"Reloading firewall due to ifup of ovpnclient"

butterfingers · March 18, 2023, 10:55pm

Hi all,

I’m trying to set up my Slate AX as a VPN client with IPVanish (OpenVPN) and I got it to work… a couple of times. But most of the time I’m getting this (and I can’t connect to the internet through my router):

Sat Mar 18 16:04:13 2023 daemon.info avahi-daemon[4689]: Registering new address record for 172.21.25.54 on ovpnclient.IPv4.
Sat Mar 18 16:04:13 2023 daemon.notice ovpnclient[26652]: /etc/openvpn/scripts/ovpnclient-up ovpnclient 0 ovpnclient 1500 1553 172.21.25.54 255.255.254.0 init
Sat Mar 18 16:04:13 2023 user.notice ovpnclient-up: env value:route_vpn_gateway=172.21.24.1 X509_0_emailAddress=support@ipvanish.com daemon_log_redirect=0 X509_1_emailAddress=support@ipvanish.com script_type=up proto_1=udp daemon=0 SHLVL=1 foreign_option_1=dhcp-option DNS 198.18.0.1 dev_type=tun foreign_option_2=dhcp-option DNS 198.18.0.2 remote_1=chi-a29.ipvanish.com dev=ovpnclient X509_0_CN=chi-a29.ipvanish.com X509_0_C=US remote_port_1=443 X509_1_CN=IPVanish CA X509_1_C=US ifconfig_netmask=255.255.254.0 tls_digest_sha256_0=02:90:a7:f1:27:cd:e5:42:57:06:18:22:99:dc:37:9d:b2:52:c8:69:fe:ff:d9:e4:97:8c:62:f3:2c:44:11:cf daemon_start_time=1679177050 script_context=init ifconfig_local=172.21.25.54 common_name=chi-a29.ipvanish.com tls_digest_sha256_1=2d:ce:2d:ae:29:dd:55:fe:1c:77:39:16:62:e0:85:dc:fb:5d:52:d8:39:62:4d:bf:8c:e6:5b:13:4e:c7:8e:eb X509_0_L=Winter Park verb=3 X509_1_L=Winter Park link_mtu=1553 X509_0_O=IPVanish trusted_ip=209.107.210.30 tls_serial_hex_0=01 X509_1_O=IPVanish tun_mtu=1500 tls_serial_hex_1=c6:0a:cd:24
Sat Mar 18 16:04:14 2023 daemon.notice netifd: ovpnclient (26652): udhcpc: started, v1.33.2
Sat Mar 18 16:04:14 2023 daemon.notice netifd: ovpnclient (26652): udhcpc: sending discover
Sat Mar 18 16:04:17 2023 daemon.notice netifd: ovpnclient (26652): udhcpc: no lease, failing
Sat Mar 18 16:04:17 2023 daemon.info avahi-daemon[4689]: Interface ovpnclient.IPv4 no longer relevant for mDNS.
Sat Mar 18 16:04:17 2023 daemon.info avahi-daemon[4689]: Leaving mDNS multicast group on interface ovpnclient.IPv4 with address 172.21.25.54.
Sat Mar 18 16:04:17 2023 daemon.info avahi-daemon[4689]: Withdrawing address record for 172.21.25.54 on ovpnclient.
Sat Mar 18 16:04:17 2023 daemon.info avahi-daemon[4689]: Joining mDNS multicast group on interface ovpnclient.IPv4 with address 172.21.25.54.
Sat Mar 18 16:04:17 2023 daemon.info avahi-daemon[4689]: New relevant interface ovpnclient.IPv4 for mDNS.
Sat Mar 18 16:04:17 2023 daemon.info avahi-daemon[4689]: Registering new address record for 172.21.25.54 on ovpnclient.IPv4.
Sat Mar 18 16:04:17 2023 kern.info kernel: [15763.891737] IPv6: ADDRCONF(NETDEV_UP): ovpnclient: link is not ready
Sat Mar 18 16:04:17 2023 daemon.notice netifd: Interface 'ovpnclient' is now up
Sat Mar 18 16:04:17 2023 daemon.notice netifd: Network device 'ovpnclient' link is up
Sat Mar 18 16:04:18 2023 user.notice mwan3[27466]: Execute ifup event on interface ovpnclient (ovpnclient)
Sat Mar 18 16:04:18 2023 user.notice mwan3[27466]: Starting tracker on interface ovpnclient (ovpnclient)
Sat Mar 18 16:04:20 2023 daemon.warn ovpnclient[26652]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Mar 18 16:04:20 2023 daemon.notice ovpnclient[26652]: Initialization Sequence Completed
Sat Mar 18 16:04:20 2023 user.notice firewall: Reloading firewall due to ifup of ovpnclient (ovpnclient)"

I’ve seen other threads about this but they’re without solutions.

luochongjun · March 19, 2023, 1:39am

Can you share the configuration file after the hidden key?

butterfingers · March 19, 2023, 5:22am

This is in the .ovpn file after the certificate.

verify-x509-name chi-a29.ipvanish.com name
auth-user-pass
comp-lzo
verb 5
auth SHA256
cipher AES-256-CBC
keysize 256
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-DSS-WITH-AES-256-CBC-SHA:TLS-RSA-WITH-AES-256-CBC-SHA

butterfingers · March 21, 2023, 4:29pm

@luochongjun Was that what you were looking for?

luochongjun · March 24, 2023, 10:49am

Reloading firewall due to ifup of ovpnclient is a normal log.
After this log appears, can your device connect to the Internet?

butterfingers · March 28, 2023, 5:53pm

I cannot. @luochongjun

luochongjun · March 29, 2023, 4:23am

Can you submit the full log of router? you can export it in SYSTEM->LOG->export

butterfingers · April 5, 2023, 12:51am

Here you go (attached ZIP) @luochongjun.

You might want to look at the last 4 mins. Prior to that I forgot what I was doing.

I start the VPN as a client for this router, blocking non-VPN traffic. Nothing goes through.

logread.zip (22.4 KB)

elorimer · April 5, 2023, 10:19am

Yes, I get the same messages when I think the ovpnclient should be receiving push options;
Tue Apr 4 18:43:29 2023 daemon.notice netifd: ovpnclient (25517): RTNETLINK answers: No such process
Tue Apr 4 18:43:29 2023 daemon.notice netifd: ovpnclient (25517): RTNETLINK answers: No such process
Tue Apr 4 18:43:29 2023 daemon.notice netifd: ovpnclient (25517): RTNETLINK answers: No such process
Tue Apr 4 18:43:29 2023 daemon.notice netifd: ovpnclient (25517): RTNETLINK answers: No such process

elorimer · April 7, 2023, 12:00pm

The problem with not implementing push options is still in 4.2.2b3 for the MT3000 for “auto detect”. When connecting to an openvpn server that pushes to the Beryl AX a redirect-gateway instruction, so that internet traffic flows through the tunnel, the instruction is ignored and a complete leak occurs.

luochongjun · April 10, 2023, 1:53am

I noticed that tailscale is turned on in log, can you try turning it off first?

butterfingers · April 15, 2023, 1:44am

That’s odd. Tailscale was turned off. @luochongjun

Well, I have a new log. Only need to look at April 14. Nothing mentioning Tailscale. (I also turned it on then off again).

logread_2023_04_14.zip (28.6 KB)

butterfingers · April 15, 2023, 2:29am

Wait, are GL.iNet routers not compatible with IPVanish? That’s my VPN service.

I see this on this link:

butterfingers · April 15, 2023, 4:27pm

Well a little update, I got the same issue with NordVPN (yup I am using Service Credentials instead of Account Credentials).

Not sure if I have a bad router? NordVPN seems much more straightforward in the Admin Panel, yet I still can’t use it.

hansome · April 18, 2023, 3:02am

Please refer to:

Also upgrade to version 4.2.1 release4
https://dl.gl-inet.com/?model=axt1800&type=beta

butterfingers · April 20, 2023, 4:30pm

Just did it, same issues @hansome

hansome · April 21, 2023, 1:44am

Try to change the “Auto Detect” mode to “Global proxy”.

butterfingers · April 21, 2023, 4:10am

@hansome Still doesn’t work.

Would more verbose logs help?

hansome · April 21, 2023, 8:48am

Yes, please edit client ovpn file verb bigger.
From the logread_2023_04_14, the server seems to kick the client for some reason.

butterfingers · May 9, 2023, 2:03pm

Sorry for the long wait. It started working after I changed to Global Proxy and changed the certificate in the .ovpn file.

But now it only works for a few hours then it loses internet connection. Then I have to power cycle the router before I can connect to internet again.