-conf tun0 1500 1553 10.8.0.2 255.255.255.0 init
Wed May 11 10:28:14 2022 daemon.info dnsmasq[5731]: exiting on receipt of SIGTERM
Wed May 11 10:28:15 2022 user.notice dnsmasq: DNS rebinding protection is active, will discard upstream RFC1918 responses!
Wed May 11 10:28:15 2022 user.notice dnsmasq: Allowing 127.0.0.0/8 responses
Wed May 11 10:28:15 2022 daemon.info dnsmasq[6295]: started, version 2.80 cachesize 150
Wed May 11 10:28:15 2022 daemon.info dnsmasq[6295]: DNS service limited to local subnets
Wed May 11 10:28:15 2022 daemon.info dnsmasq[6295]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth nettlehash DNSSEC no-ID loop-detect inotify dumpfile
Wed May 11 10:28:15 2022 daemon.info dnsmasq-dhcp[6295]: DHCP, IP range 192.168.8.100 – 192.168.8.249, lease time 12h
Wed May 11 10:28:15 2022 daemon.info dnsmasq[6295]: using local addresses only for domain test
Wed May 11 10:28:15 2022 daemon.info dnsmasq[6295]: using local addresses only for domain onion
Wed May 11 10:28:15 2022 daemon.info dnsmasq[6295]: using local addresses only for domain localhost
Wed May 11 10:28:15 2022 daemon.info dnsmasq[6295]: using local addresses only for domain local
Wed May 11 10:28:15 2022 daemon.info dnsmasq[6295]: using local addresses only for domain invalid
Wed May 11 10:28:15 2022 daemon.info dnsmasq[6295]: using local addresses only for domain bind
Wed May 11 10:28:15 2022 daemon.info dnsmasq[6295]: using local addresses only for domain lan
Wed May 11 10:28:15 2022 daemon.info dnsmasq[6295]: reading /tmp/resolv.conf.vpn
Wed May 11 10:28:15 2022 daemon.info dnsmasq[6295]: using local addresses only for domain test
Wed May 11 10:28:15 2022 daemon.info dnsmasq[6295]: using local addresses only for domain onion
Wed May 11 10:28:15 2022 daemon.info dnsmasq[6295]: using local addresses only for domain localhost
Wed May 11 10:28:15 2022 daemon.info dnsmasq[6295]: using local addresses only for domain local
Wed May 11 10:28:15 2022 daemon.info dnsmasq[6295]: using local addresses only for domain invalid
Wed May 11 10:28:15 2022 daemon.info dnsmasq[6295]: using local addresses only for domain bind
Wed May 11 10:28:15 2022 daemon.info dnsmasq[6295]: using local addresses only for domain lan
Wed May 11 10:28:15 2022 daemon.info dnsmasq[6295]: using nameserver 192.168.1.5#53
Wed May 11 10:28:15 2022 daemon.info dnsmasq[6295]: using nameserver 192.168.1.1#53
Wed May 11 10:28:15 2022 daemon.info dnsmasq[6295]: using nameserver 192.168.1.1#53
Wed May 11 10:28:15 2022 daemon.info dnsmasq[6295]: read /etc/hosts - 4 addresses
Wed May 11 10:28:15 2022 daemon.info dnsmasq[6295]: read /tmp/hosts/dhcp.cfg01411c - 2 addresses
Wed May 11 10:28:15 2022 daemon.info dnsmasq-dhcp[6295]: read /etc/ethers - 0 addresses
Wed May 11 10:28:17 2022 user.info mwan3rtmon[2636]: Detect rtchange event.
Wed May 11 10:28:18 2022 user.notice firewall: Reloading firewall due to ifup of ovpn (tun0)
Wed May 11 10:28:21 2022 user.notice root: check route success
Wed May 11 10:28:21 2022 daemon.warn openvpn[6052]: WARNING: this configuration may cache passwords in memory – use the auth-nocache option to prevent this
Wed May 11 10:28:21 2022 daemon.notice openvpn[6052]: Initialization Sequence Completed

5

There are no errors in the System Log. See if you can access the https://1.1.1.1/ webpage in a browser when connected to OpenVPN to see if there is a DNS problem.

I do not work for and I do not have formal association with GL.iNet

6

I’m unable to get to http://1.1.1.1 when OpenVPN is connected.

7

Did you try https, not http?
Are you able to ping your OpenWRT server (Asus router)?

I do not work for and I do not have formal association with GL.iNet

8

Maybe it is just DNS.

Does your vpn server push DNS to the client? Seems it pushes 192.168.1.1.

Can you set up custom DNS to public ones e.g. 1.1.1.1 or 8.8.8.8 or you need to use DNS from vpn server?

9

If it was DNS, I should be able to get to https: //1.1.1.1 .
Both https:// 1.1.1.1 and http:// 1.1.1.1 are not reachable with OpenVPN connected.

10

were you able to resolve this? thanks!
I’m having the same issue with wireguard