"Reloading firewall due to ifup of ovpnclient"

Hi all,

I’m trying to set up my Slate AX as a VPN client with IPVanish (OpenVPN) and I got it to work… a couple of times. But most of the time I’m getting this (and I can’t connect to the internet through my router):

Sat Mar 18 16:04:13 2023 daemon.info avahi-daemon[4689]: Registering new address record for 172.21.25.54 on ovpnclient.IPv4.
Sat Mar 18 16:04:13 2023 daemon.notice ovpnclient[26652]: /etc/openvpn/scripts/ovpnclient-up ovpnclient 0 ovpnclient 1500 1553 172.21.25.54 255.255.254.0 init
Sat Mar 18 16:04:13 2023 user.notice ovpnclient-up: env value:route_vpn_gateway=172.21.24.1 X509_0_emailAddress=support@ipvanish.com daemon_log_redirect=0 X509_1_emailAddress=support@ipvanish.com script_type=up proto_1=udp daemon=0 SHLVL=1 foreign_option_1=dhcp-option DNS 198.18.0.1 dev_type=tun foreign_option_2=dhcp-option DNS 198.18.0.2 remote_1=chi-a29.ipvanish.com dev=ovpnclient X509_0_CN=chi-a29.ipvanish.com X509_0_C=US remote_port_1=443 X509_1_CN=IPVanish CA X509_1_C=US ifconfig_netmask=255.255.254.0 tls_digest_sha256_0=02:90:a7:f1:27:cd:e5:42:57:06:18:22:99:dc:37:9d:b2:52:c8:69:fe:ff:d9:e4:97:8c:62:f3:2c:44:11:cf daemon_start_time=1679177050 script_context=init ifconfig_local=172.21.25.54 common_name=chi-a29.ipvanish.com tls_digest_sha256_1=2d:ce:2d:ae:29:dd:55:fe:1c:77:39:16:62:e0:85:dc:fb:5d:52:d8:39:62:4d:bf:8c:e6:5b:13:4e:c7:8e:eb X509_0_L=Winter Park verb=3 X509_1_L=Winter Park link_mtu=1553 X509_0_O=IPVanish trusted_ip=209.107.210.30 tls_serial_hex_0=01 X509_1_O=IPVanish tun_mtu=1500 tls_serial_hex_1=c6:0a:cd:24
Sat Mar 18 16:04:14 2023 daemon.notice netifd: ovpnclient (26652): udhcpc: started, v1.33.2
Sat Mar 18 16:04:14 2023 daemon.notice netifd: ovpnclient (26652): udhcpc: sending discover
Sat Mar 18 16:04:17 2023 daemon.notice netifd: ovpnclient (26652): udhcpc: no lease, failing
Sat Mar 18 16:04:17 2023 daemon.info avahi-daemon[4689]: Interface ovpnclient.IPv4 no longer relevant for mDNS.
Sat Mar 18 16:04:17 2023 daemon.info avahi-daemon[4689]: Leaving mDNS multicast group on interface ovpnclient.IPv4 with address 172.21.25.54.
Sat Mar 18 16:04:17 2023 daemon.info avahi-daemon[4689]: Withdrawing address record for 172.21.25.54 on ovpnclient.
Sat Mar 18 16:04:17 2023 daemon.info avahi-daemon[4689]: Joining mDNS multicast group on interface ovpnclient.IPv4 with address 172.21.25.54.
Sat Mar 18 16:04:17 2023 daemon.info avahi-daemon[4689]: New relevant interface ovpnclient.IPv4 for mDNS.
Sat Mar 18 16:04:17 2023 daemon.info avahi-daemon[4689]: Registering new address record for 172.21.25.54 on ovpnclient.IPv4.
Sat Mar 18 16:04:17 2023 kern.info kernel: [15763.891737] IPv6: ADDRCONF(NETDEV_UP): ovpnclient: link is not ready
Sat Mar 18 16:04:17 2023 daemon.notice netifd: Interface 'ovpnclient' is now up
Sat Mar 18 16:04:17 2023 daemon.notice netifd: Network device 'ovpnclient' link is up
Sat Mar 18 16:04:18 2023 user.notice mwan3[27466]: Execute ifup event on interface ovpnclient (ovpnclient)
Sat Mar 18 16:04:18 2023 user.notice mwan3[27466]: Starting tracker on interface ovpnclient (ovpnclient)
Sat Mar 18 16:04:20 2023 daemon.warn ovpnclient[26652]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Mar 18 16:04:20 2023 daemon.notice ovpnclient[26652]: Initialization Sequence Completed
Sat Mar 18 16:04:20 2023 user.notice firewall: Reloading firewall due to ifup of ovpnclient (ovpnclient)"

I’ve seen other threads about this but they’re without solutions.

Can you share the configuration file after the hidden key?

This is in the .ovpn file after the certificate.

verify-x509-name chi-a29.ipvanish.com name
auth-user-pass
comp-lzo
verb 5
auth SHA256
cipher AES-256-CBC
keysize 256
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-DSS-WITH-AES-256-CBC-SHA:TLS-RSA-WITH-AES-256-CBC-SHA

@luochongjun Was that what you were looking for?

Reloading firewall due to ifup of ovpnclient is a normal log.
After this log appears, can your device connect to the Internet?

I cannot. @luochongjun

Can you submit the full log of router? you can export it in SYSTEM->LOG->export

Here you go (attached ZIP) @luochongjun.

You might want to look at the last 4 mins. Prior to that I forgot what I was doing.

I start the VPN as a client for this router, blocking non-VPN traffic. Nothing goes through.

logread.zip (22.4 KB)

Yes, I get the same messages when I think the ovpnclient should be receiving push options;
Tue Apr 4 18:43:29 2023 daemon.notice netifd: ovpnclient (25517): RTNETLINK answers: No such process
Tue Apr 4 18:43:29 2023 daemon.notice netifd: ovpnclient (25517): RTNETLINK answers: No such process
Tue Apr 4 18:43:29 2023 daemon.notice netifd: ovpnclient (25517): RTNETLINK answers: No such process
Tue Apr 4 18:43:29 2023 daemon.notice netifd: ovpnclient (25517): RTNETLINK answers: No such process

The problem with not implementing push options is still in 4.2.2b3 for the MT3000 for “auto detect”. When connecting to an openvpn server that pushes to the Beryl AX a redirect-gateway instruction, so that internet traffic flows through the tunnel, the instruction is ignored and a complete leak occurs.

I noticed that tailscale is turned on in log, can you try turning it off first?

That’s odd. Tailscale was turned off. @luochongjun

Well, I have a new log. Only need to look at April 14. Nothing mentioning Tailscale. (I also turned it on then off again).

logread_2023_04_14.zip (28.6 KB)

Wait, are GL.iNet routers not compatible with IPVanish? That’s my VPN service.

I see this on this link:

Well a little update, I got the same issue with NordVPN (yup I am using Service Credentials instead of Account Credentials).

Not sure if I have a bad router? NordVPN seems much more straightforward in the Admin Panel, yet I still can’t use it.

Please refer to:

Also upgrade to version 4.2.1 release4
https://dl.gl-inet.com/?model=axt1800&type=beta

Just did it, same issues @hansome

Try to change the “Auto Detect” mode to “Global proxy”.

@hansome Still doesn’t work.

Would more verbose logs help?

Yes, please edit client ovpn file verb bigger.
From the logread_2023_04_14, the server seems to kick the client for some reason.

Sorry for the long wait. It started working after I changed to Global Proxy and changed the certificate in the .ovpn file.

But now it only works for a few hours then it loses internet connection. Then I have to power cycle the router before I can connect to internet again.