Guest wifi with OpenVPN not working after 18.06-rc1

I have two wireless SSIDs, one routed through wan and the other (guest) routed through a VPN tunnel using the openvpn-openssl package. Everything was working fine with the 17.01.04 firmware but after I upgraded to 18.06-rc1, the vpn guest wifi is no longer working.

Checking the logs, I can see that the openvpn initialization sequence was completed and no other errors appeared in the logs. Running ifconfig tun0 also seems fine (other than no traffic):

          Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet  Mask:
          inet6 addr: fe80::2372:8072:abef:xxxx/64 Scope:Link
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:0 (0.0 B)  TX bytes:1423 (1.3 KiB)

Is there anything new I should do to make it work with the new firmware? Am I missing something?


I haven't tried the latest RC for OpenWRT, but one thing you might try is a service restart on the OpenVPN client.

/etc/init.d/openvpn restart

My thought here is that if there is an issue with the sequencing on boot, it is possible the local time has not yet sync'd with NTP when the openvpn client starts. Such time issues on startup can cause the apparent failure of the tunnel to carry any traffic.

This issue has been reported (with a few different workarounds available) for OpenVPN servers on 17.01.x (in my case, the same config worked without issue on 15.05.x, but seemingly stoped working after updating to LEDE until working around the time sync issue).

I too had a trouble to migrate my openvpn configuration from 17.01.04 to 18.06-rc1, I don't know if it can be the same.

The trouble was the deprecation by OpenVPN of the option "comp-lzo". I had to change option comp_lzo 'yes' by option compress 'lzo'

Thank you guys. I had seen and tried the comp-lzo issue and that's ruled out. Time is synced too and I also tried restarting openvpn but still no love.

I saw this issue with both my Archer C2600 and my Archer C7. With Archer C7 I managed to find an older openvpn version and it worked on the new firmware. So, it makes me wonder whether there's anything related to the new openvpn-openssl package version 2.4.5-3 that is installed by the new 18.06-rc1 firmware or some incompatibility issue.

I may have it figured out. The problem seems to be with my VPN provider. I have just tested another VPN service and it's working with the RC firmware and the new openvpn package. I just don't know why yet...


i just configured mine openvpn successfully, now i want to configure it only on one wifi and the others without vpn, similar to your Guest wifi with OpenVPN, can you describe your way to that configuration a little ?

Do i need an extra wifi interface for that with an extra firewall rule ?

thank you very much.

Hello, I have the same issue!
New version: 18; no possible to get wifi without VPN working once I activate VPN. I guess VPN gets to be a default of the router. I have created some routing rules, but so far no lack:

config rule
	option target 'ACCEPT'
	option proto 'tcp udp'
	option dest_port '53'
	option name 'Guest DNS'
	option src 'guest'

config rule
	option target 'ACCEPT'
	option proto 'udp'
	option dest_port '67-68'
	option name 'Guest DHCP'
	option src 'guest'

config rule
	option enabled '1'
	option target 'ACCEPT'
	option proto 'tcp udp'
	option dest_port '51194'
	option name 'OpenVPN'
	option src '*'