› UKTH forums › 🛜 Wireless Routers & Modems › 🗨 ASUS & Wireless › Asus DSL-AC88U VPN issues
- This topic has 11 replies, 2 voices, and was last updated 4 years, 2 months ago by
UK Sentinel.
-
AuthorPosts
-
February 4, 2021 at 9:55 am #11813
Hello,
I am having some issues with my Asus router and hoping someone can help throw some light on the subject to help resolve it.
Background – I have had my Asus modem/router for several years and had trouble free service with BT [WAN connection type PPPoE] via basic fibre VSDL2 line with NordVPN service, using there scripts [OpenVPN client].
Issue – recently I change ISP to TalkTalk, to reduce costs, on a bandwidth limited location [limited 36Mbps] due to network infrastructure, and didn’t want to pay BT top price for this outdated system. However, with my new ISP which uses WAN connection type Automatic IP, not PPPoE my VPN keeps dropping and reconnecting every 450 seconds approx. see router general logs below. This is all happening over a 1-2 second period,
DSL-AC88U daemon.info dhclient: DHCPREQUEST on ptm0.101 to xx.0.0.1 port 67
DSL-AC88U daemon.info dhclient: adapter index 35
DSL-AC88U daemon.info dhclient: adapter index 35
DSL-AC88U daemon.info dhclient: DHCPACK from xx.0.0.1
DSL-AC88U daemon.info dhclient: bound to xx.0.1.16 — renewal in 446 seconds.
DSL-AC88U daemon.info dhcpd: Internet Systems Consortium DHCP Server 4.1.1-P1
DSL-AC88U daemon.info dhcpd: Copyright 2004-2010 Internet Systems Consortium.
DSL-AC88U daemon.info dhcpd: All rights reserved.
DSL-AC88U daemon.info dhcpd: For info, please visit https://www.isc.org/software/dhcp/
DSL-AC88U daemon.info dhcpd: Wrote 6 leases to leases file.
DSL-AC88U daemon.info dhcpd: Listening on Socket/br0/192.168.1.0/24
DSL-AC88U daemon.info dhcpd: Sending on Socket/br0/192.168.1.0/24
DSL-AC88U user.notice VPN: OpenVPN client stop
DSL-AC88U daemon.err openvpn[20122]: event_wait : Interrupted system call (code=4)
DSL-AC88U daemon.notice openvpn[20122]: /usr/sbin/ip route del 185.16.207.53/32 [comment NordVPN]
DSL-AC88U daemon.notice openvpn[20122]: /usr/sbin/ip route del 0.0.0.0/1
DSL-AC88U daemon.notice openvpn[20122]: /usr/sbin/ip route del 128.0.0.0/1
DSL-AC88U daemon.notice openvpn[20122]: Closing TUN/TAP interface
DSL-AC88U daemon.notice openvpn[20122]: /usr/sbin/ip addr del dev tun11 10.7.2.2/24
DSL-AC88U daemon.notice openvpn[20122]: /data/openvpn/client/down tun11 1500 1636 10.7.2.2 255.255.255.0 init
DSL-AC88U daemon.notice openvpn[20122]: SIGTERM[hard,] received, process exiting
DSL-AC88U user.notice VPN: OpenVPN client stop
DSL-AC88U daemon.notice openvpn[26026]: OpenVPN 2.3.2 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Dec 4 2018Is the OpenVPN client resetting due to my ISP WAN connection type being ‘Automatic IP’, therefore do I need to find another ISP using the standard PPPoE?
Your thoughts are most welcome.
Thank you
Darren
You need to login in order to vote
February 4, 2021 at 10:57 am #11815As you are probably aware. the DSL-AC88U is no longer supported by ASUS, if you are on firmware version Version 1.10.06_Build591 try 1.10.05_Build503 as another owner had simular VPN issues with newer firmware versions.
THE DSL-AC88U is very buggy so your options are limited, maybe try another VPN Service – just for testing purposes ?
In a completely sane world, madness is the only freedom (J.G.Ballard).
You need to login in order to vote
February 4, 2021 at 2:31 pm #11817Hi,
As suggested above, I tried the older firmware [1.10.05_Build503] with the same results, same log pattern as before showing OpenVPN being stopped after every DHCP/dhclient pole, just not sure why it could be working solid with BT [PPPoE], and now just by changing ISP and WAN connection type [Automatic IP] its all going wrong.
As I don’t have BT anymore I can not compare what is happening above in my log is normal or new to TalkTalk ISP either.
Thanks
Darren
You need to login in order to vote
February 4, 2021 at 2:52 pm #11818any chance of trying a different VPN service provider, for test only ?
or Factory reset router and see re-configure from scratch not backup.
I will give @Andyshaw a nudge to see if he can advise ?
In a completely sane world, madness is the only freedom (J.G.Ballard).
You need to login in order to vote
February 4, 2021 at 3:55 pm #11820Hi,
I have already ready tried factory reset several times, tried dozens of different NordVPN servers, but again I don’t believe NordVPN have suddenly changed, only the ISP, there infrastructure and the WAN connection type has changed.
Darren
You need to login in order to vote
February 4, 2021 at 4:15 pm #11821I am sure NordVPN have not changed how they offer there VPN Service, it is more a case of finding a VPN service provider that will work with the DSL-AC88U and Talk Talks way of DSL authentication etc.
Hopefully @andyshaw can advise ?
In a completely sane world, madness is the only freedom (J.G.Ballard).
You need to login in order to vote
February 4, 2021 at 8:53 pm #11823OK, i didn’t want to mess with my other DSL line, as you know, if its not broken leave it alone! [Yes I have 2 separate providers, Sky for SkyQ and general house WiFi and my own separate line which was BT, and is know TalkTalk as detailed above]. So I broke out the ‘Wireshark’ to get my user name/password and connected the Asus to the Sky DSL line, which incidentally after doing the auto setup is also WAN connection type Automatic IP +user/password. And guess what the same happens again, but not every 450 seconds, every 1796 seconds [30 mins], see Sky DSL log below –
Feb 4 19:55:39 DSL-AC88U daemon.info dhclient: DHCPREQUEST on ptm0.101 to x.xxx.238.63 port 67
Feb 4 19:55:39 DSL-AC88U daemon.info dhclient: adapter index 34
Feb 4 19:55:39 DSL-AC88U daemon.info dhclient: adapter index 34
Feb 4 19:55:39 DSL-AC88U daemon.info dhclient: DHCPACK from x.xxx.238.63
Feb 4 19:55:42 DSL-AC88U daemon.info dhclient: bound to xx.xxx.117.41 — renewal in 1797 seconds.
Feb 4 19:55:43 DSL-AC88U daemon.info dhcpd: Internet Systems Consortium DHCP Server 4.1.1-P1
Feb 4 19:55:43 DSL-AC88U daemon.info dhcpd: Copyright 2004-2010 Internet Systems Consortium.
Feb 4 19:55:43 DSL-AC88U daemon.info dhcpd: All rights reserved.
Feb 4 19:55:43 DSL-AC88U daemon.info dhcpd: For info, please visit https://www.isc.org/software/dhcp/
Feb 4 19:55:43 DSL-AC88U daemon.info dhcpd: Wrote 3 leases to leases file.
Feb 4 19:55:43 DSL-AC88U daemon.info dhcpd: Listening on Socket/br0/192.168.1.0/24
Feb 4 19:55:43 DSL-AC88U daemon.info dhcpd: Sending on Socket/br0/192.168.1.0/24
Feb 4 19:55:44 DSL-AC88U user.notice VPN: OpenVPN client stop
Feb 4 19:55:44 DSL-AC88U daemon.err openvpn[13935]: event_wait : Interrupted system call (code=4)
Feb 4 19:55:44 DSL-AC88U daemon.notice openvpn[13935]: /usr/sbin/ip route del 185.169.255.6/32 [NordVPN server]
Feb 4 19:55:44 DSL-AC88U daemon.notice openvpn[13935]: /usr/sbin/ip route del 0.0.0.0/1
Feb 4 19:55:44 DSL-AC88U daemon.notice openvpn[13935]: /usr/sbin/ip route del 128.0.0.0/1
Feb 4 19:55:44 DSL-AC88U daemon.notice openvpn[13935]: Closing TUN/TAP interface
Feb 4 19:55:44 DSL-AC88U daemon.notice openvpn[13935]: /usr/sbin/ip addr del dev tun11 10.7.1.7/24
Feb 4 19:55:44 DSL-AC88U daemon.notice openvpn[13935]: /data/openvpn/client/down tun11 1500 1636 10.7.1.7 255.255.255.0 init
Feb 4 19:55:44 DSL-AC88U daemon.notice openvpn[13935]: SIGTERM[hard,] received, process exiting
Feb 4 19:55:45 DSL-AC88U user.notice VPN: OpenVPN client stop
Feb 4 19:55:45 DSL-AC88U daemon.notice openvpn[6811]: OpenVPN 2.3.2 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Dec 4 2018So from this I can only conclude they are both trying to prevent continuous VPN connections for some reason or the WAN connection method can only work in this manor preventing a continuous connection, perhaps the latter, as apposed to BT [PPPoE] which does not have this issue.
Its beginning to suggest that my only option with these providers is to have a static IP to prevent the polling [renewal]?
You need to login in order to vote
February 4, 2021 at 9:24 pm #11824TALKTalk do not block VPN, some have found issues with MTU, try changing yours to MTU to 1492 (ADSL) or 1500 (FTTC [Fibre]) ?
Also, whats your DNS Settings and are you using HomeSafe etc?
Edit: I forgot to say, DSL-AC88U does not support IPv6, so make sure it is disabled on Router ?
In a completely sane world, madness is the only freedom (J.G.Ballard).
You need to login in order to vote
February 4, 2021 at 10:53 pm #11825Hello,
Yes, your correct, TalkTalk do not block VPN connections, nor does Sky, but it’s clear their WAN [Automatic IP rather than PPPoE] won’t support a continuous OpenVPN connection beyond the IP renewal period they set, 450s or 1797s [7.5 minutes or 30 minutes] respectively as shown above.
I am no expert, but I am guessing the WAN communication type PPPoE may reset once a day [early hours, server restart, etc.], or if not on router reboots, hence I never had [or have noticed] this problem while with BT.
For your info IPv6 is disabled.
DNS may introduce lag/poor response time/no internet [no address translation], etc, but this is not what I am seeing or asking above, I am currently using NordVPN DNS, not the best, I know, but its stable from experience and can be counted on for working reliably with their OpenVPN service.
Its incredibly frustrating, having changed ISP to have to change again :(.
You need to login in order to vote
February 5, 2021 at 8:25 am #11828Does the VPN actually drop after either 7.5 minutes or 30 minutes respectively when you conducted your tests. ?
Maybe worth picking up a second hand RT-AC68U (or better) and use the VPN that way and piggy back off the DSL-AC88U or replace DSL-AC88U as it is a security risk due to unpatched firmware .
In a completely sane world, madness is the only freedom (J.G.Ballard).
You need to login in order to vote
February 5, 2021 at 9:57 am #11830Hi,
“Does the VPN actually drop after either 7.5 minutes or 30 minutes respectively when you conducted your tests. ?” – yes see the logs above for both TalkTalk and Sky DSL, the above logs repeat per the “DSL-AC88U daemon.info dhclient: bound to xx.xxx.117.41 — renewal in xxxx seconds” ISP’s setting.
You need to login in order to vote
February 5, 2021 at 11:36 am #11832Hi, “Does the VPN actually drop after either 7.5 minutes or 30 minutes respectively when you conducted your tests. ?” – yes see the logs above for both TalkTalk and Sky DSL, the above logs repeat per the “DSL-AC88U daemon.info dhclient: bound to xx.xxx.117.41 — renewal in xxxx seconds” ISP’s setting.
Sometimes logs can be misleading which is why I asked ?
Looks like time to consider a new router or ISP
In a completely sane world, madness is the only freedom (J.G.Ballard).
You need to login in order to vote
-
AuthorPosts
- You must be logged in to reply to this topic.