OpenVPN stability problem since 2.26

Hi,

I have upgrade my AR300M with 2.26 firmware (after resetting my settings) and I have now a problem with OpenVPN. I can connect to my VPN server and after a minute the connection is dropped. I cannot connect anymore after because the session is still opened on the server and I cannot open a new session. I was not having this problem with 2.25 firmware.

Here are some logs, can you help me ?

Wed Jun 28 09:30:38 2017 daemon.notice openvpn[7230]: OpenVPN 2.4.0 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] Wed Jun 28 09:30:38 2017 daemon.notice openvpn[7230]: library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08 Wed Jun 28 09:30:39 2017 daemon.notice openvpn[7233]: TCP/UDP: Preserving recently used remote address: [AF_INET]XXX.XXX.XXX.XXX:23545 Wed Jun 28 09:30:39 2017 daemon.notice openvpn[7233]: UDP link local: (not bound) Wed Jun 28 09:30:39 2017 daemon.notice openvpn[7233]: UDP link remote: [AF_INET]XXX.XXX.XXX.XXX:23545 Wed Jun 28 09:30:39 2017 daemon.warn openvpn[7233]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Wed Jun 28 09:30:41 2017 daemon.notice openvpn[7233]: [Freebox OpenVPN server XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Peer Connection Initiated with [AF_INET]XXX.XXX.XXX.XXX:23545 Wed Jun 28 09:30:42 2017 daemon.notice netifd: Interface 'VPN_client' is enabled Wed Jun 28 09:30:42 2017 daemon.notice netifd: Network device 'tun0' link is up Wed Jun 28 09:30:42 2017 daemon.notice netifd: Interface 'VPN_client' has link connectivity Wed Jun 28 09:30:42 2017 daemon.notice netifd: Interface 'VPN_client' is setting up now Wed Jun 28 09:30:42 2017 daemon.notice openvpn[7233]: TUN/TAP device tun0 opened Wed Jun 28 09:30:42 2017 daemon.notice openvpn[7233]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0 Wed Jun 28 09:30:42 2017 daemon.notice openvpn[7233]: /usr/sbin/ip link set dev tun0 up mtu 1500 Wed Jun 28 09:30:42 2017 daemon.notice openvpn[7233]: /usr/sbin/ip addr add dev tun0 local 192.168.27.65 peer XXX.XXX.XXX.XXX Wed Jun 28 09:30:42 2017 daemon.notice netifd: Interface 'VPN_client' is now up Wed Jun 28 09:30:42 2017 daemon.notice openvpn[7233]: Initialization Sequence Completed Wed Jun 28 09:30:43 2017 user.notice firewall: Reloading firewall due to ifup of VPN_client (tun0) Wed Jun 28 09:31:44 2017 user.notice mwan3track: Interface tethering (eth2) is offline Wed Jun 28 09:31:44 2017 user.notice mwan3: ifdown interface tethering (eth2) Wed Jun 28 09:31:45 2017 daemon.err openvpn[7233]: event_wait : Interrupted system call (code=4) Wed Jun 28 09:31:45 2017 daemon.notice openvpn[7233]: /usr/sbin/ip addr del dev tun0 local 192.168.27.65 peer XXX.XXX.XXX.XXX Wed Jun 28 09:31:45 2017 daemon.notice netifd: Network device 'tun0' link is down Wed Jun 28 09:31:45 2017 daemon.notice netifd: Interface 'VPN_client' has link connectivity loss Wed Jun 28 09:31:45 2017 daemon.notice netifd: Interface 'VPN_client' is now down Wed Jun 28 09:31:45 2017 daemon.notice openvpn[7233]: SIGHUP[hard,] received, process restarting Wed Jun 28 09:31:45 2017 daemon.warn openvpn[7233]: Note: option tun-ipv6 is ignored because modern operating systems do not need special IPv6 tun handling anymore. Wed Jun 28 09:31:45 2017 daemon.notice openvpn[7233]: OpenVPN 2.4.0 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] Wed Jun 28 09:31:45 2017 daemon.notice openvpn[7233]: library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08 Wed Jun 28 09:31:45 2017 daemon.notice netifd: Interface 'VPN_client' is disabled Wed Jun 28 09:31:50 2017 daemon.notice openvpn[7233]: TCP/UDP: Preserving recently used remote address: [AF_INET]XXX.XXX.XXX.XXX:23545 Wed Jun 28 09:31:50 2017 daemon.notice openvpn[7233]: UDP link local: (not bound) Wed Jun 28 09:31:50 2017 daemon.notice openvpn[7233]: UDP link remote: [AF_INET]XXX.XXX.XXX.XXX:23545 Wed Jun 28 09:31:50 2017 user.info mwan3track: Lost 20 ping(s) on interface tethering (eth2) Wed Jun 28 09:31:51 2017 daemon.notice openvpn[7233]: [Freebox OpenVPN server XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Peer Connection Initiated with [AF_INET]XXX.XXX.XXX.XXX:23545 Wed Jun 28 09:31:52 2017 daemon.notice openvpn[7233]: AUTH: Received control message: AUTH_FAILED Wed Jun 28 09:31:52 2017 daemon.notice openvpn[7233]: SIGUSR1[soft,auth-failure] received, process restarting

In addition, I have setup a PPTP connection on the same server and everything is working, no connection drop … but I prefer to use OpenVPN

I saw this: Wed Jun 28 09:31:45 2017 daemon.err openvpn[7233]: event_wait : Interrupted system call (code=4)

Maybe this is the problem. But don’t know why.

Are you setting up your own openvpn server? We mainly tested public service providers and it works fine.

If there is anything different in v2.26, it is the openvpn version is upgraded to v 2.4.0

After upgrading from firmware 2.25 to 2.26 on my ar300m, my openvpn (vpnsecure) no longer starts. The GUI just says “not started”. “Enable” is checked and the ovpn filename is correct. If I click “Apply”, it says “please wait” for a second and then says “not started” without any explanation. I also tried do the client file “Purge” and reupload but the same result.

Though I realize I may need to downgrade firmware to 2.25 to continue using my OpenVPN client service if the problem is not fixed soon, but just FYI, OpenVPN issued an important security announcement to tell everyone to upgrade to OpenVPN 2.4.3 or 2.3.17 (both released on 6/21/2017) due to severe security issues found and fixed.

https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243

In my OVPN file, I replaced
tls-remote foobar
with
verify-x509-name foobar name
and my vpn client now connects with the 2.26 firmware.

Hi alzhao,

I’m not setting up my own server, I’m using the one set in the router provided from my Internet provider (Freebox).

Since my first post, I think I have fixed the problem :

In the openvpn file there is the option tun-ipv6 but on server side, I have desactivated the IPV6 proctocol.

It was working fine with firmware 2.25.

By removing the tun-ipv6 option (as deactivated on server side), it is working fine.

Problem fixed

Thanks for reporting this.

http://www.gl-inet.com/firmware/testing/

Please try v2.261. Upgrade openvpn to v2.243 and fix the leak problem when changing openvpn profile.

I uploaded openwrt-ar300m-nand-2.261.tar to my AR300M NAND. Before I press Upgrade, is it normal for it to say it’s an unknown version?

Version unknow

MD5 6a168ea1f3ede1e587bbb2966ac6a36c

Verification result Pass

That is OK. The version number is actually check via the info from our website. As the firmware is not published, so there is no version number displayed.

Upgraded to 2.261. So far so good. My box didn’t melt so that’s a good thing.