OpenVPN Client Disconnect and Wrong Router Time

My OpenVPN client disconnects every few days or somtimes even more frequesntly with a TLS error and I notice that the router time is a few minutes behind actual time. Even if I re-select a time zone or re-sync the time to the computer via the setting in the GL–iNet web interface, the time remains off by a few minutes. It seems wrong router time is known to cause TLS errors in OpenVPN.

If I unplug and replug the router, then the client reconnects and I see that the time is exactly correct again.

Anyone know why the router would lose the correct time and what can be done to fix this? Is there a specific plug-in that keeps the router time? Is it a bug?

This is on the X750 with firmware 3.201 and while using the 4G modem as only WAN.

Can you let me know in what kind of situation it will cause time difference?

It does not have Internet and running for long time?

Basically, anytime. It can happen while I am using the internet and it suddenly stops, or also if I haven’t used the internet for a few hours or after a night and then I try.

Eveytime the internet doesn’t work I see the OpenVPN client trying to reconnect with a TLS error and I see that the clock is not exactly correct.

This is the setup:
X750, upgraded to 3.201 without keeping settings.
Uninstalled mwan3.
Enabled VPN kill switch.
Enabled VPN for router processes.
WAN internet is only via 4G SIM card.
Setup OpenVPN client.
Enterred manual DNS servers of VPN provider (not sure this is necessary)

Can it be because of a short disconnection of the 4G SIM? I see that happen on phones sometimes, where there is no signal for a few seconds and then it comes back, but I don’t notice if this is happening on the router at the same time. But should this cause the router to lose time? Can it be a DNS problem?

What can it mean that rebooting solves the problem and the OpenVPN client connects and the time is exactly correct? After reboot I can connect and disconnect and connect many times and it works without any problem, until it happens again.

Thank you.

If it lost internet it may not cause time difference. The router sync with time server of openwrt. Unless the time server is blocked or hijacked, this should not happen.

When you connect vpn, can you check if time server is still accessible?

I am not sure if this is related but I have (had) a time difference with a new Beryl (MT1300) (which stopped my Wireguard Client connecting @ start-up). Firmware: 3.203-0722 Beta 4
I synced the time with my browser but this didn’t work (see screenshots for router time and actual time) - I had to update from the time server via LUCI to fix it.

realtime

The UI only sync timezone but the time has to be obtained from the time server.

Wrong timezone will not cause connection failed. Only wrong time will do that. Asking developer to check this problem.

How do I check if time server is accessible? Is the time server setting in the luci advanced settings? I have not installed luci since the upgrade to 3.201 which does not have luci by default.

Happi, you say you “had to update from the time server via LUCI to fix it”. What exactly does that mean? Is there an update button there? Did this prevent further disconnections or do you have to do it more times? Thank you.

Here is an update and clarification:
My (new) Beryl sometimes loses track of the correct time when I turn it off - when I power on in the morning, the time zone is correct but the time is wrong (normally roughly the time and date of when I turned it off). This prevents my wireguard client from connecting.
There is no way to fix this from the GL GUI. I have to go to Luci (more settings > advanced). There I can fix if with “system > system > sync with browser”. To update from the time server, I have to find another way of getting on the internet first (phone hotspot, MiFi etc.).
I am using 3.203 Beta 4…
However, this is only a short-term “fix” as I lose the correct time when I do a cold (re)boot.
@alzhao, can you report back when your developer replies, please.

@Happi @gladly can you pls let me know which openvpn and wireguard server you are using? This will help greatly.

Using latest beta5 on Beryl.

Turn on router this morning and time is wrong.

TimeGL

Here is what the VPN looks like (no connection)

VPN

No I go to Luci, here is the time.

TimeLuci

Now I sync (with browser) the time in Luci

Time Luci Synced

Wait a few seconds and Wireguard connects.

VPN Post Sync

I hope I am not speaking too soon, but the latest official firmware for the Beryl (3.203-0809) appears to have fixed the time-sync issue - I loaded it three days ago and my Wireguard has connected automatically when I boot in the morning.

1 Like

Anyway we are still investing the time sync problems internally.

Unless your device has a hwclock, NTP does not guarantee a time sync on every reboot. I have seen this. You will need to do an automated manual sync and/or use htpdate package which is similar to browser sync when UDP is blocked. Could you also be blocked by the VPN killswitch which is default to use VPN for all processes?

Hello!
I don’t know if it helps, but I don’t have 24 hour internet like in other countries, so I managed a time server on my Windows 10 machine (NetTime, it’s free http://www.timesynctool.com/) and put it like NTP server and providing always time even if it’s wrong with internet real time, you can also do it with Windows Time but NetTime has more configurations possible …

After I go to Luci of my 3 glinet routers and go to System> Time Synchronization (3.203-701 firmware) , I check “Provide NTP server” option and put my Windows 10 IP address there. Once the routers reboot, they have no internet connection with internet OpenWRT NTP Server, so they look to the Windows 10 NTP server and sync all of them with my machine and they have same time. Hope it works for you.
Bye!

alzhao, I have tried different OpenVPN servers X750. Happi is using Wireguard on MT1300. So this seems to affect different servers/routers/protocols.

Happi, Is the router time still stable with the new firmware you installed? I don’t think they said the new firmware should fix this but maybe it changed something.

sammo, The VPN kill switch and processes settings did not cause a problem like this in previous firmware (3.104, 3.105) and I think alzhao said before that router processes still connect even without VPN for critical processes. Do you suggest that simply installing htpdate package could solve the router time problem?

If installing htpdate or other plug-in can keep the router time then maybe this is the best fix.

alzhao, Happi says maybe 3.203-809 for MT1300 fixes the router time. Can you confirm any fix there? For X750 I see the newest is 3.203-701 (release and testing is the same).

By the way, at this time when I look, the previous firmware I am using now with the router time problem (3.201-401) has been deleted from X750 release file and release notes (GL-X750 - GL.iNet Docs, https://dl.gl-inet.com/firmware/x750/release/). Is this a mistake or was there other problems with this firmware?

Anyway, I will try to update to 3.203-701 and hope it fixes the router time.

Yes, another morning, booted-up the Beryl and Wireguard connected.

Sorry I cannot confirm this now.

Happi, did you use custom DNS servers when the router was losing the correct time? How about now when the time stays correct?

I was using it and I wonder if maybe this with something in 3.201/3.203 could cause the router to not keep the correct time if it could not reach a time server or something.

I checked and it looks like there is no need to use the custom DNS option for VPN privacy. The VPN automatically uses its own DNS servers when connected from what I see.

I will try and see if this fixes the router time.

My set-up:
VPN (Wireguard), Kill-Switch, Custom DNS (TLS), Overide DNS for all clients ALL activated.

Another boot today and Wireguard connected automatically (think it’s been seven consecutive days now), so I think it’s fair to say that the time-sync issue is fixed in this build (3.203-809 for Beryl MT1300).