Using OpenWrt for VPN on second router: Random Connection drop

kylewess · January 29, 2022, 3:38pm

I am using a dual router setup with a primary ISP router and a secondary OpenWrt VPN router. Although the internet works well on the secondary router most of the time, the connection drops on VPN router sometimes while still active on ISP router. The configuration settings are as follows. Please let me know if I need to change anything in the configuration to fix the random internet drop of the VPN router.

I am using my ISP router with the following settings:

IP: 192.168.0.1
Subnet: 255.255.255.0
DHCP Enabled
DHCP Server Starting IP address: 192.168.0.50
IP Pool Count: 50

I added Archer C7 as second router to my primary ISP router with the following settings:
On your VPN router LAN settings please configure the following:

IP: 192.168.1.1
Subnet: 255.255.255.0
DHCP Enabled

The DHCP settings are as follows.

The WAN settings on OpenWrt are as follows.

IP: 192.168.0.2
Subnet: 255.255.255.0
Default Gateway: 192.168.0.1

Although the internet and VPN works okay on VPN router most of the time, the internet drops sometime on the VPN router. Could you please share if I have missed any configuration step?

psherman · January 29, 2022, 4:37pm

Could it be that the VPN tunnel is going down?

The details you have provided so far won't help, though -- DHCP settings are almost certainly not the issue.

The logs may have clues, and of course the rest of the configuration will be necessary.

Please copy the output of the following commands and post it here using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have:

cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

Also include, as a separate section, the output of (try to find the time that the issue occurred and give us a snippet in the time immediately before and after the issue begins):

logread

kukulo · January 30, 2022, 11:42am

Do you have also openvpn log from the client?

kylewess · January 30, 2022, 11:50am

Yes, here you go. Thank you! I noticed the loss of internet on OpenWRT connection around 8:37.

2022-01-30 08:49:42 [us8044.nordvpn.com] Inactivity timeout (--ping-restart), restarting
2022-01-30 08:49:42 SIGUSR1[soft,ping-restart] received, process restarting
2022-01-30 08:49:42 Restart pause, 5 second(s)

kukulo · January 30, 2022, 12:09pm

[us8044.nordvpn.com] Inactivity timeout (--p

here we go.

Do you have the keepalive option https://superuser.com/questions/625721/how-to-keep-alive-the-vpn-connection on the server config?

kylewess · January 30, 2022, 12:26pm

Thank you, I will try and report.

kukulo · January 30, 2022, 12:54pm

You can prevent it by pinging the openvpn server ip address from the client every 2 minutes. You can do this via cronjob on the openwrt router. This will basically do the same thing as the keepalive openvpn option.

kylewess · January 30, 2022, 7:05pm

Thank you, I added the keepalive script to NordVPN UDP config file. However, the same thing happened. Here is the log. Anything else should I try? Thank you!

2022-01-29 12:18:47 [us8044.nordvpn.com] Inactivity timeout (--ping-restart), restarting
2022-01-29 13:32:41 [us8044.nordvpn.com] Inactivity timeout (--ping-restart), restarting
2022-01-29 13:37:30 [us8044.nordvpn.com] Inactivity timeout (--ping-restart), restarting
2022-01-29 13:48:44 [us8044.nordvpn.com] Inactivity timeout (--ping-restart), restarting
2022-01-29 13:53:30 [us8044.nordvpn.com] Inactivity timeout (--ping-restart), restarting
2022-01-29 16:43:18 [us8044.nordvpn.com] Inactivity timeout (--ping-restart), restarting
2022-01-29 20:26:30 [us8044.nordvpn.com] Inactivity timeout (--ping-restart), restarting
2022-01-29 21:02:35 [us8044.nordvpn.com] Inactivity timeout (--ping-restart), restarting
2022-01-29 21:41:27 [us8044.nordvpn.com] Inactivity timeout (--ping-restart), restarting
2022-01-29 22:31:21 [us8044.nordvpn.com] Inactivity timeout (--ping-restart), restarting
2022-01-29 22:50:36 [us8044.nordvpn.com] Inactivity timeout (--ping-restart), restarting
2022-01-30 00:01:55 [us8044.nordvpn.com] Inactivity timeout (--ping-restart), restarting
2022-01-30 00:26:24 [us8044.nordvpn.com] Inactivity timeout (--ping-restart), restarting
2022-01-30 00:50:30 [us8044.nordvpn.com] Inactivity timeout (--ping-restart), restarting
2022-01-30 01:03:44 [us8044.nordvpn.com] Inactivity timeout (--ping-restart), restarting
2022-01-30 01:50:27 [us8044.nordvpn.com] Inactivity timeout (--ping-restart), restarting
2022-01-30 02:04:20 [us8044.nordvpn.com] Inactivity timeout (--ping-restart), restarting
2022-01-30 02:30:05 [us8044.nordvpn.com] Inactivity timeout (--ping-restart), restarting
2022-01-30 03:19:12 [us8044.nordvpn.com] Inactivity timeout (--ping-restart), restarting
2022-01-30 03:54:53 [us8044.nordvpn.com] Inactivity timeout (--ping-restart), restarting
2022-01-30 03:59:12 [us8044.nordvpn.com] Inactivity timeout (--ping-restart), restarting
2022-01-30 08:49:42 [us8044.nordvpn.com] Inactivity timeout (--ping-restart), restarting
2022-01-30 18:58:57 [us8044.nordvpn.com] Inactivity timeout (--ping-restart), restarting

kukulo · January 31, 2022, 8:30am

The keepalive option must be supported by server, e.g. your vpn provider, but you can have a script with pinging the openvpn server through the internal encrypted channel to keep the connection alive. I would add this script to the cronjob.

Script:

#!/bin/ash
ping -c 1 server_ip_address

cronjob:

*/2 * * * * /path/to/script.sh 1> /dev/null 2> /path/to/script.err

kylewess · February 13, 2023, 8:01am

The setup worked well until this weekend. I am facing the same challenge where the NordVPN connection on the OpenWrt router frequently drops while the ISP's connection is working well.

I did the setup again but nothing changed. Here are the last few lines of the log.

Mon Feb 13 07:46:28 2023 daemon.info hostapd: wlan0: STA d0:3c:1f:03:ba:ec IEEE                                                                              802.11: authenticated
Mon Feb 13 07:46:28 2023 daemon.info hostapd: wlan0: STA d0:3c:1f:03:ba:ec IEEE                                                                              802.11: associated (aid 1)
Mon Feb 13 07:46:28 2023 daemon.notice hostapd: wlan0: STA-OPMODE-SMPS-MODE-CHAN                                                                             GED  off
Mon Feb 13 07:46:28 2023 daemon.notice hostapd: wlan0: AP-STA-CONNECTED d0:3c:1f                                                                             :03:ba:ec
Mon Feb 13 07:46:28 2023 daemon.info hostapd: wlan0: STA d0:3c:1f:03:ba:ec WPA:                                                                              pairwise key handshake completed (RSN)
Mon Feb 13 07:46:28 2023 daemon.info dnsmasq-dhcp[2861]: DHCPREQUEST(br-lan) 192                                                                             .
Mon Feb 13 07:46:28 2023 daemon.info dnsmasq-dhcp[2861]: DHCPACK(br-lan) 192.168                                                                             
Mon Feb 13 07:46:52 2023 daemon.err uhttpd[1809]: luci: accepted login on / for                                                                              root from 192.168.1.178
Mon Feb 13 07:49:48 2023 daemon.info hostapd: wlan1: STA f8:89:d2:e7:68:f7 IEEE                                                                              802.11: authenticated
Mon Feb 13 07:49:48 2023 daemon.info hostapd: wlan1: STA f8:89:d2:e7:68:f7 IEEE                                                                              802.11: associated (aid 2)
Mon Feb 13 07:49:49 2023 daemon.notice hostapd: wlan1: AP-STA-CONNECTED f8:89:d2                                                                           
Mon Feb 13 07:49:49 2023 daemon.info hostapd: wlan1: STA f8:89:d2:e7:68:f7 WPA:                                                                              pairwise key handshake completed (RSN)
Mon Feb 13 07:49:49 2023 daemon.info dnsmasq-dhcp[2861]: DHCPREQUEST(br-lan) 192                                                                             .
Mon Feb 13 07:49:49 2023 daemon.info dnsmasq-dhcp[2861]: DHCPACK(br-lan) 192.168                                                                             
Mon Feb 13 07:49:53 2023 daemon.warn dnsmasq[2861]: Maximum number of concurrent                                                                              DNS queries reached (max: 150)
Mon Feb 13 07:49:59 2023 daemon.warn dnsmasq[2861]: Maximum number of concurrent                                                                              DNS queries reached (max: 150)
Mon Feb 13 07:50:05 2023 daemon.warn dnsmasq[2861]: Maximum number of concurrent                                                                              DNS queries reached (max: 150)
Mon Feb 13 07:50:11 2023 daemon.warn dnsmasq[2861]: Maximum number of concurrent                                                                              DNS queries reached (max: 150)
Mon Feb 13 07:50:12 2023 daemon.info hostapd: wlan0: STA 2e:0d:d0:a8:18:2c IEEE                                                                              802.11: authenticated
Mon Feb 13 07:50:12 2023 daemon.info hostapd: wlan0: STA 2e:0d:d0:a8:18:2c IEEE                                                                              802.11: associated (aid 2)
Mon Feb 13 07:50:12 2023 daemon.notice hostapd: wlan1: Prune association for 2e:                                                                             
Mon Feb 13 07:50:12 2023 daemon.notice hostapd: wlan1: AP-STA-DISCONNECTED 2e:0d                                                                            
Mon Feb 13 07:50:13 2023 daemon.notice hostapd: wlan0: AP-STA-CONNECTED 2e:0d:d0                                                                          
Mon Feb 13 07:50:13 2023 daemon.info hostapd: wlan0: STA 2e:0d:d0:a8:18:2c WPA:                                                                              pairwise key handshake completed (RSN)
Mon Feb 13 07:50:25 2023 daemon.warn dnsmasq[2861]: Maximum number of concurrent                                                                              DNS queries reached (max: 150)
Mon Feb 13 07:50:42 2023 daemon.info hostapd: wlan1: STA 2e:0d:d0:a8:18:2c IEEE                                                                              802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE)
Mon Feb 13 07:51:58 2023 authpriv.info dropbear[9468]: Child connection from 192                                                                             .168.1.103:50447
Mon Feb 13 07:52:02 2023 authpriv.notice dropbear[9468]: Password auth succeeded                                                                              for 'root' from 192.168.1.103:50447