Hi All,
I have made some changes to the config e.g. I changed the default network for the GL INET (GL-AR300M) router from 192.168.8.x to 10.x
The device is plugged in to the main router via Ethernet cable using the WAN port.
As long as I don’t enable the VPN the communication to the default gateway (main router) is there, I receive pings. As soon as I turn on the VPN I lose the communication with it.
Next the OpenVPN complaints that it cannot get the certificates from the web (because the Internet is down).
Please advise.
Hi
When the VPN client is enabled, all LAN traffic is routed through the VPN.
As a result, it is normal that you cannot ping the WAN’s default gateway after enabling it.
If you need to communicate with the main router and its subnet, please refer to the following guide for further configuration.
Additionally, regarding the issue where OpenVPN reports that it cannot retrieve certificates over the network, could you please clarify:
Are you referring to the OpenVPN client on the AR300M, or is OpenVPN running on a LAN device?
1 Like
Hi Will,
It’s OpenVPN. I leave it enabled for some time but it never turns green.
Wed Mar 4 07:36:40 2026 daemon.notice netifd: ovpnclient (17614): [!] Automatically including '/usr/share/nftables.d/chain-post/mangle_output/out_conn_mark_restore.nft'
Wed Mar 4 07:36:41 2026 daemon.notice netifd: Interface 'ovpnclient' is now down
Wed Mar 4 07:36:41 2026 daemon.notice netifd: Interface 'ovpnclient' is setting up now
Wed Mar 4 07:36:43 2026 daemon.warn ovpnclient[17975]: WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
Wed Mar 4 07:36:43 2026 daemon.warn ovpnclient[17975]: DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
Wed Mar 4 07:36:43 2026 daemon.warn ovpnclient[17975]: WARNING: --keysize is DEPRECATED and will be removed in OpenVPN 2.6
Wed Mar 4 07:36:43 2026 daemon.notice ovpnclient[17975]: OpenVPN 2.5.7 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Wed Mar 4 07:36:43 2026 daemon.notice ovpnclient[17975]: library versions: OpenSSL 1.1.1t 7 Feb 2023, LZO 2.10
Wed Mar 4 07:36:43 2026 daemon.warn ovpnclient[17975]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Wed Mar 4 07:36:43 2026 daemon.err ovpnclient[17975]: OpenSSL: error:02001002:system library:fopen:No such file or directory
Wed Mar 4 07:36:43 2026 daemon.err ovpnclient[17975]: OpenSSL: error:2006D080:BIO routines:BIO_new_file:no such file
Wed Mar 4 07:36:43 2026 daemon.err ovpnclient[17975]: Cannot load CA certificate file ca.ipvanish.com.crt (no entries were read)
Wed Mar 4 07:36:43 2026 daemon.notice ovpnclient[17975]: Exiting due to fatal error
Copyright © 2025 GL.iNet. All Rights Reserved
while this is going on I cannot ping the gateway but I cannot access the Internet either.
Best regards
It seems the OpenVPN issue is caused by the IPVanish certificate not being imported. Please refer to the following response to resolve it.
1 Like
thank you, it worked!
however the existing OpenVPN configuration has to be deleted as the subsequent additions do not acknowledge the certificate file.