OpenVPN Periodic Disconnection

wifird · August 30, 2017, 9:10pm

When I connect to a NordVPN TCP profile, after a while (never more than an hour) it disconnects.

I can see in glconfig file and the GLI UI that force and enabled are still on, but that it shows status as ‘non started’.

But the log on the GLI UI shows:

/usr/sbin/ip route del 0.0.0.0/1 /usr/sbin/ip route del 128.0.0.0/1 Closing TUN/TAP interface /usr/sbin/ip addr del dev tun0 10.7.7.32/24 SIGTERM[soft,auth-failure] received, process exiting

…

I wanted to create a script that automatically hits apply - or reconnects - if the connection drops when VPN is enabled. I know I could use switch but I think auto-reconnect would be more convenient.

Is there any info on how I could go about this?

glitch · August 31, 2017, 12:57am

I’ve been having the same problem, but unlike you, my VPN stays (or appears) connected. However, I still need to login and click “apply” to fix the problem.
Have a read here : 404 Page not found - GL.iNet

skycatcher · August 31, 2017, 7:58pm

I too am suffering from this! I have upgraded to the latest firmware V2.261. Does this also happen in V 2.26 which my router was delivered with as I upgraded before setting anything up? It seems to work while someone is using it but if left idle for sometime it always needs “re-applying” to get access again.

This is a bit of a show stopper for me as I would like to use this router for my families streaming but I cant do this if I need to login to the router all the time to get the VPN to connect! MIght have to send this back if a solution is not forthcoming very soon!

glitch · September 1, 2017, 1:24am

It’s not a firmware issue, as I had it for some time.

I am getting a similar error as wifird now that I’ve had a closer look:

Thu Aug 31 17:31:17 2017 daemon.notice netifd: Network device ‘tun0’ link is down
Thu Aug 31 17:31:17 2017 daemon.notice netifd: Interface ‘VPN_client’ has link connectivity loss
Thu Aug 31 17:31:17 2017 daemon.notice netifd: Interface ‘VPN_client’ is now down
Thu Aug 31 17:31:17 2017 daemon.notice openvpn[13120]: SIGTERM[soft,auth-failure] received, process exiting
Thu Aug 31 17:31:17 2017 daemon.notice netifd: Interface ‘VPN_client’ is disabled

alzhao · September 1, 2017, 11:51am

Can you give the name of your vpn service providers? Need to test and get more info.

NordVPN

and?

glitch · September 1, 2017, 4:01pm

I have tried several (Pure, Ivacy, PIA) but would suggest starting with Nord, since several posters on this thread appear to be using that.
I am going to install the clean OpenWRT and see if I get the same problem - I will report back.

Glitch

wifird · September 1, 2017, 4:22pm

@alzhao I’d try TCP 443 servers with Nord especially as it’s particularly bad on that

skycatcher · September 1, 2017, 8:37pm

I’m using getflix VPN.

I’m gettint the same error messages as above except for this line

<span style=“color: #222222; font-family: source_sans_proregular, ‘Helvetica Neue’, Arial, Helvetica, Geneva, sans-serif; font-size: 14.6667px; background-color: #f9f9f9;”>Thu Aug 31 17:31:17 2017 daemon.notice openvpn[13120]: SIGTERM[hard] received, process exiting</span>

where it is soft above!

skycatcher · September 2, 2017, 11:49pm

My VPN provider has told me this…

Please check configuration on router and make sure that is enabled following option:
reneg-sec 0

Does anyone know where this should be put?

alzhao · September 2, 2017, 11:58pm

It should be in the ovpn file you uploaded. You can edit the file and reupload.

It will override the old file.

glitch · September 3, 2017, 12:44am

@skycatcher - which VPN provider? I had a look at the Nord files and they already have that!

budwoo · September 3, 2017, 4:07am

I can confirm the same problem with NordVPN, too: connection loss after a while (yellow warning sign in Windows). Router fw is v2.261.

The error message (router GUI) says:

/usr/sbin/ip route del 0.0.0.0/1 /usr/sbin/ip route del 128.0.0.0/1 Closing TUN/TAP interface /usr/sbin/ip addr del dev tun0 10.7.7.114/24 SIGTERM[soft,auth-failure] received, process exiting

It helps to toggle the hardware switch on the router twice (if it was set to VPN beforehand, of course). But would be a charm, if the VPN connection could be restored automatically in case of loss.

And yes, all NordVPN config files already have the reneg-sec =0 setting by default.

skycatcher · September 3, 2017, 6:19pm

yeah checked my .opvn file and it had that setting as well!

If this problem is not affecting everyone then there must be a simple solution for those who are suffering this disconnect?

Do support people at GLi read these forums?

Has Nordvpn made any comments or suggestions?

glitch · September 5, 2017, 9:14pm

I have done a lot of testing on this and have made various changes to the ovpn file. So far I only had one disconnect in 48 hours (but all the VPN servers went down then, so I assume it is safe to ignore that instance).
I am not sure whether this works or if it does, which line does the job - feel free to test yourselves and report back!

For more info on these options, read here: https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage

keepalive 10 60 # different way of doing the two lines below
#ping 15
#ping-restart 0

pull-filter ignore “auth-token” # supposed to stop disconnecting after 8 hours (PIA problem)

auth-retry interact # client will requery for an --auth-user-pass before attempting a reconnection.
auth-nocache # previously caused problems. Don’t cache -auth-user-pass username/passwords in virtual memory.

Hope this helps - you are welcome to try and test and report back.
Glitch

skycatcher · September 5, 2017, 9:59pm

OK…I’m going to systematically apply these and see what happens…thanks for investigating!

glitch · September 5, 2017, 11:53pm

Forget to mention - these changes on a UDP connection (haven’t tried TCP yet).

wifird · September 6, 2017, 7:40pm

@Glitch

Great contribution, I’m looking forward to testing these out!

Just to make sure I’m getting it right, I’m making these modifications:

Adding:

keepalive 10 60
pull-filter ignore “auth-token”
auth-retry interact

Remove:

ping 15
ping-restart 0
auth-nocache (although you said previously caused problems so should this stay?)

Thanks again

glitch · September 7, 2017, 2:13am

Hi.

Yes you are correct except with auth-nocache.

I re-added this line for security purposes, as before (with the old Openvpn?) it caused problems (mainly with PIA, IIRC). However, I don’t believe this has any effect on the current problem being discussed in this thread.

Also, I just read from another forum member that the NordVPN team advise to try: auth-retry nointeract (so worth trying this and what I am currently testing: auth-retry interact).

caste381 · September 11, 2017, 3:57pm

Hi All,

what is your feedback now regarding NordVPN? Can you manage to get a stable connection for more than a day without going back to the router GUI and finding the VPN in the “not started” state?

If so, would you mind sharing your configuration?

Many thanks!

skycatcher · September 11, 2017, 8:56pm

Hi,

Im not using NordVPN (Getflix) but using the settings offered by Glitch I now get an extended period of connection. Not a full 24 hours but most of the day it will stay up. So there maybe some more setting changes needed but its a step in the right direction…thanks to Glitch!