Asus DSL-AC88U VPN issues

Home Forums Wireless Routers & Modems … ASUS Asus DSL-AC88U VPN issues

Viewing 12 posts - 1 through 12 (of 12 total)
  • Author
    Posts
  • #11813
    Darren
    Participant
    • Posts 6
    • Recruit

    Hello,

    I am having some issues with my Asus router and hoping someone can help throw some light on the subject to help resolve it.

    Background – I have had my Asus modem/router for several years and had trouble free service with BT [WAN connection type PPPoE] via basic fibre VSDL2 line with NordVPN service, using there scripts [OpenVPN client].

    Issue – recently I change ISP to TalkTalk, to reduce costs, on a bandwidth limited location [limited 36Mbps] due to network infrastructure, and didn’t want to pay BT top price for this outdated system. However, with my new ISP which uses WAN connection type Automatic IP, not PPPoE my VPN keeps dropping and reconnecting every 450 seconds approx. see router general logs below. This is all happening over a 1-2 second period,

    DSL-AC88U daemon.info dhclient: DHCPREQUEST on ptm0.101 to xx.0.0.1 port 67
    DSL-AC88U daemon.info dhclient: adapter index 35
    DSL-AC88U daemon.info dhclient: adapter index 35
    DSL-AC88U daemon.info dhclient: DHCPACK from xx.0.0.1
    DSL-AC88U daemon.info dhclient: bound to xx.0.1.16 — renewal in 446 seconds.
    DSL-AC88U daemon.info dhcpd: Internet Systems Consortium DHCP Server 4.1.1-P1
    DSL-AC88U daemon.info dhcpd: Copyright 2004-2010 Internet Systems Consortium.
    DSL-AC88U daemon.info dhcpd: All rights reserved.
    DSL-AC88U daemon.info dhcpd: For info, please visit https://www.isc.org/software/dhcp/
    DSL-AC88U daemon.info dhcpd: Wrote 6 leases to leases file.
    DSL-AC88U daemon.info dhcpd: Listening on Socket/br0/192.168.1.0/24
    DSL-AC88U daemon.info dhcpd: Sending on Socket/br0/192.168.1.0/24
    DSL-AC88U user.notice VPN: OpenVPN client stop
    DSL-AC88U daemon.err openvpn[20122]: event_wait : Interrupted system call (code=4)
    DSL-AC88U daemon.notice openvpn[20122]: /usr/sbin/ip route del 185.16.207.53/32 [comment NordVPN]
    DSL-AC88U daemon.notice openvpn[20122]: /usr/sbin/ip route del 0.0.0.0/1
    DSL-AC88U daemon.notice openvpn[20122]: /usr/sbin/ip route del 128.0.0.0/1
    DSL-AC88U daemon.notice openvpn[20122]: Closing TUN/TAP interface
    DSL-AC88U daemon.notice openvpn[20122]: /usr/sbin/ip addr del dev tun11 10.7.2.2/24
    DSL-AC88U daemon.notice openvpn[20122]: /data/openvpn/client/down tun11 1500 1636 10.7.2.2 255.255.255.0 init
    DSL-AC88U daemon.notice openvpn[20122]: SIGTERM[hard,] received, process exiting
    DSL-AC88U user.notice VPN: OpenVPN client stop
    DSL-AC88U daemon.notice openvpn[26026]: OpenVPN 2.3.2 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Dec 4 2018

    Is the OpenVPN client resetting due to my ISP WAN connection type being ‘Automatic IP’, therefore do I need to find another ISP using the standard PPPoE?

    Your thoughts are most welcome.

    Thank you

    Darren

    • This topic was modified 5 months ago by Darren.
    #11815
    UK Sentinel
    Moderator
    • Posts 3395
    • Skipper

    As you are probably aware. the DSL-AC88U is no longer supported by ASUS, if you are on firmware version Version 1.10.06_Build591 try 1.10.05_Build503 as another owner had simular VPN issues with newer firmware versions.

    THE DSL-AC88U is very buggy so your options are limited, maybe try another VPN Service – just for testing purposes ?

    In a completely sane world, madness is the only freedom (J.G.Ballard).

    #11817
    Darren
    Participant
    • Posts 6
    • Recruit

    Hi,

    As suggested above, I tried the older firmware [1.10.05_Build503] with the same results, same log pattern as before showing OpenVPN being stopped after every DHCP/dhclient pole, just not sure why it could be working solid with BT [PPPoE], and now just by changing ISP and WAN connection type [Automatic IP] its all going wrong.

    As I don’t have BT anymore I can not compare what is happening above in my log is normal or new to TalkTalk ISP either.

    Thanks

    Darren

    #11818
    UK Sentinel
    Moderator
    • Posts 3395
    • Skipper

    any chance of trying a different VPN service provider, for test only ?

    or Factory reset router and see re-configure from scratch not backup.

    I will give @Andyshaw a nudge to see if he can advise ?

     

    In a completely sane world, madness is the only freedom (J.G.Ballard).

    #11820
    Darren
    Participant
    • Posts 6
    • Recruit

    Hi,

    I have already ready tried factory reset several times, tried dozens of different NordVPN servers, but again I don’t believe NordVPN have suddenly changed, only the ISP, there infrastructure and the WAN connection type has changed.

    Darren

    #11821
    UK Sentinel
    Moderator
    • Posts 3395
    • Skipper

    I am sure NordVPN have not changed how they offer there VPN Service, it is more a case of finding a VPN service provider that will work with the DSL-AC88U and Talk Talks way of DSL authentication etc.

    Hopefully @andyshaw can advise ?

    In a completely sane world, madness is the only freedom (J.G.Ballard).

    #11823
    Darren
    Participant
    • Posts 6
    • Recruit

    OK, i didn’t want to mess with my other DSL line, as you know, if its not broken leave it alone! [Yes I have 2 separate providers, Sky for SkyQ and general house WiFi and my own separate line which was BT, and is know TalkTalk as detailed above]. So I broke out the ‘Wireshark’ to get my user name/password and connected the Asus to the Sky DSL line, which incidentally after doing the auto setup is also WAN connection type Automatic IP +user/password. And guess what the same happens again, but not every 450 seconds, every 1796 seconds [30 mins], see Sky DSL log below –

    Feb 4 19:55:39 DSL-AC88U daemon.info dhclient: DHCPREQUEST on ptm0.101 to x.xxx.238.63 port 67
    Feb 4 19:55:39 DSL-AC88U daemon.info dhclient: adapter index 34
    Feb 4 19:55:39 DSL-AC88U daemon.info dhclient: adapter index 34
    Feb 4 19:55:39 DSL-AC88U daemon.info dhclient: DHCPACK from x.xxx.238.63
    Feb 4 19:55:42 DSL-AC88U daemon.info dhclient: bound to xx.xxx.117.41 — renewal in 1797 seconds.
    Feb 4 19:55:43 DSL-AC88U daemon.info dhcpd: Internet Systems Consortium DHCP Server 4.1.1-P1
    Feb 4 19:55:43 DSL-AC88U daemon.info dhcpd: Copyright 2004-2010 Internet Systems Consortium.
    Feb 4 19:55:43 DSL-AC88U daemon.info dhcpd: All rights reserved.
    Feb 4 19:55:43 DSL-AC88U daemon.info dhcpd: For info, please visit https://www.isc.org/software/dhcp/
    Feb 4 19:55:43 DSL-AC88U daemon.info dhcpd: Wrote 3 leases to leases file.
    Feb 4 19:55:43 DSL-AC88U daemon.info dhcpd: Listening on Socket/br0/192.168.1.0/24
    Feb 4 19:55:43 DSL-AC88U daemon.info dhcpd: Sending on Socket/br0/192.168.1.0/24
    Feb 4 19:55:44 DSL-AC88U user.notice VPN: OpenVPN client stop
    Feb 4 19:55:44 DSL-AC88U daemon.err openvpn[13935]: event_wait : Interrupted system call (code=4)
    Feb 4 19:55:44 DSL-AC88U daemon.notice openvpn[13935]: /usr/sbin/ip route del 185.169.255.6/32 [NordVPN server]
    Feb 4 19:55:44 DSL-AC88U daemon.notice openvpn[13935]: /usr/sbin/ip route del 0.0.0.0/1
    Feb 4 19:55:44 DSL-AC88U daemon.notice openvpn[13935]: /usr/sbin/ip route del 128.0.0.0/1
    Feb 4 19:55:44 DSL-AC88U daemon.notice openvpn[13935]: Closing TUN/TAP interface
    Feb 4 19:55:44 DSL-AC88U daemon.notice openvpn[13935]: /usr/sbin/ip addr del dev tun11 10.7.1.7/24
    Feb 4 19:55:44 DSL-AC88U daemon.notice openvpn[13935]: /data/openvpn/client/down tun11 1500 1636 10.7.1.7 255.255.255.0 init
    Feb 4 19:55:44 DSL-AC88U daemon.notice openvpn[13935]: SIGTERM[hard,] received, process exiting
    Feb 4 19:55:45 DSL-AC88U user.notice VPN: OpenVPN client stop
    Feb 4 19:55:45 DSL-AC88U daemon.notice openvpn[6811]: OpenVPN 2.3.2 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Dec 4 2018

    So from this I can only conclude they are both trying to prevent continuous VPN connections for some reason or the WAN connection method can only work in this manor preventing a continuous connection, perhaps the latter, as apposed to BT [PPPoE] which does not have this issue.

    Its beginning to suggest that my only option with these providers is to have a static IP to prevent the polling [renewal]?

    #11824
    UK Sentinel
    Moderator
    • Posts 3395
    • Skipper

    TALKTalk do not block VPN, some have found issues with MTU, try changing yours to MTU to 1492 (ADSL) or 1500 (FTTC [Fibre]) ?

    Also, whats your DNS Settings and are you using HomeSafe etc?

    Edit: I forgot to say, DSL-AC88U does not support IPv6, so make sure it is disabled on Router ?

    In a completely sane world, madness is the only freedom (J.G.Ballard).

    #11825
    Darren
    Participant
    • Posts 6
    • Recruit

    Hello,

    Yes, your correct, TalkTalk do not block VPN connections, nor does Sky, but it’s clear their WAN [Automatic IP rather than PPPoE] won’t support a continuous OpenVPN connection beyond the IP renewal period they set, 450s or 1797s [7.5 minutes or 30 minutes] respectively as shown above.

    I am no expert, but I am guessing the WAN communication type PPPoE may reset once a day [early hours, server restart, etc.], or if not on router reboots, hence I never had [or have noticed] this problem while with BT.

    For your info IPv6 is disabled.

    DNS may introduce lag/poor response time/no internet [no address translation], etc, but this is not what I am seeing or asking above, I am currently using NordVPN DNS, not the best, I know, but its stable from experience and can be counted on for working reliably with their OpenVPN service.

    Its incredibly frustrating, having changed ISP to have to change again :(.

    #11828
    UK Sentinel
    Moderator
    • Posts 3395
    • Skipper

    Does the VPN actually drop after either 7.5 minutes or 30 minutes respectively when you conducted your tests. ?

    Maybe worth picking up a second hand RT-AC68U (or better) and use the VPN that way and piggy back off the DSL-AC88U or replace DSL-AC88U as it is a security risk due to unpatched firmware .

     

    In a completely sane world, madness is the only freedom (J.G.Ballard).

    #11830
    Darren
    Participant
    • Posts 6
    • Recruit

    Hi,

    “Does the VPN actually drop after either 7.5 minutes or 30 minutes respectively when you conducted your tests. ?” – yes see the logs above for both TalkTalk and Sky DSL, the above logs repeat per the “DSL-AC88U daemon.info dhclient: bound to xx.xxx.117.41 — renewal in xxxx seconds” ISP’s setting.

     

    #11832
    UK Sentinel
    Moderator
    • Posts 3395
    • Skipper

    Hi, “Does the VPN actually drop after either 7.5 minutes or 30 minutes respectively when you conducted your tests. ?” – yes see the logs above for both TalkTalk and Sky DSL, the above logs repeat per the “DSL-AC88U daemon.info dhclient: bound to xx.xxx.117.41 — renewal in xxxx seconds” ISP’s setting.

    Sometimes logs can be misleading which is why I asked ?

    Looks like time to consider a new router or ISP

     

    In a completely sane world, madness is the only freedom (J.G.Ballard).

Viewing 12 posts - 1 through 12 (of 12 total)
  • You must be logged in to reply to this topic.
UKTechHub.com