Openvpn client keeps disconnecting from NordVPN

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking
Author Message
foz111
DD-WRT User


Joined: 01 Oct 2017
Posts: 391
Location: Earth

PostPosted: Thu Jan 14, 2021 16:52    Post subject: Openvpn client keeps disconnecting from NordVPN Reply with quote
R7800 r44715 (44719) NordVPN Provider
My OpenVPN client is disconnecting pretty much on the dot every hour, over the last few days i have attempted a few commands to try and stop this from happening to no avail.
What verbosity level should see the cause of this?
or what other commands can i try?
Thanks guys

Current Additional config:
remote-random
tun-mtu-extra 32
mssfix 1450
ping-timer-rem
reneg-sec 0
pull-filter ignore "dhcp-option DNS"
pull-filter ignore "auth-token"
keepalive 10 60

_________________
Netgear R7800
Network IPV4 eth1 - Isolated Vlan eth1.3 on br1 for IoT devices (Amazon Echos, smart TV's, etc.) BT Whole Home Mesh Wi-Fi with Guest Net Isolation. OVPN Server with Paid OVPN client & Wireguard Client.
Gateway, DNSMasq, Static Leases & DHCP. Pi-Hole DNS
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 6928
Location: Netherlands

PostPosted: Fri Jan 15, 2021 10:22    Post subject: Reply with quote
Unfortunately I do not have the magic formula for you.

Hourly disconnections are often due to the key renegotiation, which is default every 3600 sec, but you already have: reneg-sec 0

You are also keeping the conneciton alive wiht keepalive 10 60.

So the disconnections are probably triggered by Nord, wanting to divide traffic between servers, usually behind the URL there are multiple IP addresses, the remote random chooses another one when a disconnection is triggered.

If the disconnection is only briefly then nothing much you can do.

If the tunnel stays down i.e. does not reconnect then the first thing you cna try is add this to Addtitional config:
remap-usr1 SIGHUP

If that does not help use the watchdog script to restart the VPN or reboot the router

Of course sometime using another server does help or you can specify multiple servers in the additional config to try if one does no reconnect.
See page 10 of this guide if you do not know how to do that: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=326414

_________________
Routers:Netgear R7800, R6400v1, R6400v2, Linksys EA8500, EA6900 (XvortexCFE), E2000 (converted WRT320N), WRT54GS v1.
OpenVPN Policy Based Routing: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Wireguard Server setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1183135
Wireguard Client setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324624
Wireguard Advanced setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324787
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
foz111
DD-WRT User


Joined: 01 Oct 2017
Posts: 391
Location: Earth

PostPosted: Fri Jan 15, 2021 11:51    Post subject: Reply with quote
Hi EGC

Thanks again for your help, i removed multiple servers back to a single to try and fix this issue.
I have today set verb 6 to see what is going on as i have tried a lot before posting.
it connects straight back up no issue there but just annoying.
now verb 6 is set i see:
R7800 daemon.notice openvpn[30701]: TLS: tls_process: killed expiring key

_________________
Netgear R7800
Network IPV4 eth1 - Isolated Vlan eth1.3 on br1 for IoT devices (Amazon Echos, smart TV's, etc.) BT Whole Home Mesh Wi-Fi with Guest Net Isolation. OVPN Server with Paid OVPN client & Wireguard Client.
Gateway, DNSMasq, Static Leases & DHCP. Pi-Hole DNS
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 6928
Location: Netherlands

PostPosted: Fri Jan 15, 2021 11:58    Post subject: Reply with quote
You are kicked of because the server let your key expire.

You can try with removing reneg-sec 0

Maybe if you still got the same notification set it under 3600 secs e.g. reneg-sec 3500 so that you renew your key before you are thrown out

_________________
Routers:Netgear R7800, R6400v1, R6400v2, Linksys EA8500, EA6900 (XvortexCFE), E2000 (converted WRT320N), WRT54GS v1.
OpenVPN Policy Based Routing: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Wireguard Server setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1183135
Wireguard Client setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324624
Wireguard Advanced setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324787
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum