GL-MT300N-V2 v.3.011 OpenVPN - #2

I did some OpenVPN tests to ensure it works for me when on the road. I noticed, that when I change the connection to a different server, even though it says VPN is up, the browser gives an error:

This site can’t be reached whatismyipaddress.com refused to connect. Try:
Checking the connection
Checking the proxy and the firewall
ERR_CONNECTION_REFUSED

Sometimes OpenVPN re-connect fixes the problem, more often it requires the router reboot to fix it.

Any thoughts on how we can prevail?

========this is what i see via webUI========
sbin/route add -net 0.0.0.0 netmask 0.0.0.0 gw 192.168.1.1
Closing TUN/TAP interface
/sbin/ifconfig tun0 0.0.0.0
/etc/openvpn/update-resolv-conf tun0 1500 1585 10.255.251.2 255.255.255.0 init
SIGTERM[soft,exit-with-notification] received, process exiting

Could not determine IPv4/IPv6 protocol
SIGHUP[soft,init_instance] received, process restarting
OpenVPN 2.4.5 mipsel-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
library versions: OpenSSL 1.0.2o 27 Mar 2018, LZO 2.10
Restart pause, 5 second(s)

OpenVPN 2.4.5 mipsel-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
library versions: OpenSSL 1.0.2o 27 Mar 2018, LZO 2.10
Restart pause, 5 second(s)
NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
RESOLVE: Cannot resolve host address: uk2.safervpn.net:1194 (Try again)

SIGHUP[soft,init_instance] received, process restarting
OpenVPN 2.4.5 mipsel-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
library versions: OpenSSL 1.0.2o 27 Mar 2018, LZO 2.10
Restart pause, 5 second(s)
NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
VERIFY EKU OK
VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=SaferVPN, OU=SaferVPN, CN=SaferVPN, name=SaferVPN, emailAddress=support@safervpn.com
Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
[SaferVPN] Peer Connection Initiated with [AF_INET]94.177.255.67:1194

TUN/TAP device tun0 opened
TUN/TAP TX queue length set to 100
do_ifconfig, tt->did_ifconfig_ipv6_setup=0
/sbin/ifconfig tun0 10.255.251.4 netmask 255.255.255.0 mtu 1500 broadcast 10.255.251.255
/etc/openvpn/update-resolv-conf tun0 1500 1585 10.255.251.4 255.255.255.0 init

Seems the router cannot resolve this url. Had you tried DNS over TLS?

@kyson-lok - I have not tried DNS over TLS, however, I tried to resolve the failing hosts at the time of VPN failure by other means and had no problems to do so. I use 8.8.8.8 and 9.9.9.9.

please, advise

If you change url to IP, does it work?

@kyson-lok If I change url to IP it does work

Sounds like DNS issue and/or a problem with your ovpn file - I’d advise contacting safervpn support for help.

@glitch - I have contacted, however at the same time, is it possible the router during the VPN profile change or VPN off/on does not execute what is necessary to establish the channel? How can we troubleshoot this to exclude a possibility or pin-point the bug?

Not sure what caused it. If you want to find the root cause, you might need to send the ovpn configuration file to us to debug it.

@kyson-lok - these are the config files https://support.safervpn.com/hc/en-us/articles/214036025-What-are-SaferVPN-s-OpenVPN-configuration-ovpn-files-for-manual-setup- I use UDP. they have free 30 days trial, so you can use it to troubleshoot.

my setup is:

1. access to the internet via wifi + button controls the VPN + DNS 9.9.9.9/8.8.8.8
2. choose desired vpn profile
3. once the profile changed either via web interface or via the button (on/off) more often than not VPN reconnect fails
4. after reboot it works fine again

Thanks!!