The first option was supposed to be a workaround for older OpenVPN clients that can't handle the PIA re-authentication requests when the connection has been idle for a while. If you google for it, one of the first results would be something PIA related.
ping is supposed to help keep both your and the server's end busy, to prevent any idle timers from kicking in.
and ping-restart can be useful if you know that your internet connection goes away regularly but you also know that the automatic reconnection will finish in let's say 20 seconds, this would tell openvpn to try reconnecting sooner than with the default setting.
Well anyways, that's my understading and it works very well for me, but my VPN machine is a regular x86 machine, so there's probably something else going on.
when PIA is connected are you routing absolutely everything through the VPN connection?
Can you share your OpenVPN client config?
Is your DD-WRT config basic or heavily modified?
Have you added any custom firewall rules?
Have you configured a specific NTP server or are you using the defaults
Can you reach your designated NTP server when connected to PIA?
Can your router do DNS lookups when connected to PIA?
(ssh into the router and try to "ping" and outside domain, something that you know wasn't cached before you connected
"nslookup" is also good)
The first option was supposed to be a workaround for older OpenVPN clients that can't handle the PIA re-authentication requests when the connection has been idle for a while. If you google for it, one of the first results would be something PIA related.
ping is supposed to help keep both your and the server's end busy, to prevent any idle timers from kicking in.
and ping-restart can be useful if you know that your internet connection goes away regularly but you also know that the automatic reconnection will finish in let's say 20 seconds, this would tell openvpn to try reconnecting sooner than with the default setting.
Well anyways, that's my understading and it works very well for me, but my VPN machine is a regular x86 machine, so there's probably something else going on.
when PIA is connected are you routing absolutely everything through the VPN connection?
Can you share your OpenVPN client config?
Is your DD-WRT config basic or heavily modified?
Have you added any custom firewall rules?
Have you configured a specific NTP server or are you using the defaults
Can you reach your designated NTP server when connected to PIA?
Can your router do DNS lookups when connected to PIA?
(ssh into the router and try to "ping" and outside domain, something that you know wasn't cached before you connected
"nslookup" is also good)
Hi roizby,
sorry for this late reply. I got busy with other things... nevertheless, this VPN is still an issue.
Let me answer your questions:
I dont think that my disconnection is a idle issue as that happen exactely 1h to the connection and while I am having activities that includes constant connections to the internet. Therefore, no idle time at all. Client and server are busy during the hour of live VPN.
Q. when PIA is connected are you routing absolutely everything through the VPN connection? A. Yes. the VPN is set at router level and any device uses that router for any communication.
persist-key
persist-tun
tls-client
remote-cert-tls server
Q. Is your DD-WRT config basic or heavily modified? A. After so mant troubles, I have remade my config step by step checking the connection at every stap with same results. My final config uses SAMBA, static leases, DNSmasq with some additional options. I believe this is all.
My NVRAM 30 KB / 128 KB .. seems not so busy!
the JFFS2 32.00 KB / 23.96 MB also quite ok.
Q. Have you added any custom firewall rules?
A. No
Q. Have you configured a specific NTP server or are you using the defaults A. Configured and tested several different NTP servers based in Europe and also not in Europe
Q. Can you reach your designated NTP server when connected to PIA? A. Yes
Q. Can your router do DNS lookups when connected to PIA? A. Yes. I actually did that a lot to check the disconnections (sort of double check to make sure it was not my devices)
I do have 2 more tests to go:
1) try a different VPN provider and see if is provider dependent issue
2) taking my router to a friend and test if is not ISP related issue (this would be really strange .. but why not testing it).
no problem. I understand. I spent many hours/days trying to solve the issue.
I believe is quite a difficult resolution.
No one I interacted with (forum and PIA support) could find the problem and/or solve it.
One thing I figure just today.
My VPN cut off my connection as expected exactely 1h after starting it.
I was busy and could not take care of it and I did not rebooted.
By my surprise, suddenly my router was up and running again AND with VPN on!!
I think is about 1h after disconnection.
As i disabled the watch dog, the router did not reboot.
Now I am going to speculate a bit:
I think, every 1h hour, the VPN disconnects, cut off all connections (of course) and 1h after it, it re-establish connection too the Server!
Some sort of 1h loop that disconnect, does not allows re-connection till 1h later!
I cant be sure 100% now as I would have to wait 2 more hours to find that out.
But doing an educated guess since I noticed the internet disconnection 1h later the vpn was started, and the time I noticed it was up again... seems like that.. 1h loop!
One more extra info:
I purchased 1 month of an other VPN provider IPVanish.
I have the same results; 1h and dead in the water.
Next and last test will be testing an other ISP.
If that fails , obviously is DD-WRT issue. If not.. ISP issue.
We are getting very close to determine the weakest link. Than we can work on a finding the appropriate response to the problem!
I hope all this can help others with same issue.
bye
Posted: Tue Jul 02, 2019 8:42 Post subject: final Test - SOLVED
Greetings,
As it seems impossible to have a stable openvpn client with DD-WRT, I had the chance to make extra tests with different machines.
Test 1)
I have borrowed a pfsense box and configured for openvpn with PIA. I had a stable connections for days. Never an interruption or anything that give signs of issues.
Configuration: rj45 cable from the fiber optic modem to pfsense box (private ip straight to pfsense WAN port).
From LAN port of pfSense to netgear r7800 WAN port. pfSense makes and maintain openvpn client to PIA.
The netgear router receive than a public IP on its WAN (192.168.x.x), and do all the Nating as before. My LAN remain intact.
Test 2)
I had to give back the pfSense box.
I figure that maybe the issue is how DD-WRT manage the private IP given by the IPS.
So I decided to reproduce the situation with what I had:
linksys wrt1900ac with openwrt installed.
Wirless desabled.
RJ45 cable from fiber optic modem to Linksys WAN port.
From LAN port1 a connection to the Netgear running DD-WRT.
I creted a new port forwarding on openwrt to create a DMZ pointing to LAN port1 (with static IP).
The Netgear (ddwrt) is now in charge of the OpenVPN.
I passed the 2 hours and I have a stable connection.
Conclusions:
if dd-wrt WAN port receive a public ip, it seems to be able to keep a stable openvpn .
Could be MTU issue?
No idea.
I have played with MTU when the Netgear was the only router and still not being able to get the open VPN stable.
I have followed many manual suggestions and people suggestions. Spent hours with PIA support and given many solutions but related to VERY old builds.
Soon I will try MikroTik to do the same as openwrt on my linksys... that because I dont think that linksys wrt1900ac v1 is a stable machine anyway.
I wish dd--wrt will be able to maintain a stability on its openVPN service.
After trying several machine with ddwrt and on different versions... and still having unstable openvpn, I cannot avoid to think that ddwrt is the weaked link at this point.
Probably I will get the rage of many... but better than rage, I love to receive a solution as i really like dd-wrt.
For now, I hope I helped others with this issue:
You need a router in the middle that gives a public IP to the ddwrt with openvpn client and you are set.
Constructive feedback is still welcome... Thanks (BTW for constructive I dont mean criticism... thanks)
[PS UPDATE: my new setup is now running for days with no problems. Even when changing exit servers, it keeps running smoothly]
Kind regards,
Bacco
- Note -
for the record, since there are several discussion about what is a public or private IP, this is my
Legenda:
Private IP: your LAN IP sort of 192.168.x.x
Public IP: is the IP that your ISP assigns to you.
If you like it the other way around, just switch it in your reading.
Hi neonknight77,
No I never changed to router mode. It has implications. But I might going to try.
I still like DD-WRT as a SOHO router (or more likely home router). But I really think I am going to move to pfsense or mikrotik as main router as I can manage way better my network and define my LAN port better.
Useless to mention "it can have a stable openvpn client connection"!!
I will keep the dd-wrt for one of the subnets (home based subnet) for the ease of management.
What did you cancel? the VPN provider? if so, and you need a VPN, you probably better off getting an older router and use it as first router, than the second one makes the VPN connection.
PS
glad to know I am not alone with this issue.
Most of the people already have a router from ISP before the DDWRT and they dont feel the pain (and that is really good for them).
I guess this is why this issue does not get enough attention to be fixed at the source!
