Mt300n-v2 failing as OpenVPN client

My little mt300n-v2 started failing as OpenVPN (SaferVPN) client without a reason. After a reboot, it may connect at times. Here is what I get:

mt300n-v2 ERROR on WebInterface:
OpenVpn is connecting …
Last log /sbin/ip route add 67.xxx.xxx.204/32 via 192.168.0.1
ERROR: Linux route add command failed: external program exited with error status: 2
/sbin/ip route add 0.0.0.0/1 via 10.8.0.1
/sbin/ip route add 128.0.0.0/1 via 10.8.0.1
Initialization Sequence Completed

or this:

OpenVpn is connecting …
Last log /sbin/ip addr add dev tun1 10.255.251.5/24 broadcast 10.255.251.255
/sbin/ip route add 104.xxx.xxx.177/32 via 192.168.0.1
/sbin/ip route add 0.0.0.0/1 via 10.255.251.1
/sbin/ip route add 128.0.0.0/1 via 10.255.251.1
Initialization Sequence Completed

and sits on this forever…

Ping:
Pinging google.com [172.217.14.78] with 32 bytes of data:
Reply from 192.168.8.1: Destination port unreachable.
Reply from 192.168.8.1: Destination port unreachable.
Reply from 192.168.8.1: Destination port unreachable.
Reply from 192.168.8.1: Destination port unreachable.

Any help, please?

Could you ssh into the router, edit /etc/init.d/startvpn, change the start openvpn line to

/usr/sbin/openvpn --config "$ovpn" --script-security 2 --route-delay 2 --route-up /usr/bin/ovpn_check_route --remap-usr1 SIGHUP --writepid /var/run/ovpn_client.pid &

The content of file /usr/bin/ovpn_check_route as follow:

root@GL-AR150:/# cat /usr/bin/ovpn_check_route
#!/bin/sh

route=""
[ -d /sys/class/net/tun0 ] && {
        route=$(cat /proc/net/route|grep tun0)
        if [ -z "$route" ];then
                logger "check route failed tun0,restart ovpn"
                /etc/init.d/startvpn restart
        fi
        env -i ACTION="ifup" INTERFACE="ovpn" DEVICE="tun0" /sbin/hotplug-call iface
}

[ -d /sys/class/net/tap0 ] && {
        route=$(cat /proc/net/route|grep tap0)
        if [ -z "$route" ];then
                logger "check route failed tap0,restart ovpn"
                /etc/init.d/startvpn restart
        fi
        env -i ACTION="ifup" INTERFACE="ovpn" DEVICE="tap0" /sbin/hotplug-call iface
}
logger "check route success"

thank you so much! Just so I do the right thing here:

  1. my entry in /etc/init.d/startvpn is:
    start(){
    /etc/init.d/openvpn disable
    enabled=$(uci get glconfig.openvpn.enable)
    [ -z “$enabled” -o “$enabled” = “0” ] && return;
    so I replace that (or just /etc/init.d/openvpn disable) with [/usr/sbin/openvpn --config “$ovpn” --script-security 2 --route-delay 2 --route-up /usr/bin/ovpn_check_route --remap-usr1 SIGHUP --writepid /var/run/ovpn_client.pid &]

  2. I create a new (as there is no such file in my GL-MT300N-V2) file in /usr/bin/ovpn_check_route with the content as per above. with chmod 755

Also, will all this stay when the new firmware comes out OR I would need to change all this again?

UPDATE:

  1. the change /etc/init.d/openvpn disable to /usr/sbin/openvpn --config “$ovpn” --script-security 2 --route-delay 2 --route-up /usr/bin/ovpn_check_route --remap-usr1 SIGHUP --writepid /var/run/ovpn_client.pid & did not make any difference - I still was not able to reliably switch between defferent VPN configs unless rebooted the router.
  2. HOWEVER, when I changed the Switch Button Configuration from OpenVPN toggle to default (i.e. no effect to anything) - I was able to switch between VPN servers reliable regardless what start openvpn line was present in /etc/init.d/startvpn (BTW: was I correct in changing the right line? which one would be the best to keep?)
  3. I keep the Switch Button Configuration to default for now, until you advise on above and what is the next steps to fix the latter.

Please, advise.

@kyson-lok This will not fix the route problem with OpenVPN because two processes are started on boot - first by initswitch then by startvpn. The first process controls the route, the second process wrote the pid file. When startvpn restart is called, it kills the 2nd processes, the first processes still has control of the route, a 2nd process is again started and it cannot set the route - leading to ‘ERROR: Linux route add command failed: external program exited with error status: 2’

Please see my posts here: VPN Instability getting old - #5 by nopro404 to resolve.

@GL-FUN Does @nopro404 solve your question?

Thanks to all, but a bit confused now…

So, @kyson-lok shall I revert back to what it was initially and just add some logic from @nopro404 at the top of the startvpn start function like

start(){
if [ “$(pgrep /usr/sbin/openvpn)” ]; then
echo OpenVPN already started… Exiting.
exit 1
fi

How shall my startvpn look eventually?

is this correct:

start(){
if [ “$(pgrep /usr/sbin/openvpn)” ]; then
echo OpenVPN already started… Exiting.
exit 1
fi
/etc/init.d/openvpn disable
# /usr/sbin/openvpn --config “$ovpn” --script-security 2 --route-delay 2 --route-up /usr/bin/ovpn_check_route --remap-usr1 SIGHUP --writepid /var/run/ovpn_client.pid &
enabled=$(uci get glconfig.openvpn.enable)
[ -z “$enabled” -o “$enabled” = “0” ] && return;

much appreciated

yes thats right. the switch should work now too.

let us know how it goes.

@nopro404 @kyson-lok yes! the switch now works, the vpn when profile changes also changes, however at times it does throw this routing error, but then it disappears and vpn starts as normal. thanks!

what would happened with this when new firmware comes along? shall we do the same changes again?

Will fix it next release. It will be a new UI next release actually.

thanks much again for your help! so love this little thing and learn plot playing with it too…