My little mt300n-v2 started failing as OpenVPN (SaferVPN) client without a reason. After a reboot, it may connect at times. Here is what I get:
mt300n-v2 ERROR on WebInterface:
OpenVpn is connecting …
Last log /sbin/ip route add 67.xxx.xxx.204/32 via 192.168.0.1
ERROR: Linux route add command failed: external program exited with error status: 2
/sbin/ip route add 0.0.0.0/1 via 10.8.0.1
/sbin/ip route add 128.0.0.0/1 via 10.8.0.1
Initialization Sequence Completed
or this:
OpenVpn is connecting …
Last log /sbin/ip addr add dev tun1 10.255.251.5/24 broadcast 10.255.251.255
/sbin/ip route add 104.xxx.xxx.177/32 via 192.168.0.1
/sbin/ip route add 0.0.0.0/1 via 10.255.251.1
/sbin/ip route add 128.0.0.0/1 via 10.255.251.1
Initialization Sequence Completed
and sits on this forever…
Ping:
Pinging google.com [172.217.14.78] with 32 bytes of data:
Reply from 192.168.8.1: Destination port unreachable.
Reply from 192.168.8.1: Destination port unreachable.
Reply from 192.168.8.1: Destination port unreachable.
Reply from 192.168.8.1: Destination port unreachable.
thank you so much! Just so I do the right thing here:
my entry in /etc/init.d/startvpn is: start(){ /etc/init.d/openvpn disable enabled=$(uci get glconfig.openvpn.enable) [ -z “$enabled” -o “$enabled” = “0” ] && return;
so I replace that (or just /etc/init.d/openvpn disable) with [/usr/sbin/openvpn --config “$ovpn” --script-security 2 --route-delay 2 --route-up /usr/bin/ovpn_check_route --remap-usr1 SIGHUP --writepid /var/run/ovpn_client.pid &]
I create a new (as there is no such file in my GL-MT300N-V2) file in /usr/bin/ovpn_check_route with the content as per above. with chmod 755
Also, will all this stay when the new firmware comes out OR I would need to change all this again?
UPDATE:
the change /etc/init.d/openvpn disable to /usr/sbin/openvpn --config “$ovpn” --script-security 2 --route-delay 2 --route-up /usr/bin/ovpn_check_route --remap-usr1 SIGHUP --writepid /var/run/ovpn_client.pid & did not make any difference - I still was not able to reliably switch between defferent VPN configs unless rebooted the router.
HOWEVER, when I changed the Switch Button Configuration from OpenVPN toggle to default (i.e. no effect to anything) - I was able to switch between VPN servers reliable regardless what start openvpn line was present in /etc/init.d/startvpn (BTW: was I correct in changing the right line? which one would be the best to keep?)
I keep the Switch Button Configuration to default for now, until you advise on above and what is the next steps to fix the latter.
@kyson-lok This will not fix the route problem with OpenVPN because two processes are started on boot - first by initswitch then by startvpn. The first process controls the route, the second process wrote the pid file. When startvpn restart is called, it kills the 2nd processes, the first processes still has control of the route, a 2nd process is again started and it cannot set the route - leading to ‘ERROR: Linux route add command failed: external program exited with error status: 2’
@nopro404@kyson-lok yes! the switch now works, the vpn when profile changes also changes, however at times it does throw this routing error, but then it disappears and vpn starts as normal. thanks!
what would happened with this when new firmware comes along? shall we do the same changes again?