GL-MT3000 OpenVPN keeps disconnecting

Technical Support for Routers VPN, DNS, Leaks
1

I setup openVPN proxy connection on my GL-MT3000 , running latest firmware 4.7.0 and it keeps disconnecting.

I ran tests on my proxy from a separate computer on the same network and it works fine, my internet connection is great, but the computer connected to the GL-MT3000 is constantly being disconnected, disrupting Anydesk connection, streaming, etc.

This most noticeably manifests as internet speed tests (like Ookla) failing during the upload phase, often showing 0 Mbps upload or reporting a generic "SOCKS error". Download tests usually complete successfully. The connection loss seems random but happens frequently.

Network Setup:

  • The GL-MT3000's WAN port (eth0) is connected directly to our office's business LAN (obtaining IP via DHCP).
  • My Windows 10 Pro PC is connected via Ethernet cable to the router's LAN port (eth1).
  • An OpenVPN client connection is configured on the router.
  • All traffic from the LAN clients is routed through the OpenVPN tunnel.
  • All traffic going through the OpenVPN tunnel is then redirected through a SOCKS5 proxy configured on the router (the SOCKS5 endpoint is a mobile proxy).

Key Findings from Logs:

  1. Recurring eth0 (WAN Port) Link Instability: Kernel logs consistently show the eth0 interface going down and then back up, often with 5-10 seconds of downtime.
  • Example: mtk_soc_eth 15100000.ethernet eth0: Link is Down followed later by mtk_soc_eth 15100000.ethernet eth0: Link is Up

  1. Direct Correlation with OpenVPN Failure: System logs show OpenVPN generating write UDP: Network unreachable (code=101) errors immediately after the eth0 link goes down.

  2. OpenVPN Tunnel Instability: Separate from WAN drops, the VPN client sometimes restarts due to [server] Inactivity timeout (--ping-restart), restarting and subsequent Server poll timeout, restarting, suggesting issues within the tunnel path itself.

  3. OpenVPN PUSH Option Issues:

  • The VPN server consistently pushes dhcp-option DNS 192.0.2.x.
  • The router's OpenVPN client (v2.5.3) logs errors for pushed options it doesn't recognize: Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:2: block-outside-dns (and similar for register-dns).
  1. DNS Resolution Problems:
  • dnsmasq logs show Maximum number of concurrent DNS queries reached (max: 150).
  • dnsmasq logs show nameserver 1.1.1.1 refused to do a recursive query (likely due to office network interference or policy).
  • Nginx logs show Lua errors trying to connect to public DNS servers (connect timed out / Host is unreachable).

  1. OpenVPN Data Channel Errors: Occasional AEAD Decrypt error: cipher final failed messages appear, indicating potential data corruption over the tunnel.

  2. Router Unresponsiveness Symptoms: Nginx logs show frequent lua tcp socket read timed out errors for WebSocket connections (/ws) from the web UI, likely triggered by the network instability.

  3. Filesystem Recovery: Kernel logs show UBIFS (ubi0:2): recovery needed on boot, suggesting previous unclean shutdowns or crashes potentially caused by the instability.

2

Hello,

  1. Regarding the abnormality of eth0 network port, it may be related to the quality of the network cable or wall network port, and the 2.5G port speed negotiation compatibility. Please try to replace the network cable, or try to change the 2.5G WAN port of MT3000 to 1Gbps mode to test, SSH to router:
ethtool -s eth1 speed 1000 duplex full

If the port is running stable, it can be saved permanently:

sed -i '/exit 0/i\ethtool -s eth1 speed 1000 duplex full' /etc/rc.local

  1. Regarding the stability of OpenVPN, is it stable to run OpenVPN only if you do not use the socks5 proxy?
    We have never tested the socks5 plug-in over OpenVPN, and I don’t know if they can be used in this way.

  2. Regarding nginx, please export the log and send it to me from GL GUI -> System -> Log -> Export button, we need to check related issues in nginx.log. (BTW, you can send the whole logread.tar to us, to check the above 2 issues)

4

Hi, thanks for the reply.

Tried "ethtool -s eth0 speed 1000 duplex full" but got an error bad command line argument.

Tried: "ethtool -s eth0 speed 1000 duplex full autoneg off" and it set the speed.

I also replaced all the ethernet cables, just to be sure, but it didn't help. I still got both wan (eth0) and lan (eth1) drops.

I bought several GL-MT3000 units, and all have the same problem.

Attaching logread files from 3 devices
GL-MT3000logs.zip (199.7 KB)

5

Does the port disconnection still occur after setting eth0 (WAN) to 1G with this command?

Checked the above syslog records, it is suspected that the 2.5G port has poor compatibility, or the network port on the other end has poor contact.

Do you mind using 1G port as WAN, and 2.5G port as LAN? (i.e., two physical ports are interchangeable)

Note: the GL GUI will not display the manually changed WAN port, Multi-WAN will not recognize this port, and probably remind "No Internet Connection! Find a network to reconnect." Other functions are not affected.

  1. In GL GUI -> Network -> Network Port Management -> WAN (2.5G port), switch to it from WAN to LAN.
  2. SSH to the router, switch the LAN (1G port) from LAN to WAN:
uci add_list dhcp.wan.ra_flags='none'
uci del network.cfg030f15.ports
uci add_list network.cfg030f15.ports='eth0'
uci set network.wan.device='eth1'

uci commit
/etc/init.d/network restart
  1. Switch the network cable port, 2.5G is LAN, and 1G is WAN.